Jump to content

Recommended Posts

Ever since the latest update, everything Malwarebytes refuses to work on my computer anymore. 
I am stuck in a loop where my computer asks to be restarted every-time I reinstall the program. (It asks to restart even before the installation progress bar ever moves).
I tried the support tool, and it automatically goes into error. 

I am told that this is due to a virus or a malware, but that is as much help as I got with this problem. 
 

Share this post


Link to post
Share on other sites
Hello marvic_aaronand welcome to Malwarebytes,

Continue with the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Aaron (administrator) on AARON-PC (09-07-2018 11:23:11)
Running from C:\Users\Aaron\Documents
Loaded Profiles: Aaron & Beggar (Available Profiles: Aaron & Beggar)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Garena Online ) C:\Program Files (x86)\Garena\Garena\2.0.1806.2114\gxxsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent Inc.) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\Aaron\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(BitTorrent Inc.) C:\Users\Aaron\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Garena Online ) C:\Program Files (x86)\Garena\Garena\Garena.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8447192 2015-01-28] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6603520 2016-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\System32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-09] (Valve Corporation)
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Run: [uTorrent] => C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-22] (BitTorrent Inc.)
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-23] (Disc Soft Ltd)
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Policies\Explorer\DisallowRun: [1] Mshta.exe
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Policies\Explorer\DisallowRun: [2] powershell.exe
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\Policies\Explorer\DisallowRun: [3] bitsadmin.exe
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\MountPoints2: {451cb077-8616-11e7-a943-d017c298ce9e} - E:\AutoRun.exe
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\MountPoints2: {4fb11a82-4418-11e7-823d-d017c298ce9e} - G:\setup.exe
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\MountPoints2: {601a8477-0271-11e7-bb5a-d017c298ce9e} - E:\setup.exe
HKU\S-1-5-21-3027538698-2638679123-1804865445-1002\...\Run: [Discord] => C:\Users\Beggar\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3027538698-2638679123-1804865445-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3027538698-2638679123-1804865445-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3027538698-2638679123-1804865445-1002\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{446D65E2-767E-4170-9690-84C3F81608A0}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{6BCA0F5C-7C8C-4722-A541-1A508CD9D398}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6BCA0F5C-7C8C-4722-A541-1A508CD9D398}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
HKU\S-1-5-21-3027538698-2638679123-1804865445-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000 -> {C57CC5D8-FE22-4BA9-96E3-5D47F739D716} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-06-16] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-16] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

FireFox:
========
FF DefaultProfile: 6p5r4en8.default
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Firefox\Firefox\Profiles\6p5r4en8.default [2017-02-15] <==== ATTENTION
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome: 
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.youndoo.com/?z=67ccb2b3938b953544cf340gdz2b4meebe6m2m6b4w&from=bcn&uid=WDCXWD10EZEX-00WN4A0_WD-WCC6Y5RNYSTPNYSTP&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://google.com//"
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-07-09] <==== ATTENTION
CHR Extension: (Adobe Acrobat) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default [2018-07-01]
CHR Extension: (Google Slides) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-15]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-15]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-10]
CHR Extension: (Google Sheets) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-15]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-15]
CHR Extension: (Chrome Media Router) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.6RDHIMQEZYTLH4D4532QUWLWUQ - C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-07-23] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6893704 2018-06-26] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-23] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-06-16] (EasyAntiCheat Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GarenaPlatform; C:\Program Files (x86)\Garena\Garena\2.0.1806.2114\gxxsvc.exe [315712 2018-06-21] (Garena Online )
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S2 MBAMIService; C:\ProgramData\MB3Install\MBAMIService.exe [170496 2018-05-29] (Malwarebytes) [File not signed]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-06-22] ()
S2 wiasvc; C:\ProgramData\Microsoft\Windows\Image\capCADF.tmp:ad [212994 ] () [File not signed] <==== ATTENTION <==== ATTENTION
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-12] (Microsoft Corporation)
S3 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671696 2016-12-10] (Wacom Technology, Corp.)
S3 BstHdAndroidSvc; "C:\Program Files (x86)\Bluestacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 MEmusvc; C:\Program Files\Microvirt\MEmu\MemuService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-07-23] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-01-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-01-17] (Disc Soft Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-14] (REALiX(tm))
R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133064 2016-05-28] (BigNox Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [119448 2016-12-06] (Wacom Technology)
R1 XQHDrv; C:\Windows\System32\DRIVERS\XQHDrv.sys [281544 2016-05-28] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [281544 2016-05-28] (BigNox Corporation)
S1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 gkernel; \??\C:\Users\Aaron\AppData\Local\Temp\gkernel.sys [X] <==== ATTENTION
S3 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-09 11:24 - 2018-07-09 11:24 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-07-08 20:07 - 2018-07-08 20:07 - 000000000 ____D C:\Users\Aaron\AppData\Local\BattlEye
2018-07-08 11:14 - 2018-07-08 11:14 - 000858912 _____ (Malwarebytes) C:\Users\Aaron\Documents\mb-clean-3.1.0.1035.exe
2018-07-08 11:07 - 2018-07-08 11:11 - 073182192 _____ (Malwarebytes ) C:\Users\Aaron\Documents\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5807.exe
2018-07-04 07:06 - 2018-07-04 07:06 - 000390647 _____ C:\Users\Aaron\Desktop\MRP-MAJOR-CHEM-2013-19749-PAPER.pdf
2018-07-04 06:34 - 2018-07-08 09:57 - 000000000 ____D C:\Users\Aaron\AppData\LocalLow\uTorrent
2018-07-01 20:49 - 2018-07-08 09:57 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-07-01 20:49 - 2018-07-01 21:04 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-07-01 20:49 - 2018-07-01 20:49 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-07-01 20:49 - 2018-07-01 20:49 - 000001343 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-07-01 20:49 - 2018-07-01 20:49 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-07-01 20:49 - 2018-07-01 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-07-01 20:49 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-07-01 20:43 - 2018-07-01 20:48 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Aaron\Documents\spybotsd-2.7.64.0.exe
2018-07-01 20:30 - 2018-07-01 20:35 - 000002832 _____ C:\mbstart.cmd
2018-07-01 20:29 - 2018-07-01 20:29 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Aaron\Documents\mbar-1.10.3.1001.exe
2018-07-01 20:29 - 2018-07-01 20:29 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-07-01 20:08 - 2018-07-01 20:14 - 076534856 _____ (Malwarebytes ) C:\Users\Aaron\Documents\malwarebytes-anti-malware-3-5-1-2522.exe
2018-07-01 20:08 - 2018-07-01 20:13 - 071942408 _____ (Malwarebytes ) C:\Users\Aaron\Documents\malwarebytes-anti-malware-3-4-5-2467.exe
2018-07-01 12:07 - 2018-07-01 12:07 - 004121208 _____ C:\Users\Aaron\Documents\mb-support-1.1.2.471 (2).exe
2018-07-01 11:59 - 2018-07-01 11:59 - 002326304 _____ (Malwarebytes Corporation) C:\Users\Aaron\Documents\mb-check-3.1.10.1000 (1).exe
2018-07-01 11:59 - 2018-07-01 11:59 - 000056575 _____ C:\Users\Aaron\Desktop\mb-check-results.zip
2018-07-01 11:41 - 2018-07-09 11:23 - 000000000 ____D C:\FRST
2018-07-01 11:41 - 2018-07-01 11:41 - 002412544 _____ (Farbar) C:\Users\Aaron\Documents\FRST64.exe
2018-07-01 11:40 - 2018-07-01 11:40 - 001773056 _____ (Farbar) C:\Users\Aaron\Documents\FRST.exe
2018-07-01 11:34 - 2018-07-09 11:23 - 000022023 _____ C:\Users\Aaron\Documents\FRST.txt
2018-07-01 11:34 - 2018-07-01 11:49 - 000109097 _____ C:\Users\Aaron\Documents\Addition.txt
2018-07-01 11:29 - 2018-07-01 11:31 - 072740872 _____ (Malwarebytes ) C:\Users\Aaron\Documents\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5695 (3).exe
2018-07-01 11:28 - 2018-07-01 11:28 - 002326304 _____ (Malwarebytes Corporation) C:\Users\Aaron\Documents\mb-check-3.1.10.1000.exe
2018-07-01 11:23 - 2018-07-01 11:25 - 072740872 _____ (Malwarebytes ) C:\Users\Aaron\Documents\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5695 (2).exe
2018-07-01 11:18 - 2018-07-01 11:18 - 004121208 _____ C:\Users\Aaron\Documents\mb-support-1.1.2.471 (1).exe
2018-07-01 10:58 - 2018-07-01 10:58 - 000000000 ____D C:\ProgramData\MB3Install
2018-07-01 10:48 - 2018-07-08 11:06 - 002413568 _____ (Farbar) C:\Users\Aaron\Downloads\FRSTEnglish.exe
2018-07-01 10:47 - 2018-07-01 10:47 - 004121208 _____ C:\Users\Aaron\Documents\mb-support-1.1.2.471.exe
2018-07-01 10:38 - 2018-07-01 10:40 - 072740872 _____ (Malwarebytes ) C:\Users\Aaron\Documents\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5695 (1).exe
2018-07-01 10:10 - 2018-07-01 10:15 - 072740872 _____ (Malwarebytes ) C:\Users\Aaron\Documents\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5695.exe
2018-07-01 09:39 - 2018-07-01 09:39 - 000000000 ____D C:\ProgramData\MB3Migration
2018-07-01 09:39 - 2018-07-01 09:39 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2018-06-29 19:48 - 2018-06-29 19:50 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\SCP Secret Laboratory
2018-06-29 19:48 - 2018-06-29 19:48 - 000000000 ____D C:\Users\Aaron\AppData\LocalLow\Hubert Moszka
2018-06-29 19:44 - 2018-06-29 20:00 - 000000000 ____D C:\8e240c887f23ec9630f895c603471b
2018-06-29 19:09 - 2018-06-29 19:09 - 000000222 _____ C:\Users\Aaron\Desktop\SCP Secret Laboratory.url
2018-06-27 19:35 - 2018-06-27 19:35 - 000001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-06-27 19:35 - 2018-06-27 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-27 19:35 - 2018-06-27 19:35 - 000000000 ____D C:\Program Files\iPod
2018-06-27 19:34 - 2018-06-27 19:35 - 000000000 ____D C:\Program Files\iTunes
2018-06-27 19:33 - 2018-06-27 19:33 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-06-27 19:33 - 2018-06-27 19:33 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-06-27 19:18 - 2018-06-27 19:29 - 272259912 _____ (Apple Inc.) C:\Users\Aaron\Desktop\iTunes64Setup.exe
2018-06-27 18:18 - 2018-07-08 09:56 - 000000458 _____ C:\Windows\Tasks\gxx speed launcher.job
2018-06-26 23:30 - 2018-06-26 23:30 - 001119857 _____ C:\Users\Aaron\Desktop\kekerino.ai
2018-06-24 16:41 - 2018-06-27 00:34 - 001106262 _____ C:\Users\Aaron\Desktop\asdasdasda.ai
2018-06-24 03:57 - 2018-06-24 03:58 - 008648017 _____ C:\Users\Aaron\Desktop\La_Torre_Thesis_Final.pdf
2018-06-23 19:54 - 2018-06-23 19:54 - 000027687 _____ C:\Users\Aaron\Desktop\Trolls (2016) [720p] [YTS.GG].torrent
2018-06-22 19:03 - 2018-06-22 19:03 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2018-06-22 19:02 - 2018-06-22 19:02 - 000000851 _____ C:\Users\Aaron\Desktop\µTorrent.lnk
2018-06-22 19:02 - 2018-06-22 19:02 - 000000831 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-06-22 19:02 - 2018-06-22 19:02 - 000000000 ____D C:\ProgramData\Lavasoft
2018-06-17 19:31 - 2018-06-17 19:31 - 000333202 _____ C:\Users\Aaron\Desktop\USERMANUAL.pdf
2018-06-17 19:14 - 2018-06-17 19:14 - 000338501 _____ C:\Users\Aaron\USERMANUAL.pdf
2018-06-17 12:41 - 2018-06-17 12:41 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\EasyAntiCheat
2018-06-17 12:41 - 2018-06-17 12:41 - 000000000 ____D C:\ProgramData\For Honor Data
2018-06-17 12:40 - 2018-06-17 12:41 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-06-17 01:45 - 2018-06-17 02:33 - 000000000 ____D C:\Users\Aaron\Desktop\Jazmin
2018-06-17 01:35 - 2018-06-17 02:33 - 000000000 ____D C:\Users\Aaron\Desktop\Pics
2018-06-17 01:35 - 2018-06-17 01:40 - 000000000 ____D C:\Users\Aaron\Desktop\US PICS
2018-06-16 20:55 - 2018-06-16 20:55 - 000421945 _____ C:\Users\Aaron\Desktop\CleverBoard Writing Tablet.pdf
2018-06-16 14:33 - 2018-06-17 19:29 - 004243456 _____ C:\Users\Aaron\KEK.indd
2018-06-16 14:18 - 2018-06-17 19:29 - 000000000 ____D C:\Users\Aaron\Desktop\PhoneFiles
2018-06-16 14:16 - 2018-06-16 14:17 - 000000000 ____D C:\Users\Aaron\Desktop\Newsweek
2018-06-16 13:29 - 2018-06-16 13:35 - 000000000 ____D C:\Program Files\Recuva
2018-06-16 13:29 - 2018-06-16 13:29 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-06-16 13:29 - 2018-06-16 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-06-16 13:27 - 2018-06-16 13:27 - 005562976 _____ (Piriform Ltd) C:\Users\Aaron\Desktop\rcsetup153.exe
2018-06-16 11:39 - 2018-06-16 11:39 - 000000233 _____ C:\Users\Aaron\Desktop\For Honor.url
2018-06-16 11:09 - 2018-06-17 12:58 - 000000000 ____D C:\Users\Aaron\AppData\Local\Ubisoft Game Launcher
2018-06-16 11:09 - 2018-06-16 11:09 - 000001165 _____ C:\Users\Aaron\Desktop\Uplay.lnk
2018-06-16 11:09 - 2018-06-16 11:09 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-06-16 11:09 - 2018-06-16 11:09 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2018-06-16 11:04 - 2018-06-16 11:07 - 073979080 _____ (Ubisoft) C:\Users\Aaron\Desktop\UplayInstaller.exe
2018-06-15 14:07 - 2018-06-15 14:08 - 000000000 ____D C:\Users\Aaron\New folder
2018-06-15 13:29 - 2018-06-15 13:29 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-06-15 13:27 - 2018-06-15 13:27 - 000001029 _____ C:\Users\Public\Desktop\EaseUS Data Recovery Wizard.lnk
2018-06-15 13:27 - 2018-06-15 13:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard
2018-06-15 13:27 - 2018-06-15 13:27 - 000000000 ____D C:\Program Files\EaseUS
2018-06-15 13:22 - 2018-06-15 13:26 - 041902824 _____ (EaseUS ) C:\Users\Aaron\Desktop\drw_free.exe
2018-06-15 12:45 - 2018-06-15 12:45 - 000000000 __SHD C:\[Smad-Cage]
2018-06-15 12:45 - 2018-06-15 12:45 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\Smadav
2018-06-15 12:44 - 2018-06-15 13:24 - 000000000 ____D C:\Program Files (x86)\SMADAV
2018-06-14 15:20 - 2018-06-14 15:20 - 000009988 _____ C:\Users\Aaron\Documents\Yiz.wlmp
2018-06-14 01:25 - 2018-06-14 01:26 - 1628561541 _____ C:\Users\Aaron\Desktop\WolfGirlWithYou.rar
2018-06-14 00:29 - 2018-06-14 12:39 - 000000000 ____D C:\Users\Aaron\Desktop\cleto reyes
2018-06-13 16:29 - 2018-06-13 16:30 - 000000000 ____D C:\Users\Aaron\Desktop\temporarily important
2018-06-13 00:27 - 2018-06-13 00:27 - 000000000 ____D C:\Users\Aaron\Desktop\LE7_SAN JOSE
2018-06-13 00:04 - 2018-06-13 00:19 - 003648508 _____ C:\Users\Aaron\Desktop\LE03_SAN JOSE.zip
2018-06-12 23:14 - 2018-06-12 23:14 - 000000000 ____D C:\Users\Aaron\Desktop\LE03_SAN JOSE
2018-06-12 22:52 - 2018-06-12 22:52 - 000404981 _____ C:\Users\Aaron\Desktop\LE6_SanJose.zip
2018-06-12 22:32 - 2018-06-12 22:32 - 000000000 ____D C:\Users\Aaron\Desktop\LE6_SanJose
2018-06-12 01:35 - 2018-06-12 01:35 - 005791744 _____ C:\Users\Aaron\Desktop\Trine.sai
2018-06-09 12:37 - 2018-06-09 12:37 - 000488537 _____ C:\Users\Aaron\Desktop\BlazBlue.Centralfiction.Steamworks.Fix.V2-REVOLT.rar
2018-06-09 12:28 - 2018-07-01 10:16 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\Talisman
2018-06-09 12:28 - 2018-06-09 12:28 - 000000000 ____D C:\Users\Aaron\AppData\Local\SKIDROW
2018-06-09 12:23 - 2018-06-09 12:23 - 000089168 _____ C:\Users\Aaron\Desktop\REVOLT.Fix.Downloader.rar
2018-06-09 02:33 - 2018-06-09 02:33 - 000000000 ____D C:\Users\Aaron\AppData\Local\sgzh
2018-06-09 02:33 - 2018-06-09 02:33 - 000000000 ____D C:\Users\Aaron\AppData\Local\SG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-09 11:19 - 2016-09-28 21:13 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\uTorrent
2018-07-09 09:57 - 2009-07-14 12:45 - 000032480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-09 09:57 - 2009-07-14 12:45 - 000032480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-09 02:00 - 2016-11-16 23:02 - 000000000 ____D C:\Users\Aaron\AppData\Local\Adobe
2018-07-08 21:35 - 2016-09-25 13:01 - 000000000 ____D C:\Program Files (x86)\Steam
2018-07-08 16:39 - 2018-06-08 22:49 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\CC
2018-07-08 13:35 - 2016-12-14 23:15 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\vlc
2018-07-08 10:01 - 2017-03-16 10:14 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-07-08 09:59 - 2017-02-14 22:35 - 000000056 _____ C:\Users\Public\Documents\temp.dat
2018-07-08 09:56 - 2016-10-28 01:20 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-07-08 09:56 - 2009-07-14 13:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-06 23:36 - 2018-06-05 22:14 - 000000000 ____D C:\ros
2018-07-01 10:43 - 2016-09-14 23:58 - 000000000 ____D C:\Windows\system32\Drivers\NSx64
2018-07-01 10:29 - 2016-07-09 00:08 - 000000000 ____D C:\Users\Aaron
2018-06-30 19:26 - 2017-02-19 23:19 - 000006140 _____ C:\Windows\system32\PerfStringBackup.TMP
2018-06-30 19:26 - 2009-07-14 11:20 - 000000000 ____D C:\Windows\inf
2018-06-29 19:09 - 2016-09-26 01:25 - 000000000 ____D C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-06-27 19:33 - 2017-07-01 08:59 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-06-27 18:30 - 2017-06-02 23:05 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-27 18:30 - 2017-06-02 23:05 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-26 23:22 - 2018-04-12 00:53 - 000003412 _____ C:\Windows\System32\Tasks\gxx speed launcher
2018-06-24 23:36 - 2016-12-27 21:23 - 000000000 ____D C:\Users\Aaron\Desktop\RWBY
2018-06-24 16:44 - 2017-01-17 22:24 - 000000000 ____D C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
2018-06-22 23:59 - 2017-03-21 23:13 - 000000000 ____D C:\Users\Aaron\Documents\Visual Studio 2013
2018-06-17 13:02 - 2016-10-19 22:24 - 000000000 ____D C:\Program Files\Java
2018-06-17 12:41 - 2016-07-09 00:26 - 000000000 ____D C:\Users\Aaron\Documents\My Games
2018-06-16 01:43 - 2017-02-19 23:13 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2018-06-16 01:20 - 2016-10-19 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-06-16 01:20 - 2016-10-19 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2018-06-16 01:18 - 2016-10-19 22:25 - 000111048 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-06-16 01:09 - 2016-10-14 22:04 - 000000000 ____D C:\Program Files\Nexus Mod Manager
2018-06-16 00:04 - 2017-07-18 00:56 - 000000000 ____D C:\Program Files (x86)\TSEV Skyrim LE
2018-06-15 12:57 - 2016-07-09 00:28 - 000150200 _____ C:\Users\Aaron\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-15 12:56 - 2009-07-14 12:45 - 005201112 _____ C:\Windows\system32\FNTCACHE.DAT
2018-06-15 12:03 - 2009-07-14 13:08 - 000032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-06-13 00:49 - 2018-05-18 02:16 - 001107626 _____ C:\Users\Aaron\Documents\MAS INNOVATION.pptx
2018-06-12 01:35 - 2018-04-12 12:13 - 000000000 ____D C:\Users\Aaron\Desktop\Art

==================== Files in the root of some directories =======

2016-09-23 21:11 - 2016-09-23 21:11 - 000000259 _____ () C:\ProgramData\fontcacheev1.dat
2017-03-07 01:58 - 2017-03-07 01:58 - 000000000 _____ () C:\Program Files (x86)\metadata
2017-03-07 01:58 - 2017-04-27 23:11 - 000000040 _____ () C:\Program Files (x86)\settings.dat
2017-02-14 01:31 - 2017-02-14 01:31 - 000140288 _____ () C:\Users\Aaron\AppData\Roaming\Installer.dat
2016-12-07 22:06 - 2016-12-07 22:06 - 000045270 _____ () C:\Users\Aaron\AppData\Roaming\room_v3.dat
2018-05-13 21:23 - 2018-05-25 06:26 - 000003584 _____ () C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-01-08 14:54 - 2018-01-08 14:54 - 000007605 _____ () C:\Users\Aaron\AppData\Local\Resmon.ResmonCfg
2016-12-14 22:39 - 2016-11-23 21:37 - 000000570 _____ () C:\Users\Aaron\AppData\Local\TroubleshooterConfig.json

Some files in TEMP:
====================
2018-07-08 20:08 - 2018-07-08 20:08 - 000000180 _____ () C:\Users\Aaron\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2018-07-08 20:08 - 2018-07-08 20:08 - 000000020 _____ () C:\Users\Aaron\AppData\Local\Temp\8d0c0e06b2de1beceea023e01e095b57.dll
2018-07-08 11:12 - 2018-07-07 04:01 - 000858912 _____ (Malwarebytes) C:\Users\Aaron\AppData\Local\Temp\mb-clean.exe
2018-07-08 11:12 - 2018-07-08 11:11 - 073182192 _____ (Malwarebytes                                                ) C:\Users\Aaron\AppData\Local\Temp\mb3-setup-consumer-3.5.1.2522-1.0.374-1.0.5807.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-07 22:34

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Aaron (09-07-2018 11:24:21)
Running from C:\Users\Aaron\Documents
Windows 7 Ultimate Service Pack 1 (X64) (2016-07-08 22:34:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Aaron (S-1-5-21-3027538698-2638679123-1804865445-1000 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-3027538698-2638679123-1804865445-500 - Administrator - Disabled)
Beggar (S-1-5-21-3027538698-2638679123-1804865445-1002 - Limited - Enabled) => C:\Users\Beggar
Guest (S-1-5-21-3027538698-2638679123-1804865445-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3027538698-2638679123-1804865445-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM-x32\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (32 Bit) (HKLM-x32\...\{2614BC86-757D-4293-9E25-E4E16F370A9E}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
ALTools Update (HKLM-x32\...\ALUpdate_is1) (Version: v11.4 - ESTsoft Corp.)
ALZip 8.51 (HKLM-x32\...\ALZip_is1) (Version: v8.51 - ESTsoft Corp.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0000-0102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0409-2102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (HKLM\...\{5783F2D7-D001-0409-1102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Maya 2014 (HKLM\...\{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}) (Version: 16.0.0.0 - Autodesk) Hidden
Autodesk Maya 2014 (HKLM\...\Autodesk Maya 2014) (Version: 16.0.0.0 - Autodesk)
Autodesk Maya 2014 English Documentation (HKLM-x32\...\{87A17A98-3D20-4926-AB62-6DBF47128460}) (Version: 16.0.0.0 - Autodesk)
Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.11.0 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap Language Pack-English (HKLM\...\{31ABA3F2-0010-1033-0102-111D43815377}) (Version: 1.0.43.13 - Autodesk) Hidden
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (HKLM-x32\...\{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{B16E9589-7E9F-DC0B-1B19-F898AE5A7C47}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E4551776-E23C-B5BE-1124-91643E733A2E}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{013256F8-F40D-07D5-681C-6EA5BF5B7594}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{9FD0E0C9-9E88-A306-4BA3-41BC479446C8}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1AFE5198-B1F8-F438-4553-BE0CF99911A8}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{BF07E05D-3D7C-6E4E-3843-DFE6D9FFACC8}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{87B2419A-F615-AD3A-3521-FFE0C4FE37DF}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{77D6A6E7-4771-44F5-EC4D-24D6AD296BE9}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{0BA5C068-FA0D-7C39-E185-1FE9AD8C9A98}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{511FBA3E-FA09-BA46-22EE-50432AE3CEEE}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{F8E2FEC7-85F0-3AF4-8E73-44E959167018}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{5E0FB053-0AE7-5466-E972-551F7BE9E1B7}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{DBAE36A4-F2D8-F405-FB92-57C7BC546EC5}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7559603B-C973-C9A4-F645-21AC07D7B74F}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{61C87839-E54E-F438-AF30-A8F4F451C4FA}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{614564F1-EC98-B820-E420-C400CA605A57}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F92DEA29-82F9-F1F1-E8A6-113CE36EEF64}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{0A330707-8720-CBD4-EE4C-DE4E2F1DC95C}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{F391790D-F08F-F4B5-77CD-668EBC078B1A}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{F08A0BBC-9335-1BA0-79A9-732113E9DF1C}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{86F718E7-6AFB-1DFB-219E-AF7752F91C4E}) (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 2.1.0.3 - GOG.com)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Discord (HKU\S-1-5-21-3027538698-2638679123-1804865445-1002\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.5.0.12 - GOG.com)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.11 - Electronic Arts)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Far Cry 4 (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
ForHonor (HKLM-x32\...\Uplay Install 569) (Version:  - Ubisoft)
Garena - League of Legends (HKLM-x32\...\LoLPH) (Version:  - Garena Online Pte Ltd.)
Garena (remove only) (HKLM-x32\...\gxx) (Version: 2.0.1806.2114 - Garena)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iExplorer (HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\2ee35ebaf226322a) (Version: 4.1.7.0 - Macroplant LLC)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
JavaScript Tooling (HKLM\...\{2044FC4C-4EA3-4113-BC1E-962DF568D201}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Killing Floor 2 (HKLM-x32\...\Killing Floor 2_is1) (Version:  - )
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
LOOT version 0.12.5 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.12.5 - LOOT Team)
MediBang Paint Pro 10.2 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 10.2 - Medibang)
mental ray renderer for Autodesk Maya 2014 (HKLM\...\{AD061F19-1A27-4415-A8FE-A2FDF1E8BACB}) (Version: 13.0.1.0 - mental ray)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual Basic Power Packs 3.0 (HKLM-x32\...\{7B4D193B-D76D-308B-8B12-5D9BB1CBCE6C}) (Version: 9.0.30214 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{1332237f-35bb-462a-b1bb-3c3cc95e2909}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.27.00.238 - Huawei Technologies Co.,Ltd)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.1 - Notepad++ Team)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.3.0 - Duodian Technology Co. Ltd.)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{1719244a-5aef-42c5-8829-8645277b7db8}) (Version: latest - ppy Pty Ltd)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pepakura Viewer 3 (HKLM-x32\...\pepakura_viewer3en) (Version:  - TamaSoftware)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (HKLM-x32\...\{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}) (Version: 1.1 - Microsoft Corporation) Hidden
Quest 5.6.3 (HKLM-x32\...\Quest_is1) (Version: 5.6.3 - Alex Warren)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7443 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rules of Survival version 1.164534.165216 (HKLM-x32\...\{F560482D-4378-4FB8-8EB7-4F017FDBCC90}_is1) (Version: 1.164534.165216 - Hong Kong Netease Interactive Entertainment Limited)
SharePoint Client Components (HKLM\...\{95150001-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SocketPunch (HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\{socketpunch}}_is1) (Version: 1.0 - Edgar)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 61.0 - Ubisoft)
VA-11 Hall-A - Cyberpunk Bartender Action (HKLM-x32\...\2074961301_is1) (Version: 2.0.0.2 - GOG.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.19-3 - Wacom Technology Corp.)
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - BigNox Corporation XQHDrv System  (05/27/2016 4.3.12) (HKLM\...\94C2625000FDEC5DD549EADDF8698D48672C3037) (Version: 05/27/2016 4.3.12 - BigNox Corporation)
Windows Driver Package - Oracle Corporation (VBoxUSB) USB  (05/27/2016 4.3.12) (HKLM\...\9B8A57D7ECC2B5D3115B5A1361FAE29AC92E355B) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Windows Driver Package - Oracle Corporation VBoxUSBMon System  (05/27/2016 4.3.12) (HKLM\...\2B96D1320C797F081985B7C1EA9A2DABAC2644BF) (Version: 05/27/2016 4.3.12 - Oracle Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.50 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.4 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{199C6892-5DED-409B-88B2-3BE6421552B2}) (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{E1F79421-EC32-437F-8525-ABE902C85AC5}) (Version: 2.0.30725.1 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => C:\Program Files\ソ・ケ\X64\KZipShell.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-02-08] (Autodesk)
ContextMenuHandlers1: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2013-01-31] (ESTsoft Corp.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-10-16] ()
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => C:\Program Files\ソ・ケ\X64\KZipShell.dll -> No File
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-30] (Alexander Roshal)
ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => C:\Program Files\ソ・ケ\X64\KZipShell.dll -> No File
ContextMenuHandlers2: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2013-01-31] (ESTsoft Corp.)
ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => C:\Program Files\ソ・ケ\X64\KZipShell.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2013-01-31] (ESTsoft Corp.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-06-02] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2013-01-31] (ESTsoft Corp.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2013-01-31] (ESTsoft Corp.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-06-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-06-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1714DBB2-8C1F-4E66-A4FF-5ACF374808CB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {19A1355A-22C1-4039-BFF6-D53D364B8F47} - \Driver Booster SkipUAC (Aaron) -> No File <==== ATTENTION
Task: {1DD47202-C0C0-4D79-8953-F9FE2142F72A} - System32\Tasks\gxx speed launcher => C:\Program Files (x86)\Garena\Garena\Garena.exe [2018-06-21] (Garena Online )
Task: {32E2AFA6-9BA7-44A8-95F2-AB5EB33508E4} - System32\Tasks\{1B3FE031-8204-4704-BE73-37C77C408A2D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Aaron\.android\Sai\PaintTool SAI 1.0.1 Crack Full Work 100%\sai-eng-pack-1.1.0.exe" -d "C:\Users\Aaron\.android\Sai\PaintTool SAI 1.0.1 Crack Full Work 100%"
Task: {4493A2F2-673A-450A-A284-C6ED5189B15E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {4DF865A5-47BE-4A97-B028-E991DB69401E} - System32\Tasks\{826F73A7-7CDE-4DB7-B03C-37BDBD5461A7} => C:\Users\Aaron\Desktop\Fallout 4\Fallout4Launcher.exe
Task: {50D2E7FB-5291-405D-9948-7EA291DFB67E} - System32\Tasks\{8E0B250B-20D7-45FE-8E98-5D99AE761F6E} => C:\Users\Aaron\Desktop\Fallout 4\Fallout4Launcher.exe
Task: {55AEE9E0-4BF2-449F-BD2E-A716C09E60C7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {90E73C69-41AE-4221-8A5A-8CCE17367019} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {927FF962-38F7-4CF8-8088-D575737E8E09} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-06-02] (Advanced Micro Devices, Inc.)
Task: {971949C7-9564-430A-A59B-C7CC60279DD3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {AAA3DBCF-59BE-4A3C-9B07-0A937DA43352} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {B15FF8A7-429B-4F5A-A6A9-168C8243EFDE} - \Drejach -> No File <==== ATTENTION
Task: {B170C7B5-71EC-49C9-B54E-BE07D5EB6B8A} - System32\Tasks\{70ECC361-A9EA-475D-BF54-8BFC61A9DBC2} => C:\Users\Aaron\Desktop\Fallout 4\Fallout4Launcher.exe
Task: {B62D821E-F4FA-491F-95E4-76FF7E325382} - System32\Tasks\AdobeGCInvoker-1.0-Aaron-PC-Aaron => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {D108933C-910E-41C7-B110-4BDDFA9AAFD2} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {D9B14C1D-25FE-4EC9-B2E1-8264EB54EA52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-02] (Google Inc.)
Task: {DBC357CF-D534-475D-BF2C-82222121E88D} - System32\Tasks\{541C5077-EEA3-42C0-B9CC-3C9FEFAD44B6} => C:\Windows\system32\pcalua.exe -a E:\32bit_Win7_Win8_Win81_Win10_R279.exe -d E:\
Task: {EC8277B6-2977-446A-9E18-4A1E07FD7731} - \Adobe Flash Player PPAPI Notifier -> No File <==== ATTENTION
Task: {EE731720-81F7-480C-8EC2-7012F93264E5} - System32\Tasks\AdobeAAMUpdater-1.0-Aaron-PC-Aaron => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {F092809B-5924-4771-B6D0-C28B9AB34B96} - System32\Tasks\{5C00187B-44AA-461C-B240-B244B68ABB45} => C:\Windows\system32\pcalua.exe -a "C:\Users\Aaron\Desktop\Divinity - Original Sin Enhanced Edition\language_setup.exe" -d "C:\Users\Aaron\Desktop\Divinity - Original Sin Enhanced Edition"
Task: {F0D82394-AC4D-46CE-BF43-F346E9B0F8B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {F576C9C1-111F-4CBC-8DD8-48ACF03AC935} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\gxx speed launcher.job => C:\Program Files (x86)\Garena\Garena\Garena.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Aaron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-14 23:47 - 2014-07-23 09:59 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-09-14 23:47 - 2014-07-23 09:59 - 001360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2017-08-21 11:18 - 2015-09-23 10:24 - 000242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2018-06-22 19:03 - 2018-06-22 19:03 - 000025704 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-06-22 19:03 - 2018-06-22 19:03 - 000017512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-06-22 19:03 - 2018-06-22 19:03 - 000037480 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2016-10-16 09:19 - 2016-10-16 09:19 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-06-27 18:30 - 2018-06-23 03:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-27 18:30 - 2018-06-23 03:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2017-10-13 14:46 - 2017-10-13 14:46 - 000266424 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1806.2114\libprotobuf-lite.dll
2018-06-21 15:15 - 2018-06-21 15:15 - 001442624 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1806.2114\libs\gxx_pipe_engine.dll
2018-06-21 15:15 - 2018-06-21 15:15 - 002206528 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1806.2114\libs\FSFileSytem.dll
2017-06-09 18:56 - 2017-06-09 18:56 - 002385448 _____ () C:\Program Files (x86)\Garena\Garena\2.0.1806.2114\gacode.dll
2016-09-14 23:47 - 2018-07-08 09:56 - 000025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-09-14 23:47 - 2014-07-23 09:59 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-06-03 04:31 - 2016-06-03 04:31 - 000223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-09-25 13:09 - 2018-06-09 05:38 - 000788256 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-09-25 13:09 - 2018-06-09 05:42 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-09-25 13:09 - 2018-06-09 05:40 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-09-25 13:09 - 2018-06-09 05:40 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-09-25 13:09 - 2018-06-09 07:39 - 002632992 _____ () C:\Program Files (x86)\Steam\video.dll
2017-12-14 16:22 - 2018-06-09 05:40 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2017-12-14 16:22 - 2018-06-09 05:40 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2017-12-14 16:22 - 2018-06-09 05:40 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2017-12-14 16:22 - 2018-06-09 05:40 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2017-12-14 16:22 - 2018-06-09 05:40 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2016-09-25 13:09 - 2018-06-09 07:38 - 000979744 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-09-25 13:09 - 2018-06-09 05:40 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-06-09 01:05 - 2018-06-09 05:39 - 000788256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-14 01:34 - 2018-06-09 05:39 - 083524384 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-09-25 13:09 - 2018-06-09 05:42 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-07-13 22:43 - 2018-06-09 05:39 - 002253600 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-13 22:43 - 2018-06-09 05:39 - 000109856 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll
2018-07-01 20:49 - 2018-02-05 16:57 - 000436016 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Aaron:Heroes & Generals [38]
AlternateDataStreams: C:\Users\Beggar:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3027538698-2638679123-1804865445-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3027538698-2638679123-1804865445-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{20C31780-18D3-42FE-BEAA-AE462F7543FC}C:\users\aaron\desktop\2k games\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe] => (Allow) C:\users\aaron\desktop\2k games\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe
FirewallRules: [UDP Query User{486889AF-898E-4378-B772-5FDB7B806E67}C:\users\aaron\desktop\2k games\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe] => (Allow) C:\users\aaron\desktop\2k games\xcom enemy unknown complete edition\binaries\win32\xcomgame.exe
FirewallRules: [TCP Query User{4B4691FE-DAEA-4904-BEB6-99F7B9268791}C:\users\aaron\downloads\lolinstaller.exe] => (Allow) C:\users\aaron\downloads\lolinstaller.exe
FirewallRules: [UDP Query User{485BF83E-B03B-4529-A1EE-9131C4EFA888}C:\users\aaron\downloads\lolinstaller.exe] => (Allow) C:\users\aaron\downloads\lolinstaller.exe
FirewallRules: [{EAF8C233-63B3-41A7-B3B1-2138671220EA}] => (Allow) LPort=8370
FirewallRules: [{2647FC50-0BCD-482B-85EA-7F72D5A088CE}] => (Allow) LPort=8370
FirewallRules: [{F0B96B2C-4E8D-487A-B6A9-F79B1FCA38A4}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{31421C52-566A-44E9-964F-814142AEA6D2}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{D65FE13C-1E01-479D-BD22-6B23BEA48D1A}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{137AA2BD-13D1-4345-9973-63C21B421BFE}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [TCP Query User{6BCD0CDF-9345-4073-8654-F54FE5264D39}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{C2C398B8-1C06-4539-9251-A89EFA8A9704}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [TCP Query User{AAF5CA95-46B5-4BEC-B4E0-47EBF0625BE1}C:\users\aaron\desktop\glimpse\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) C:\users\aaron\desktop\glimpse\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{341894F8-C3A1-4B73-83B8-BD532468C80C}C:\users\aaron\desktop\glimpse\glimpsegame\binaries\win64\glimpsegame.exe] => (Allow) C:\users\aaron\desktop\glimpse\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [TCP Query User{C01E2C89-42C8-48F1-8962-5F404594CA19}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{CB83F655-951B-4773-AB0B-58D9AE972191}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Block) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{6E47A0FD-210B-4445-8425-8B2FB81391DF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9B3C5B3-FAE5-47D2-B281-B180E3BD7779}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FC27BECB-BD31-4B13-8EE3-0359AE869F9A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DDA213B0-779D-426B-9C90-F67CB9E6BC16}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0B974ED8-A45B-40FC-9BEB-D7C454FF8256}] => (Allow) LPort=50248
FirewallRules: [{A6C3C96D-87D1-4780-A4A4-31A7D609452D}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{788C1092-D851-444C-918B-81988145BF7C}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27AE44FA-C857-4C1D-990D-A9188E9B25A0}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EA7B82AD-E067-4927-9DE9-F76B21129CDB}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D00B69E3-6E16-4F23-9444-3473EDEA42EF}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7A1BCB46-695C-47AA-94A3-5DD28903B192}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9D94679B-E40C-4FB8-B00E-B4486710D640}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{01A59962-36C1-4523-8A53-D120913CDE79}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [TCP Query User{B878CF48-1198-427C-B9B0-908F68F88323}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [UDP Query User{7075F72C-26CD-4024-82A7-EF7818EBC2D8}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [TCP Query User{51A8C834-7419-4226-BB93-BE2E1677503F}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [UDP Query User{ED0B1797-03AA-48DE-B2E9-870FD858936A}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe
FirewallRules: [TCP Query User{6CD1FB58-2C10-449B-8775-A452E1FDD2C5}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{7EFDE6D7-A643-458D-A56B-448C8951484E}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{C0E1C216-A9B1-4811-B91B-4D94863C8FC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{96610B8F-853E-49C5-ACBB-467E47A01296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB4B55B8-33DD-44FB-9B34-4C61318DB154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7F252A8-8A0E-4091-94BF-D330DB39C6F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42E5BCFF-409F-48D6-BC61-88796B54ADEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0FBD62D5-C1A7-4F89-BA95-300D22836B2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2E348DE-AAE4-42C6-B6B5-E9A253490E3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CF24D515-8D55-45F7-BE6E-0DDEB9A4F7B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C33797E6-6A5A-489A-919D-81692F418983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E940C96B-CCF6-4FA3-8877-0EAE57292BB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{526B3B93-BDE9-41BB-BF4A-E02A436CC0B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{37AFE5E5-87CA-46A4-ACF2-DB89CCCF2A04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{61570EB0-C2C1-415B-90FF-8F04CA2533A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9CBBE3E8-0833-4144-9825-41E5A8187EB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3A279C1F-1BDF-4AF4-85DB-E9C6F14C3EE2}] => (Allow) LPort=6926
FirewallRules: [{C5A95A81-8DF4-41A6-B89B-16CD3053E820}] => (Allow) LPort=6926
FirewallRules: [{9A208D54-7DD2-4349-B251-3DCA2BCDB5F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{07D9172F-2312-46C8-BE3D-888CFE181C23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{3313E802-1EC5-4746-887E-D87A69B219FC}] => (Allow) LPort=6971
FirewallRules: [{48E939B3-FC2E-4878-A253-ED2569A1626C}] => (Allow) LPort=6971
FirewallRules: [{D9DCE247-B49D-4DC8-9E2B-93EA9BC7D94B}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [{B43B402E-6AD8-4747-96CB-2FB5203CC586}] => (Allow) LPort=6906
FirewallRules: [{CAC9102A-4385-42C0-BA7D-25C5B693F404}] => (Allow) LPort=6906
FirewallRules: [{80C98199-570C-447E-B277-7EC28379D34C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{14C2618B-9593-4996-B18B-C8E2A9C11EA8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{DFFB279E-45D5-4762-9034-5B8D9FB29243}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{1D135892-CB93-46DE-A8D3-E62474250C96}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{E1756728-6D10-4260-B59A-F35D8F69FB17}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{27CBA4CE-9962-45CC-AC47-0A38BDC42363}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [{1D423875-BDF6-43AF-9E9B-53AF7D443FE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{718A2597-374F-456E-A05B-8F254F73630A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{D45D05D7-9F2A-423B-821F-C1E5076EEF58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{B3F8EA8D-743C-4C08-A7AE-986B6520606D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{53159363-79DA-4F2C-9F90-24AC6F6F7E36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{EC5FD3C7-EDD9-4F0F-BB83-F31AA1DEE93D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{CB1A677C-23D3-48A9-87FF-F5475DBF30BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{C8FC2ED8-7449-457C-8B66-A52E820C712F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{5AE49F7A-8B54-4D30-8809-E0F0273A8409}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{673BC614-7D8C-4B76-8531-E9F55DB4801F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{686C54A4-B655-4353-AAA7-EE07674F4172}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{D69BFB7D-B36A-4DD2-AA05-FB80926AB70D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{502E0E91-6818-4E39-AA1E-83AF3C3D76D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{2D979CEF-6E2D-466F-B8F9-166D92AB29BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{4DFFBC50-024A-43B1-B68F-9E6BED6D4F48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{29818698-C0C3-4FDD-95FB-67F36B6572B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{9D3C6594-2FA7-4CF3-90E9-2AF39E1419DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{192C252F-D62B-4FD8-9868-C5FCFC2AC78C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{928AD671-FB72-499F-B43B-D04BFA579BBB}] => (Allow) LPort=8370
FirewallRules: [{B4BE5D73-429E-4888-9D4D-6D3C41A4DF31}] => (Allow) LPort=8370
FirewallRules: [{9338026F-FB4B-4AD1-9303-7E3D5930437D}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{F38AD0CA-CBDF-41D2-9B3B-2E1122BE9B93}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Air\LolClient.exe
FirewallRules: [{E5A6F03F-017C-47B1-A5C5-E4AF51C710E6}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{1C503394-C3A4-4441-9907-6D1AED6CE073}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\Game\League of Legends.exe
FirewallRules: [{C9B2721F-D5EF-49F5-8A3C-B6561D009AD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3A191C38-14F0-4BC1-AB48-0DFC49D3F279}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8132753F-4F03-49F9-866A-DEFEE021BD8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F3564382-C52D-4207-B088-E3A5FC719E02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9FD89BF2-7E55-48DF-8736-13687480E716}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4B94BF96-DDC4-4D86-95D4-228368C14C3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6DC81374-E264-432A-B737-65DBD93F7CAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3AE42D83-09A0-4735-BD39-B2CBAB128DF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15126DD4-B28F-440F-8725-493CB0F8851F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0EE817EB-20C2-427D-93E0-5116141B8386}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{90D4ACF8-F295-43A0-A075-24AF3978D88B}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{14DB531F-1F37-4BC9-9386-5CAE2A33CEB6}C:\windows\system32\rundll32.exe] => (Block) C:\windows\system32\rundll32.exe
FirewallRules: [{F1DC5C76-F4F7-484C-919A-B17A8AA74585}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0295F166-335E-47FB-A351-DB2E7A53BCAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9878347F-3EE2-43C2-A917-33F5266472FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99E3B55D-D04D-45C6-8D72-3FD6FD53F23C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A3940AE-5243-4F20-B8F7-26E6CEB6DBB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1394D1A-E08E-4344-87A7-A42E56493713}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35B1E47F-D015-431F-B103-DF688E8B3FB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1EF2E447-4AB0-49D8-86DB-F474CC12D159}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7B2C3543-608C-4E7B-BE90-2D4838E72AB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FB99D66B-20F5-4985-A9EA-837C0CF48FC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A2AFF5C-1B5F-4788-B794-82CE8C073F25}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{36BAA88A-E0EE-4BA9-AC0B-BC25E2F69614}] => (Allow) LPort=2869
FirewallRules: [{C1579A85-47EA-4E60-A6D2-0E9A34C78D3C}] => (Allow) LPort=1900
FirewallRules: [{C9C1820A-22E6-4732-97DE-BCF677E2CA76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B80FAB5-7794-4196-ACF7-E08C21460CC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{50EE5679-31CE-4B1E-A1B4-0AE1E77AC9B1}] => (Allow) C:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{B7F83DB5-5D6C-413B-9066-042CC0B7B312}] => (Allow) C:\Program Files (x86)\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{5BE0268C-268D-419F-8977-8865DC6E4DA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C4F5351D-9DF7-41D2-BFF4-126972527D4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B326A43-AF39-4607-B87E-6604A679ABBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A21CA2CA-2AD9-44D2-8579-6B38DAC9E8ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{150D2625-ADE5-416C-933F-50E9833413F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BEA0A3F2-AB83-4346-93A9-989C3AF2826F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC891331-B014-40FA-946B-921FB1DA7F20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D8BB45D-5C82-43FE-A4B9-0F425D66D716}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7375CE5D-BD99-423C-98C6-768DBB07E614}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4CFB4081-7E05-4DB6-B5A0-771DCE93E5FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A124F54D-0031-4F70-A317-D63E8A50BB1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F4F1E11-DE36-4CA7-AE17-2A25522472FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DCD012CA-E828-49CC-9B23-ACFE7540969C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CADD7ECE-9F47-44B4-9EDF-BBFF4B077AF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C649800-C81F-4DDD-BE21-EC25883982A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B9D4F58-5A04-4E43-B5C7-F993D26CCDD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3EE49090-758A-47DC-9952-17F08C10E9ED}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{97041A3D-EFD2-4375-85FC-D903C63D24D9}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{370B5E7D-C096-4208-B7EE-5D090C12B082}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{274F89ED-1944-4378-8F9B-E95E3CD8FC30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14A099D5-AD69-4416-9B16-C4BB87F1DE70}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{BE888064-C093-44A6-8765-938C7D0917E3}] => (Allow) LPort=6996
FirewallRules: [{91F96485-D454-4AA5-B4F6-0631E24C4EF7}] => (Allow) LPort=6996
FirewallRules: [{4C7BDDC1-6ECF-44EB-84C1-FF2F45E03717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{71C44ECF-DE61-4259-8B21-E6C58DAB99DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3CD1DA96-20B4-4970-82D1-D9847B7EA72B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{1D3F41B5-D295-4E75-970F-AC6E18746ED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [TCP Query User{C0F50F8D-C09B-4408-8BC8-9AF5DBB214EC}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{56882059-9233-48A8-A531-D02268CB064E}C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{086358CC-5E5F-47A6-BA52-AA07CECCF37B}] => (Block) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{1E26C1F0-F81A-423C-BEA2-664A3179EFE3}] => (Block) C:\program files (x86)\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{EB21B013-38FF-4920-A662-6B5AE9E2949A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72863D8C-5A9E-4C88-9C0A-5A85B03C373D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F58B10E5-7114-4E7F-9394-8BFE9D56955F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F074155E-3D38-4BFC-A7BD-3526B9881D80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2CDCD103-7BC9-441B-8638-F33EB8586418}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5811A4B3-5ECF-48F4-AF80-14134A0D003B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E9522279-6E8C-48E1-8D7E-EFC76ED00A6E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{53DA01C1-2605-44D5-BB0D-7F97CECA1B8F}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2E56AB71-4FA4-45FF-9358-4BB1AF8AD760}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{377DD0E1-AE4A-4FD2-BD10-C1D117D8B24D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B8F320EC-82E7-4EA3-B026-CC6D30DF0BD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{23A07DDA-26BC-4F30-BF61-7A95814FFC19}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [UDP Query User{031EC3C7-D080-4E68-95A0-2E4AABDE02E2}C:\program files (x86)\garena plus\updatemanager.exe] => (Allow) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [{4653D4E7-2BCD-4470-BD43-EE135CB29A6D}] => (Block) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [{15122F67-C29A-4565-8415-6B4A630D6B98}] => (Block) C:\program files (x86)\garena plus\updatemanager.exe
FirewallRules: [{ADAD5579-2FE8-42AE-883D-650529785AA2}] => (Allow) LPort=6913
FirewallRules: [{50D0A102-053B-4D17-92E0-3F4AAEB1A4C5}] => (Allow) LPort=6913
FirewallRules: [{FEA4420F-3748-4C47-AF3E-0EC88160F418}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{4BDCE198-7A03-4BB6-AD21-AD92A4FCCF60}] => (Allow) LPort=12292
FirewallRules: [{1AD0EDAE-B735-405C-ABBE-A30841C4B094}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E6ECD310-14E8-43FB-8999-F993B3F93CD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{31E1EA27-D11A-4B7E-9FAB-39D374EA786B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CDE7B5DF-BC0E-44D6-B59F-4A16C63E0640}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CD3A2087-EC10-4D31-9C7A-45AAB0FBEF88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DC9804F-B164-4B6F-9AB4-EB8C76243DAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A696542-516C-4FEB-A2AA-D59178C39CAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3CDB00CA-4407-422B-8323-F80F6BF3A819}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{77C05638-1520-41B5-9882-565446D33B98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{20ABA0BE-14CF-455C-BCA4-B0FB29C4C09A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A4A952B7-EF40-451D-87BE-441ADDFF717E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29AF0640-D414-4466-A855-2D99A400D91E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A1DF8A4-21F6-45EF-BC92-103D2887579D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D809C543-2D0A-4FBE-B045-035D4E54651D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E5BF1A4-68AE-483F-8F8A-1BC3A489FB95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9443470C-E9C7-49D9-AE50-7146A34D8A35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{83D29AC5-2738-4F9E-B211-39A04CB4B499}] => (Allow) LPort=6968
FirewallRules: [{49E2E544-E2A7-4ABA-BF9D-602D7A36A2CF}] => (Allow) LPort=6968
FirewallRules: [{80515A24-02CE-4F8A-B795-08518BB67046}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{C0CF65EA-1FCD-40C4-9AB0-D506FBE4EF84}] => (Allow) C:\Program Files (x86)\GarenaLoLPH\GameData\Apps\LoLPH\lol.exe
FirewallRules: [{5B411E77-21A8-4BC9-A2F0-118D2A176504}] => (Allow) LPort=8393
FirewallRules: [{C4233A9E-A363-473F-9B82-604BAB7F58EA}] => (Allow) LPort=8393
FirewallRules: [{56B7924E-F001-4A71-BDC3-AB554DBF46F8}] => (Allow) LPort=8390
FirewallRules: [{17722CBA-4526-4261-85E8-C761C6FA151E}] => (Allow) LPort=8390
FirewallRules: [{EA52BD41-A136-403C-8226-D46AA63C26D8}] => (Allow) LPort=6962
FirewallRules: [{B397670F-6B24-4790-A790-AB933FB6EFF3}] => (Allow) LPort=6962
FirewallRules: [{7AD2D6AA-4EAD-4FB0-9FCA-77FDDA994B8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8CEC9669-3E00-4FAA-B855-EF56F11229E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9DC11C60-21E7-49C6-9123-0A53D2FE9844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B8BED2CF-6C80-4E07-B971-B805986ED6CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{87967D7C-99D0-47CC-87E5-A5ACEBDAD20C}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{4743D622-10DD-483B-8375-B844E3C37CF8}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{CC2DDB8F-DAA8-4A9D-ACD4-EE30069ECA55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C11BCD0D-BA71-4CAB-B940-4446ED19AB16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{A424B0A3-A9A0-4B32-9344-1987434DBFEF}C:\users\aaron\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\aaron\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{BE068E71-202F-4694-AB44-93C64D7E6EBE}C:\users\aaron\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\aaron\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [{9C01FD3E-B932-40A1-9852-8850A530795C}] => (Allow) LPort=6968
FirewallRules: [{422B8B19-EC70-43EF-A4F0-F21C3E702C92}] => (Allow) LPort=6968
FirewallRules: [TCP Query User{2B18E0CC-B55B-4EE6-8357-B6B4E595A43B}C:\garenadownload\games\lollcuph\lollcuphinstaller.exe] => (Allow) C:\garenadownload\games\lollcuph\lollcuphinstaller.exe
FirewallRules: [UDP Query User{8387E461-1BAC-44AE-B88D-84BBDB0AC0C6}C:\garenadownload\games\lollcuph\lollcuphinstaller.exe] => (Allow) C:\garenadownload\games\lollcuph\lollcuphinstaller.exe
FirewallRules: [{5E3AA979-B070-42D8-94A0-6CFEE327DD20}] => (Allow) LPort=6943
FirewallRules: [{C7608675-590A-47F1-8709-F09B560FFFF0}] => (Allow) LPort=6943
FirewallRules: [{8D889517-1205-4192-B477-F5C1E32BE2B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A1F0D133-8E5F-410A-9656-9FA8A5192EB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1CEAFA9C-59B9-447D-A253-E59A22E2A340}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{683B727C-86DB-490A-B20B-C4CF79AA338B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E2BEDFAA-CA89-44BD-8318-2DE852E54E7D}] => (Allow) LPort=6891
FirewallRules: [{025FEDD5-D6C8-47EC-B34F-A152B779A50A}] => (Allow) LPort=6891
FirewallRules: [TCP Query User{5F640C7B-9BAD-43BE-A4F7-1D899B732733}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [UDP Query User{AB7922D6-A109-488D-8718-DDF663A026CE}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe] => (Allow) C:\program files (x86)\garena plus\bbtalk\bbtalk.exe
FirewallRules: [{89BA9857-C016-4BC6-8088-A9D0AF428DC4}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{7404CC3F-961B-49B3-812D-7DFF5F19203F}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{F4BA79AB-4E10-4DB3-912E-7EB96D6347D5}C:\program files (x86)\helldivers\binaries\x64\helldivers.exe] => (Allow) C:\program files (x86)\helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{E0544A6E-6C24-484A-BEDE-348D7CDA2A19}C:\program files (x86)\helldivers\binaries\x64\helldivers.exe] => (Allow) C:\program files (x86)\helldivers\binaries\x64\helldivers.exe
FirewallRules: [{29BF31DF-A894-406A-AE61-2C77F2097D36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{806E9937-4C6A-4E78-BB9C-20E22A01EE6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{F865C473-B4C3-447E-BCA3-F8558BF8EC41}C:\users\aaron\desktop\dead.cells.update.13.05.2017\dead.cells.update.13.05.2017\deadcells.exe] => (Allow) C:\users\aaron\desktop\dead.cells.update.13.05.2017\dead.cells.update.13.05.2017\deadcells.exe
FirewallRules: [UDP Query User{04701D9F-CF1A-4ABB-819F-8693BF1A62F5}C:\users\aaron\desktop\dead.cells.update.13.05.2017\dead.cells.update.13.05.2017\deadcells.exe] => (Allow) C:\users\aaron\desktop\dead.cells.update.13.05.2017\dead.cells.update.13.05.2017\deadcells.exe
FirewallRules: [{D0706F9D-F07C-4B3A-A63D-480D3E0E402B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9D0FF83-8B2A-45CB-8F53-E172B2B2B341}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{29B02624-CA01-4708-829B-41FF5511E724}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8FB8856-CC18-4DAE-A457-26625A4146AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{8A67D8E9-80E2-470B-9F56-2510BA39705C}C:\users\aaron\desktop\project.zomboid.build.38.3\projectzomboid32.exe] => (Allow) C:\users\aaron\desktop\project.zomboid.build.38.3\projectzomboid32.exe
FirewallRules: [UDP Query User{3F110D08-9931-4E72-A007-5360F7151007}C:\users\aaron\desktop\project.zomboid.build.38.3\projectzomboid32.exe] => (Allow) C:\users\aaron\desktop\project.zomboid.build.38.3\projectzomboid32.exe
FirewallRules: [TCP Query User{0D9B7B92-66BF-4173-86C5-9EA2657D8073}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [UDP Query User{43A3A414-B1C1-4551-8D56-AF90B06C0094}C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) C:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe
FirewallRules: [{A6119E0F-5DE3-4B16-A8DA-96FADC6756BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{1EAC629F-6DD2-4B35-A462-63912CBB1444}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [TCP Query User{A3EF9809-9175-4BB9-B626-169584A1FB87}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [UDP Query User{96C64DCA-1950-403D-AAAE-31BD8413F427}C:\program files\autodesk\maya2014\bin\maya.exe] => (Allow) C:\program files\autodesk\maya2014\bin\maya.exe
FirewallRules: [TCP Query User{B23B0950-54B0-4524-BC4F-1764F4A1906E}C:\users\aaron\desktop\killing floor v1017 full game\killing floor\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\killing floor v1017 full game\killing floor\system\killingfloor.exe
FirewallRules: [UDP Query User{4C82BA7E-3FD5-41B6-8C7C-E058ECEB7F7D}C:\users\aaron\desktop\killing floor v1017 full game\killing floor\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\killing floor v1017 full game\killing floor\system\killingfloor.exe
FirewallRules: [TCP Query User{660F01BF-C337-498A-965A-683DCD4E531C}C:\users\aaron\desktop\project.zomboid.build.38.3\jre\bin\java.exe] => (Allow) C:\users\aaron\desktop\project.zomboid.build.38.3\jre\bin\java.exe
FirewallRules: [UDP Query User{515F24DC-4C13-4804-8D32-6EB0D1059ABC}C:\users\aaron\desktop\project.zomboid.build.38.3\jre\bin\java.exe] => (Allow) C:\users\aaron\desktop\project.zomboid.build.38.3\jre\bin\java.exe
FirewallRules: [TCP Query User{F78FD00F-3331-4D41-AB21-B19ECD9EEF1D}C:\games\project zomboid build 38.3\projectzomboid32.exe] => (Allow) C:\games\project zomboid build 38.3\projectzomboid32.exe
FirewallRules: [UDP Query User{21316D99-343E-4D49-8227-5756386D7DBB}C:\games\project zomboid build 38.3\projectzomboid32.exe] => (Allow) C:\games\project zomboid build 38.3\projectzomboid32.exe
FirewallRules: [TCP Query User{309DC981-37F6-4273-B1B0-5FFDFB9DEA89}C:\games\project zomboid build 38.3\jre\bin\java.exe] => (Allow) C:\games\project zomboid build 38.3\jre\bin\java.exe
FirewallRules: [UDP Query User{30621407-CE49-4A5D-8243-CC4A7348E808}C:\games\project zomboid build 38.3\jre\bin\java.exe] => (Allow) C:\games\project zomboid build 38.3\jre\bin\java.exe
FirewallRules: [TCP Query User{A14508CF-25FD-4BD7-89D3-08EF09A7336D}C:\users\aaron\desktop\kf 1\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\kf 1\system\killingfloor.exe
FirewallRules: [UDP Query User{ECDD46DE-D296-431B-AF5F-9C50B6D11684}C:\users\aaron\desktop\kf 1\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\kf 1\system\killingfloor.exe
FirewallRules: [TCP Query User{6482111F-EAD0-4996-942B-877825BD7F9B}C:\users\aaron\desktop\kf 1\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\kf 1\system\killingfloor.exe
FirewallRules: [UDP Query User{71970E31-C34B-4982-A868-17D1C5B2F37F}C:\users\aaron\desktop\kf 1\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\kf 1\system\killingfloor.exe
FirewallRules: [TCP Query User{549A3D5B-CE00-4881-95C9-1A779485765E}C:\users\aaron\desktop\gamefiles\kf 1\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\gamefiles\kf 1\system\killingfloor.exe
FirewallRules: [UDP Query User{1D6C3A47-4D0E-46B5-8059-6FA15951AC7B}C:\users\aaron\desktop\gamefiles\kf 1\system\killingfloor.exe] => (Allow) C:\users\aaron\desktop\gamefiles\kf 1\system\killingfloor.exe
FirewallRules: [{279F0203-E882-4F1B-97CF-B9A0FE8FD4D2}] => (Allow) C:\Users\Aaron\Desktop\Gamefiles\KF 1\RUN_KF.exe
FirewallRules: [{5E8D0142-524B-4E39-877F-B7B6D4F456CD}] => (Allow) C:\Users\Aaron\Desktop\Gamefiles\KF 1\RUN_KF.exe
FirewallRules: [{1D7E5D1D-9EE9-4D8B-8E65-1406EA64BDD1}] => (Allow) C:\Users\Aaron\Desktop\Gamefiles\KF 1\RUN_KF.exe
FirewallRules: [{68A9FD70-A6DF-447B-A883-B79FA0CD10D3}] => (Allow) C:\Users\Aaron\Desktop\Gamefiles\KF 1\RUN_KF.exe
FirewallRules: [TCP Query User{35BB9003-9FF8-44AC-9285-B3EB2CCEAC3A}C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe] => (Allow) C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe
FirewallRules: [UDP Query User{DD807E58-48D7-4B21-811F-81ACB38E6EF7}C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe] => (Allow) C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe
FirewallRules: [TCP Query User{FD4DDEAC-C63E-4B4F-9E14-99590EDF24AC}D:\the boi boi\binaries\win64\kfgame.exe] => (Block) D:\the boi boi\binaries\win64\kfgame.exe
FirewallRules: [UDP Query User{FFF5E65A-80CF-4303-A58F-2D3EA1437658}D:\the boi boi\binaries\win64\kfgame.exe] => (Block) D:\the boi boi\binaries\win64\kfgame.exe
FirewallRules: [{B5FC50E4-C919-47C9-AED1-71AF6ADE2E5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{FDBA2260-5744-41F0-B9DD-A490B33767B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{4719E166-3183-49EF-A366-BABABB51B655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{A83A63F2-3255-4E49-BDEE-8F0F819116B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{E562FA87-3042-4543-8E58-643FE72220C2}] => (Allow) C:\Users\Aaron\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{6D6CC5C0-117A-471A-882E-289717556548}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{90671993-9451-4EBC-A9DF-94468518F397}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{7EA35E26-E95E-4590-9921-C5A7BB300953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{36A7EBE2-593C-434F-8562-7BC8FE95A8A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{F818B8DA-EB66-477F-9009-433AB32EAB21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{6227EC23-58C7-4AD0-8C4C-5508A7C20B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{63F8C7D2-5AB2-4C5D-8797-0DD0CA95AE4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{967DF71D-D4EF-4AFE-811A-DDA93BF707E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{CD158F14-4F3E-418B-8999-784F90A61A58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{71F66AF0-35EB-4A38-A4E7-72A61933A8D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{C8C49D59-9F5A-456C-97C7-B0AE46F75A83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{7491C1AF-63C7-4876-8F6E-6404AA88CDC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [TCP Query User{DE56B39B-09F8-4473-8118-11F70F1A3233}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{31BAC534-48D1-424D-8F72-3AA95E48B395}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{AF318C87-5E1C-4F72-928C-F4879206195F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{A46B8C9F-1828-45D7-8BAE-A1A6C6382EC2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{BB31DAB7-6654-4808-9868-041FFEC6B54A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{81E8B53E-63D0-4FAE-B4BA-86B483FB5926}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BA0ACABA-70D8-4134-B0A2-100F47B61040}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{01A991D0-C5D3-486D-884C-5F2E3F8EECCA}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{5861DEBE-4F6C-496E-92F7-FB7A0AC67517}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe
FirewallRules: [UDP Query User{C6E0CC3E-4D37-466C-AF8B-A3112BA16228}C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe] => (Allow) C:\program files (x86)\mumu\emulator\nemu\emulatorshell\nemuplayer.exe
FirewallRules: [TCP Query User{B326C2FB-B07C-4ACC-AB81-743E8F098F4B}C:\program files\strogino cs portal\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files\strogino cs portal\half-life 2 deathmatch\hl2.exe
FirewallRules: [UDP Query User{55125BCD-62BD-4CE9-ABAF-AFAB4F296145}C:\program files\strogino cs portal\half-life 2 deathmatch\hl2.exe] => (Allow) C:\program files\strogino cs portal\half-life 2 deathmatch\hl2.exe
FirewallRules: [{14D97B79-B5FF-4578-A1C9-84468681ED5A}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1801.1018\gxxsvc.exe
FirewallRules: [TCP Query User{FC2485C6-E6DB-4E5E-A657-0F073B20992B}C:\program files\strogino cs portal\half-life 2 deathmatch\bin\tools\steamcmd.exe] => (Block) C:\program files\strogino cs portal\half-life 2 deathmatch\bin\tools\steamcmd.exe
FirewallRules: [UDP Query User{736D3C2D-3164-48B5-9547-C00CF1914E83}C:\program files\strogino cs portal\half-life 2 deathmatch\bin\tools\steamcmd.exe] => (Block) C:\program files\strogino cs portal\half-life 2 deathmatch\bin\tools\steamcmd.exe
FirewallRules: [TCP Query User{88B0D865-A122-4341-83F0-590B25552DC1}C:\games\half life 2\hl2.exe] => (Allow) C:\games\half life 2\hl2.exe
FirewallRules: [UDP Query User{090A4144-37DE-456C-88C2-299E8269E803}C:\games\half life 2\hl2.exe] => (Allow) C:\games\half life 2\hl2.exe
FirewallRules: [TCP Query User{3F5022DA-CB1A-48AF-9A58-EA1C3514A8A4}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{DAB0C61F-0BEB-427C-A023-85FD833B8A8D}C:\program files\strogino cs portal\counter-strike source\hl2.exe] => (Allow) C:\program files\strogino cs portal\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{9308B1DE-9EEE-45A0-BB9B-8E9D6C6931B7}D:\the long dark\tld.exe] => (Allow) D:\the long dark\tld.exe
FirewallRules: [UDP Query User{BFB4A4E8-7877-4530-A41E-627869BAF66D}D:\the long dark\tld.exe] => (Allow) D:\the long dark\tld.exe
FirewallRules: [{DF6DE950-F33A-40A2-8C39-C1CD59667D1A}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1801.1820\gxxsvc.exe
FirewallRules: [TCP Query User{AE0FCBC8-F9D1-4DED-A931-1347276C83ED}C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{BC73BA68-63E6-4D73-8B68-E7D8259A2282}C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Allow) C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{B3628642-D4DA-4ACC-91D2-BA656124D989}C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Block) C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [UDP Query User{AD00B371-8735-42B6-BFA9-6B7C10577722}C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe] => (Block) C:\users\aaron\desktop\left 4 dead 2\left 4 dead 2\left4dead2.exe
FirewallRules: [TCP Query User{B3A6A4EB-D1E9-49A5-8D91-DFE5B02BFE8F}E:\counter-strike source\hl2.exe] => (Block) E:\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{EAE3E014-5C56-443D-A738-998DFB0519BD}E:\counter-strike source\hl2.exe] => (Block) E:\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{E2104DC7-44D5-4424-A103-7CD654079C51}C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe] => (Block) C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe
FirewallRules: [UDP Query User{46C3E59E-3D72-4EBB-9FFB-2C05B0558993}C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe] => (Block) C:\program files (x86)\killing floor 2\binaries\win64\kfgame.exe
FirewallRules: [TCP Query User{2CD654F3-FB0C-4E24-86E2-A9215508D0ED}F:\counter-strike source\hl2.exe] => (Allow) F:\counter-strike source\hl2.exe
FirewallRules: [UDP Query User{CE425BB8-8AE5-4EFF-8200-C0B449BB9C61}F:\counter-strike source\hl2.exe] => (Allow) F:\counter-strike source\hl2.exe
FirewallRules: [TCP Query User{50737095-37C3-4C89-A502-280DECCB6710}C:\program files (x86)\killingfloor\system\killingfloor.exe] => (Allow) C:\program files (x86)\killingfloor\system\killingfloor.exe
FirewallRules: [UDP Query User{5D67AB47-DCE5-457C-92B9-C34ADB9C2683}C:\program files (x86)\killingfloor\system\killingfloor.exe] => (Allow) C:\program files (x86)\killingfloor\system\killingfloor.exe
FirewallRules: [{192208E2-D029-44A1-BE2A-3EA5338F716A}] => (Block) C:\program files (x86)\killingfloor\system\killingfloor.exe
FirewallRules: [{2762A755-A430-4926-9B92-72562593DBA1}] => (Block) C:\program files (x86)\killingfloor\system\killingfloor.exe
FirewallRules: [{011187CD-21FA-4DD3-AE61-60C3639B618D}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1802.1114\gxxsvc.exe
FirewallRules: [{CFF4A0F2-D1A4-42D3-A825-766571488FD6}] => (Block) %ProgramFiles%\Adobe\Adobe InDesign CC 2014\InDesign.exe
FirewallRules: [{72F69C55-80BC-4767-869A-C10F79C90B6C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1803.0214\gxxsvc.exe
FirewallRules: [{B7D0E85A-D0A0-41FF-B008-AE70C7D8858A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{F83AD0D8-6660-46F1-9FBE-E828149017F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{CBEF2316-B03E-4A94-9A70-C58B1CB79542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{1C921CAC-4425-40E3-8153-E5E1493CD27D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{C23450F7-C438-4B00-9F1C-F6204E49436C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{40838C12-1B84-443E-AAE5-25EC429D555C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{1E96380B-8CEB-4CD2-899B-72CB5236AE9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{D1853560-CE2C-47BB-B257-90C3C8AD7D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Starbound - Unstable\win32\starbound.exe
FirewallRules: [{956FDA53-6D4C-4F92-83B8-AEF47B156B77}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1803.2016\gxxsvc.exe
FirewallRules: [TCP Query User{7DF6E614-BA54-4117-A298-C00F177F3E15}C:\users\aaron\desktop\divinity - original sin enhanced edition\files\shipping\eocapp.exe] => (Block) C:\users\aaron\desktop\divinity - original sin enhanced edition\files\shipping\eocapp.exe
FirewallRules: [UDP Query User{EA0B8C71-42FC-4467-9FA4-603620E1424A}C:\users\aaron\desktop\divinity - original sin enhanced edition\files\shipping\eocapp.exe] => (Block) C:\users\aaron\desktop\divinity - original sin enhanced edition\files\shipping\eocapp.exe
FirewallRules: [{61AF408C-EEAF-4E9C-B943-BE8D4DFA551E}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1804.0420\gxxsvc.exe
FirewallRules: [{243F18FC-F14E-42E6-AFAC-88C4B92EC8A0}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1804.2618\gxxsvc.exe
FirewallRules: [TCP Query User{9E50AB94-4AB6-4832-B5BC-9AD3DD1C2152}C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe] => (Block) C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe
FirewallRules: [UDP Query User{F4A3A4E2-0886-4285-9DA7-D61065D1FC95}C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe] => (Block) C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe
FirewallRules: [{03A495A8-5F8B-4EA3-B456-7C1CEF6F2BD7}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1804.2913\gxxsvc.exe
FirewallRules: [TCP Query User{D9840A68-E2CD-44F7-AFFB-00CCDE191BE3}C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe] => (Allow) C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe
FirewallRules: [UDP Query User{961539C3-7DB7-4A6C-B73A-F9DA469FB86E}C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe] => (Allow) C:\program files (x86)\garenalolph\gamedata\apps\lolph\leagueclient\leagueclient.exe
FirewallRules: [TCP Query User{D718B6F3-4D9C-4E3D-94CC-AF9E86BB9316}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{9AC43628-930E-4104-B7F9-1071F496C8EE}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FF1CD2A9-10E1-467F-9F0E-1C9EAE777898}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [UDP Query User{739708EC-7E0F-407F-8AA7-50152BBC1335}C:\ros\ros.exe] => (Allow) C:\ros\ros.exe
FirewallRules: [TCP Query User{8D022772-A9C8-46E9-BA57-75DE1B9FD515}C:\ros\ccmini\ccmini.exe] => (Block) C:\ros\ccmini\ccmini.exe
FirewallRules: [UDP Query User{0A4D0847-9516-430B-BAC3-EFF9F3F43210}C:\ros\ccmini\ccmini.exe] => (Block) C:\ros\ccmini\ccmini.exe
FirewallRules: [TCP Query User{1E628D2E-C480-450B-8AC2-8B0BD0AE7635}C:\users\aaron\desktop\rwby\sgzh.school.girl.zombie.hunter\sgzh school girl zombie hunter\sgzh\binaries\win64\sgzh-win64-shipping.exe] => (Block) C:\users\aaron\desktop\rwby\sgzh.school.girl.zombie.hunter\sgzh school girl zombie hunter\sgzh\binaries\win64\sgzh-win64-shipping.exe
FirewallRules: [UDP Query User{76C9583A-6CBE-410C-B720-591333444455}C:\users\aaron\desktop\rwby\sgzh.school.girl.zombie.hunter\sgzh school girl zombie hunter\sgzh\binaries\win64\sgzh-win64-shipping.exe] => (Block) C:\users\aaron\desktop\rwby\sgzh.school.girl.zombie.hunter\sgzh school girl zombie hunter\sgzh\binaries\win64\sgzh-win64-shipping.exe
FirewallRules: [{C2077691-D088-452E-BC29-0BA4B7E5180C}] => (Allow) C:\Program Files (x86)\Garena\Garena\2.0.1806.0116\gxxsvc.exe
FirewallRules: [TCP Query User{2B063746-10A8-4505-8547-88AA16B05B78}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [UDP Query User{124E266F-FBBF-4F14-8845-A72A41EA08AD}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [{E37DFFED-60B0-40D5-9BE4-1717753F2718}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{167A8AAB-F57D-49CF-95EA-FEA4650B5FF8}] => (Allow) C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{0C676EEF-9F89-4C80-A682-79A1C930B6EE}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [UDP Query User{03B3277D-B053-490C-A674-F93F9569D5A2}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonor\forhonor.exe
FirewallRules: [{AAD52E31-713E-43D2-92DD-EB9ACD55276A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{20C7B1B7-CAC8-4DB0-8BF4-574B21AF5E7D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{1A8E606E-0AD0-43CA-8EAF-8124D3C71BD2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{796E0FBE-19D2-4808-B493-EDCFFE0773C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe
FirewallRules: [{906D516D-EF43-42A4-80B8-470419166773}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe
FirewallRules: [{AD7551BD-02BE-452D-9E18-A3F4581FB07E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe
FirewallRules: [{40E28B8E-0728-4021-875C-67A544221771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SCP Secret Laboratory\LocalAdmin.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

07-07-2018 22:41:46 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: IOMap
Description: IOMap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: IOMap
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Symantec Eraser Control driver
Description: Symantec Eraser Control driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: eeCtrl
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2018 05:59:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23572, time stamp: 0x57fd0379
Exception code: 0xe06d7363
Fault offset: 0x0000c54f
Faulting process id: 0x1178
Faulting application start time: 0x01d4165f4e2713c5
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: a7fcee40-8295-11e8-8521-d017c298ce9e

Error: (07/08/2018 12:21:11 PM) (Source: MBAMIService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2018 11:07:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mb-support.exe, version: 1.1.2.471, time stamp: 0x5b1acb80
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23572, time stamp: 0x57fd0379
Exception code: 0xc06d007e
Fault offset: 0x0000c54f
Faulting process id: 0x17cc
Faulting application start time: 0x01d41668bca2cad6
Faulting application path: C:\Users\Aaron\AppData\Local\Temp\mwb138.tmp\mb-support.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: fe0ea1e1-825b-11e8-8521-d017c298ce9e

Error: (07/08/2018 11:07:04 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: mb-support.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c06d007e, exception address 7564C54F

Error: (07/08/2018 09:57:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/08/2018 09:56:26 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (07/08/2018 02:47:48 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (07/07/2018 10:42:34 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\NotificationSpreader.dll" on line 2.
The manifest file root element must be assembly.


System errors:
=============
Error: (07/09/2018 08:01:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/09/2018 08:01:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/09/2018 08:01:24 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/09/2018 08:01:18 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/09/2018 08:01:13 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/09/2018 08:01:11 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/09/2018 08:01:04 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/09/2018 12:54:21 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


CodeIntegrity:
===================================

Date: 2018-01-19 01:08:17.204
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\atmfd.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-19 01:08:03.320
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-19 01:08:03.149
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-19 01:08:02.302
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\ntdll.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-08 13:49:52.482
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-07 21:30:14.124
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-07 21:30:13.890
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-16 23:40:25.500
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 76%
Total physical RAM: 4039.48 MB
Available physical RAM: 946.27 MB
Total Virtual: 9820.77 MB
Available Virtual: 3289.8 MB

==================== Drives ================================

Drive ? () (Fixed) (Total:930.96 GB) (Free:147.57 GB) NTFS

\\?\Volume{f7693dc7-3eb0-4144-b819-5f8c5b5d156b}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites
Thanks for those logs marvic_aaron,

Continue;

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Uninstall Spybot S&D - https://www.safer-networking.org/faq/how-to-uninstall-2/ reboot when done.

Next,

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply. Also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

I followed the instructions up until it asked me to reinstall Malwarebytes, it prompted the same Restart upon installation.
When I logged back in there was nothing installed.
 kek.png.0a735e122f0db6007a53c6db6e372c19.png
I have also attached the fixlog

Fixlog.txt

Share this post


Link to post
Share on other sites
Thanks for the update marvic_aaron,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Thanks,

Kevin

Share this post


Link to post
Share on other sites

Thanks for those logs, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Make clean install of Chrome. If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

Next,

Open Chrome and sign into your account, open a new tab and type or copy paste chrome://settings/syncSetup hit enter...

In the new window that opens "Sync everthing" will probably be selected, scroll down to and select "Managed sync data on Google Dashboard"

A new window will open, scroll down to and select "Reset Sync" that will clear synced data from Google Server...

Continue to next step to completely Uninstall Chrome....

Next.

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata)

For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming

How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Install Google Chrome :

Next,

Import your Bookmarks... (instructions in the first step)

Next,

Install uBlock Origin for Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

Next,

Totally Remove Malwarebytes from your system:

Download the latest version of MB-Clean by clicking this link: https://downloads.malwarebytes.com/file/mb_clean save to your Desktop, or a folder of your choice.
 
  • Close all open applications
  • Double-click and run mb-clean.exe
  • A prompt with an option to clean up the system will appear:


Yes - will proceed with backing up the license key (Malwarebytes 3.x only) and initiating the cleanup process. (Recommended)
No - will exit the utility

Once the cleanup process is completed, a prompt will appear:

Yes – will proceed and post reboot you will be prompted to continue with the downloading, installation and activation of latest version of Malwarebytes 3.x (Recommended)
No – will exit the utility and you will not be prompted (post reboot) to download, reinstall and re-activate (Not Recommended)

We recommend rebooting immediately. Additionally, stopping at this step is not recommended and will most likely not resolve your issue(s).

Upon reboot, a prompt will appear:

Yes - will download, install and activate the latest version of Malwarebytes 3.x (Recommended)
No - will exit the utility and the cleanup process is complete...

A log file ("mb-clean-results.txt") will be on your desktop...

Next,

Open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Protection Scroll to and make sure the following are selected:

    Scan for Rootkits
    Scan within Archives
     
  • Scroll further to Potential Threat Protection make sure the following are set as follows:
    Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)
    Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended)
     
  • Click on the Scan make sure Threat Scan is selected,
  • A Threat Scan will begin.
  • When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab
  • If asked to restart your computer to complete the removal, please do so
  • When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more to retrieve the log.


To get the log from Malwarebytes do the following:
 
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Let me see those logs in your reply...

Thank you,

Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

Can you manually reboot yourself, when complete continue with the following:

Download BlitzBlank from here: http://www.bleepingcomputer.com/download/blitzblank/dl/108/ and save it to your desktop.

Right click on user posted image Blitzblank.exe select "Run as Administrator"


Click OK at the warning (and take note of it, this is a VERY powerful tool!).

user posted image

Click the Script tab and copy/paste the following text into that field:

DeleteFile: ReplaceWithDummy
C:\ProgramData\Microsoft\Windows\Image\capCADF.tmp:ad


user posted image

Click Execute Now. An alert will ask "You are about to delete files, are you sure to proceed" Select OK to proceed

user posted image

A system reboot warning will open, it will say "Please close all running applicatons to avoid data loss" Select OK to proceed

user posted image

Your computer will need to reboot in order to do the fixes, reboot yourself if not prompted....

When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
 
Next,
 
Will Malwarebytes install...?
 
Thanks,
 
Kevin....

Share this post


Link to post
Share on other sites

Try with the script as follows:

DeleteFile:
C:\ProgramData\Microsoft\Windows\Image\capCADF.tmp:ad

 

Share this post


Link to post
Share on other sites

See if the following will install in Normal mode...

Please download Zemana AntiMalware and save it to your Desktop.

  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scan to begin.
  • After the short scan is finished, if threats are detected press Next to remove them. to remove them.

    Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually.

  • Open Zemana AntiMalware again.

  • Click on 4zu6vb.jpg icon and double click the latest report.

  • Now click File > Save As and choose your Desktop before pressing Save.

  • Attach saved report in your next message.

 

Share this post


Link to post
Share on other sites

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

 

Share this post


Link to post
Share on other sites

Thanks for those logs marvic__aaron, there is no malware or infection present. Go to the following link:

https://support.microsoft.com/en-gb/help/17588/fix-problems-that-block-programs-from-being-installed-or-removed

Follow the instructions to download and run the tool to Fix problems that block programs from being installed or removed, try installing malwarebytes again on completion...

Thanks,

Kevin..

Share this post


Link to post
Share on other sites

Hello @marvic_aaron

Sorry for the delay. What program are you trying to install?

Have you created a new user account with Admin rights and tried to install under that new account? It's possible there is some type of corruption on your own account. Pretty common in Windows

Ron

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.