Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Google Chrome is running slower and displaying ads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 27th, 2017, 9:40 pm

Hi once again. :oops: Tried installing a program which had some other software linked to it and now my Google Chrome browser has been running slower and has been displaying these advertisement sites at the top of the search results. My Adblock extension also identifies these websites as advertisements but only if I manually tell it there's an ad that isn't blocked on the page. I've attached both the FRST log and an image of the advertisement sites that appear when I search for stuff.

Addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (27-03-2017 21:36:19)
Running from C:\Users\Primitive\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 05:06:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233390903-2661952563-451428824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-233390903-2661952563-451428824-503 - Limited - Disabled)
Guest (S-1-5-21-233390903-2661952563-451428824-501 - Limited - Disabled)
Primitive (S-1-5-21-233390903-2661952563-451428824-1001 - Administrator - Enabled) => C:\Users\Primitive

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
BitTorrent (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Cloud Penguin (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Cloud Penguin) (Version: 2.0.6210.36208 - Cloud Penguin) <==== ATTENTION
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Depth (HKLM\...\Steam App 274940) (Version: - Digital Confectioners)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Discord (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Git version 2.11.1 (HKLM\...\Git_is1) (Version: 2.11.1 - The Git Development Community)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7870.2024 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monster Hunter Online (HKLM-x32\...\Monster Hunter Online) (Version: - Tencent)
Natural Selection 2 (HKLM\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version: - Uber Entertainment)
Python 3.5.1 (64-bit) (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
ROBLOX Player for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)
Super Hexagon (HKLM\...\Steam App 221640) (Version: - Terry Cavanagh)
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {0C557DF1-E92D-458A-8E6F-6C3D1D24242A} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {0CC8C3D9-71F8-4D15-97D6-38645131BAB9} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {0D2AD9B3-ADDB-40A5-A136-3E0102ADBF82} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {10661CA9-C443-4EB0-91B3-4676DC558427} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {236D5E93-AC70-40C8-8507-71ED54E82425} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {36FC4F2D-2FC1-4C0F-9F44-41B280A32779} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {3F2DCA07-5247-4396-A732-55CFACB24016} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {3F39F139-E558-49F2-94D9-5443E998C7DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {45A64C74-3F8C-42EE-8DEB-DF1A83FCCD4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {4752A296-189E-4FD5-A55B-16D29353EEF8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-02-04] ()
Task: {4B25888B-8985-4F3F-B91E-496D45D90F69} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {54E033B2-E527-4D00-B522-6E3845CDF2E1} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {5A63E6F8-C360-4ED1-AC63-7167C03D1785} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {5DBF077D-34EF-4AC4-ABE9-B051D1CC57E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {66E21683-3ABA-4D5F-B96A-97B64E81E6F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {718654D7-45FE-4114-8169-D671714DB898} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7813514E-C52D-4C08-BCE8-6CFD9B1B3685} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {7EA057AD-62FC-43FD-BE2E-2A8DC9D0A261} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {85148911-6B3A-4DA0-BE2A-EC73B3E91C67} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {8C66C891-8007-46D0-8A70-0F04AFD28BC9} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {95BF1522-875E-4138-B6E6-A36B795D7D25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {97119FF0-B283-4618-9ECE-8ACD504E0A01} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {AE34D356-1919-4106-9136-CD5F218496D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {B481EED0-482D-4E11-B005-299A4747938A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {B5015F98-BD11-457C-AF42-4257BD35FEFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-08] (Microsoft Corporation)
Task: {BF3CD351-0A42-4629-87ED-61FC9961439A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {C62F2AFE-67E3-4033-B157-B302AA4C9F01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {DB3840F1-A2BA-4B6F-9098-D94CACB970FC} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {ED519B11-3B3F-4B0B-9C63-CC6B72B6E04B} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {EE8D7CAE-3277-4C79-84FD-215F3C05BA5F} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {F8691C31-7151-4D63-ABB0-CA44666DB472} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {F926E2CA-0E8B-4955-BF7F-CC1836FDF8E0} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {FC17B985-39D1-41BC-88AA-E56D1701A505} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {FD3CA9F1-D4CB-4460-BF78-0FAC0BF6ED8E} - System32\Tasks\PPI Update => C:\WINDOWS\explorer.exe "hxxp://windowsdefender.site/download/download.php?mn=9996" <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2017-03-26 17:26 - 2017-03-26 17:26 - 00230400 _____ () C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs
2016-10-08 15:14 - 2017-02-23 14:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-24 16:52 - 2017-03-24 16:52 - 00008704 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
2017-03-26 21:14 - 2017-03-13 18:08 - 00016384 _____ () C:\WINDOWS\src_srv\winsrcsrv.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-07 01:10 - 2017-03-16 19:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-27 17:02 - 2017-03-27 17:02 - 00368640 _____ () C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\knsF76C.tmp
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 20:11 - 2016-05-19 20:11 - 00959168 _____ () C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 23:27 - 2017-02-25 04:59 - 08921648 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-16 21:30 - 2017-01-16 21:30 - 00230064 _____ () G:\rhinobot\Notepad++\NppShell_06.dll
2016-02-07 03:36 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 19:31 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 18:34 - 2016-10-25 03:01 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-11-08 18:34 - 2016-10-25 00:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 18:33 - 2016-10-25 00:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 18:34 - 2016-10-25 00:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 18:33 - 2016-10-25 00:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 09:31 - 2017-01-23 09:31 - 01037824 _____ () C:\Users\Primitive\AppData\Roaming\Rainmeter\Plugins\SpotifyPlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00173568 _____ () G:\Rainmeter\Plugins\AudioLevel.DLL
2017-01-01 09:59 - 2017-01-01 09:59 - 00120832 _____ () G:\Rainmeter\Plugins\QuotePlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00093696 _____ () G:\Rainmeter\Plugins\Process.DLL
2016-04-18 16:14 - 2016-04-18 16:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-03-24 16:53 - 2017-03-24 16:53 - 00404992 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 67725936 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libcef.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 01929840 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libglesv2.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 00087152 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libegl.dll
2016-10-08 15:14 - 2017-02-23 14:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-08 15:14 - 2017-02-23 10:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-08 15:14 - 2017-02-23 10:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-03-23 17:25 - 2017-03-09 20:13 - 00674592 _____ () G:\Steam\SDL2.dll
2016-12-20 18:49 - 2016-08-31 21:02 - 04969248 _____ () G:\Steam\v8.dll
2017-03-23 17:25 - 2017-03-22 20:52 - 02465056 _____ () G:\Steam\video.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 02549760 _____ () G:\Steam\libavcodec-56.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00491008 _____ () G:\Steam\libavformat-56.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00332800 _____ () G:\Steam\libavresample-2.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00442880 _____ () G:\Steam\libavutil-54.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00485888 _____ () G:\Steam\libswscale-3.dll
2016-12-20 18:49 - 2016-08-31 21:02 - 01563936 _____ () G:\Steam\icui18n.dll
2016-12-20 18:49 - 2016-08-31 21:02 - 01195296 _____ () G:\Steam\icuuc.dll
2017-03-23 17:25 - 2017-03-22 20:52 - 00839456 _____ () G:\Steam\bin\chromehtml.DLL
2016-12-20 18:49 - 2016-07-04 18:17 - 00266560 _____ () G:\Steam\openvr_api.dll
2017-03-10 17:32 - 2017-01-30 17:41 - 68875552 _____ () G:\Steam\bin\cef\cef.win7\libcef.dll
2017-03-23 17:25 - 2017-03-22 20:52 - 00383776 _____ () G:\Steam\steam.dll
2016-12-20 18:49 - 2015-09-24 19:52 - 00119208 _____ () G:\Steam\winh264.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-01-11 19:44 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 19:44 - 2017-01-11 19:44 - 01082880 _____ () \\?\C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 19:44 - 2017-01-11 19:44 - 03750400 _____ () \\?\C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 19:44 - 2017-01-11 19:44 - 00914432 _____ () \\?\C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 19:44 - 2017-01-11 19:44 - 01127424 _____ () \\?\C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-01-11 19:44 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 19:44 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-03-27 17:07 - 2017-03-27 17:07 - 00148992 _____ () \\?\C:\Users\Primitive\AppData\Local\Temp\839B.tmp.node
2017-01-11 19:44 - 2017-01-11 19:44 - 02658304 _____ () \\?\C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 19:44 - 2017-03-22 16:07 - 02665976 _____ () \\?\C:\Users\Primitive\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-05-19 20:11 - 2016-05-19 20:11 - 00679624 _____ () C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-10-14 23:27 - 2017-02-25 04:14 - 08921136 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-02-10 19:46 - 2017-02-01 05:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-10 19:46 - 2017-02-01 05:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00025088 _____ () C:\Windows\SYSTEM32\GamePanelExternalHook.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\google.com -> hxxps://google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-01-12 18:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233390903-2661952563-451428824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primitive\AppData\Roaming\Rainmeter\Layouts\Test\Wallpaper.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{623EAC45-1598-4EEE-BD2F-C554D19FAA58}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{882D562F-D8CF-47F0-91D5-5FF20B26E4D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F32F6EE-7D5A-4F87-890D-C43E6E5B1D6B}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{37B62C7A-6269-448C-B0F0-C5F4DD354D39}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{62D0C5AA-BAC2-46E9-875E-4A481824893A}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{13C2835A-1846-4F6B-8DBB-D5013C3538E6}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E12D0410-C1CD-4A84-9D2B-A549A6FE2C42}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{66C4B93B-2AA9-4B9B-8CBD-B461DFB712E2}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3908B23D-06E8-409A-955B-5EB59B18597B}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{450E2008-E396-433A-A2C2-A8DD4DA0B3CE}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{44F09366-8258-4497-AE39-AAF7A7B95146}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{A0E6F6F2-A76C-4190-A05C-EEC139D4A3A9}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{436E6A5A-63DA-466D-97E6-04584B352F1B}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{AF18843B-D775-4C5B-961C-E4BE8E0D4D85}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C2B76408-6377-4C86-8CA0-23DC44A17D81}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DFDDC1C2-D40E-452E-BA03-AD93719A722A}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{0C7AE528-35AA-4CA9-BEEF-9273410642C4}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [TCP Query User{F94CD4E5-A551-4850-AC31-08A71433FA3E}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{4CCE744F-9643-4D7F-8D50-08A1F5F83204}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{F2230469-9934-4F74-B6BB-F29B3E279064}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{E1999BC2-8EC4-468A-BC7F-0D0176ADE6A1}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{212B39BF-7C90-4A18-A2A0-49AEE8CBB838}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{73721E6F-4821-40A6-92A7-4A410A50DD18}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{0CC94886-5F31-440B-8375-8650C49219BA}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1327FD25-DABA-4F25-8721-6FF3482ABA8E}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{23BC6235-E46E-443A-A509-DBB2C0214867}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7A57483F-0EDC-4AAA-8F16-7E6225D68E64}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [{8BC5D79D-ECCB-4824-9964-F2E73A249C60}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E2B86AF-644D-43C9-9426-2B434A9EC1DA}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [TCP Query User{826E5577-F48E-48C4-B788-4237C7C64054}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [UDP Query User{8EE5BE3A-F201-4B23-92EA-00303D2F81B9}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [TCP Query User{71689633-D477-4FA3-93C7-39DBD8D16D0B}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [UDP Query User{27419A28-CEAF-4934-9067-F9E56798A149}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [TCP Query User{6BB72CFE-E6C9-488E-AFF8-4C42BB966AD3}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B6347567-B904-4E85-8E5E-D12FE7AD6B69}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{0B7EA474-5A25-4B8A-B994-1513540C3243}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2A64718-D7CE-425D-8560-15ABFD84E229}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7736D49B-8E9F-4C87-855D-E2A19BCCB59C}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B00BB64-BBE7-49F4-B690-75EF262E2C5E}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [{F11A6418-583B-4BF4-BBB3-D99BBB3B311F}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F3B40AAB-4713-4A2E-A857-1DD7013ACAAC}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{1A7FB639-11ED-46E5-8932-FA17C6FC5D7E}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{A5C8EBCC-699E-4F6F-BFD8-BF07593D6353}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{2E6C0288-6D7C-4326-AEB4-EAD4FC13974A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38366E24-9DD0-49C6-B75F-B82810C36C0A}] => (Allow) LPort=2869
FirewallRules: [{933CF27E-CDC8-46C2-8C32-54C742A26086}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{554E64E0-949D-48E5-A53D-1F12FD8B9D3E}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E374850A-708E-450A-8CC5-5F768F4CBE08}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [TCP Query User{A034A264-0945-466C-B892-5A5228B0651D}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{C5F98DCB-D2DA-4B11-9343-035AE2F2AB7F}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{1BDF9A2F-CD29-4E5E-A082-C38AF929DAE3}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [UDP Query User{7613A658-F25F-4404-8E58-F5EA70D316C2}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [{8A0F9ABD-4B7B-4B99-BBD7-A0C569DE9D3C}] => (Allow) LPort=3724
FirewallRules: [{2FDD3BE2-9AE2-4E50-87D5-C75A81102691}] => (Allow) LPort=80
FirewallRules: [{64B5E32C-9C1B-46CD-B0C0-AF4960C6BA50}] => (Allow) LPort=3724
FirewallRules: [{0F99289A-A5F7-422C-9402-3B7926840156}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{D062639C-BE7D-4157-9324-71092FA90889}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E0E46D31-D846-433F-93BB-C40904D76206}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6D25C008-C437-4F1F-BDB4-836EB6CD91C7}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{63443DFF-2AB7-43C1-8214-30B975D2C89E}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5570ED2F-A868-4505-8D6F-AF68B4627C86}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{932D63EC-38F6-4AE0-9D77-51B8E11419A7}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{8B4BD4CE-9BC1-4122-84CD-E06FC899FDFD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{A97DEDDE-8734-44C5-8468-66F39BBE8CF0}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{F5F33787-D7C4-4739-948D-4CF5489C3196}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{699B12A2-F38A-45F5-90A0-C0D6FA07048C}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{0A946021-97EC-4123-8B35-3F540E4C0B87}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{2532257F-66FE-4A7F-B558-7DEB53E91923}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E847E4B7-F8CA-40EF-BE4E-7178535D8AFF}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{0689DDDF-B42B-4EE1-97E3-C93CB1769EC1}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A6FE3A00-4642-44DB-A8E7-6DC7EDC91103}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{2860814A-C858-435B-93FF-CAEAF06283E5}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{B71182B9-2FF4-4350-A587-12661B101AE2}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{D7323373-425E-4712-9CAF-B9EAAA0BD3BD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{2FC5CCF0-1EBA-4F2E-AEF2-3564E3BE2089}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{8599F9E1-4132-4FCE-9E2A-134AF4221A9F}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{8491AA07-3E7C-4D2C-970F-6DDD8647E6E2}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{680C8538-AB76-4C9D-AA64-88528517232B}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{90022BBC-7821-4A38-8499-7D4720C7F399}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{70314229-B02C-47BC-803D-36EAD79CB19E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{809CF0FE-0CFC-43F4-8B08-DE1EA5404EC2}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{0A4BB1E4-2739-45A6-9B44-7574F239D6FE}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1EE99792-B9F5-4336-B6A4-67CDE297D939}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A731D180-3785-4690-B244-8E072AACA54B}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7890BBC5-C71C-45FC-90CA-F355C715C194}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [{85A541F6-343A-415C-B0CC-41F490595474}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{B3306EE5-DEE6-4CDA-B7FE-EF05D863260D}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{6134967A-DD57-43EE-9C37-B49E9B734E02}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{D7997AEA-89B2-4C2D-8D18-197288A3B3D6}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{A3F2F9DB-7E59-4228-B86B-90275A4CECC1}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{72E3CBF9-EA97-42BF-AEBB-C409E5EAE144}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{53EF9765-8F3F-4CE0-891F-6ABD0BCCF0CA}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{BA877EC9-C8B6-482F-8301-28A60C63338D}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{F4B04EE7-CE5B-43A7-B020-7300ED880910}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [{4CD296B7-581C-4259-BACC-6CD4A284EF77}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [TCP Query User{50C74FB9-13D1-4C0F-B363-2C3454C39C2F}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [UDP Query User{4E57BD46-5D4B-4445-BEAE-89D68AF55E29}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [{DE1E98E7-D7D7-4D9A-B4D2-13432A2B5137}] => (Allow) G:\MHO_Setup_1.0.10.281.exe
FirewallRules: [{AA64C9C3-345B-45A6-B70C-0160C707B77D}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{67205B16-3A61-4047-AD66-C2BCE10F7EBC}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{DB59E90A-56E4-420D-9F34-A77FFD35A498}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{FC74637D-B211-4EFB-AEE3-CACE48FDDBDC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9640D995-3E8B-4B47-B24E-D1DF382E7A36}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{CEDE9F51-5B8F-4CCD-B830-73E73E7F7A8E}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{40741CA0-A58F-4341-AD44-A15FEC3B0B70}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{3A379FC4-8321-492C-AB7E-F9C97A82FA62}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [TCP Query User{01336705-8EAD-4B36-BF65-D9C44FA9FEBC}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{3B9A6431-CFC2-4DC3-A89B-53215014C478}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{B1FE646A-C2FB-45D2-A8E9-CB422DB1CCAC}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{91C7C2FF-6B69-4EE3-84A5-D879D600722F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{CCCB8CA6-598C-4530-947B-AAB3BDF7AAE3}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{29501E58-6243-482A-991A-4846F989EE04}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{B72F9913-9157-41F6-86AA-209D85553F52}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{AD359F3F-BDBE-4180-A8BD-DD70B3A26389}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{1B669228-ECC6-4BD2-8A6F-5F16E4BB126A}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{F5F2B9C2-95EF-439B-9CF3-52C59EC8258F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [TCP Query User{4EE97130-FC57-4E76-AC59-99C458FA3C80}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{5B808CD5-68F6-496E-B030-D5313FC11F38}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{9E7CC219-9CB1-4CD5-9335-EBE8533250B9}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{239FFC90-287E-495D-AB59-7FC23145B069}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [{58497E58-8543-4AF6-BF1A-C796522D7DA6}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{47E63243-0844-48FE-9178-FAC61F31B063}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{C30F45C8-7A7E-43BA-9AAA-5A0A299DA24C}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E2717E1C-8DA8-449D-A315-2559FA37A472}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{01F09A5D-56CE-4C06-B469-C085C6012A5F}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{80F297EA-BC13-4FB9-8DDF-2A331DAFCC40}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{61721D0C-C71A-426C-B802-0B547DC1B72F}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{43ACBCD6-DF48-4705-9F58-0FFE049BB002}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{F8CE015C-4705-49BB-9DAF-76AAF36EF185}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{395F18A2-BD53-4597-8E8F-3E6B097674BF}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{9CEF9ED1-1338-4485-8D6D-1179EC70FDA3}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B81A4465-DE02-478B-B2D9-E4AB64D227FA}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{C5FEAB5F-ED17-42C6-93BF-7AB26DB81BA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72E2569E-16E8-4425-88AC-00603841CFFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{45330A66-5327-4487-8F80-32299908671A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C099841-F916-4F42-9021-A854C1357C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9220A0FA-B81F-4D45-AC6A-044F0B6CF166}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3C4E80F4-A092-4CB6-B540-A86C8952ABEF}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B710C0C4-08D9-4145-BE07-866286CB2C00}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{5F375B40-602F-416C-BAA3-3EF955EBE04A}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [{33153EA4-8120-4115-92CE-6BF18BA639F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2B9A0DD5-F582-4889-9535-849B35C83F43}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{17839E54-88C3-47D1-A7A0-01D3012CED39}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{72A80336-7300-4FDE-A344-9853CE2CCB18}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4D705E32-6B9B-47B0-9186-E328FEC23B20}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{98ED55A4-A4DA-4C4F-9BEF-37A596F6AFD4}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0AAF8FD3-D5E6-47BD-AE05-B74BAB84B9F1}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{4677494E-ED85-4AA0-A66D-902FBE60FB4A}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E4C68492-42B1-4604-915F-21EAAD919D23}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{CFA6BAC5-80B5-47DE-BF2D-209F657C615E}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{788EBD02-A83A-489C-9813-CF080BEFB30F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{0B5233E7-8472-4AC6-8565-AD80C46D3885}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{401DF6F8-8DC1-4ACB-8AD5-ABCD9EC01CAB}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{DE649370-1ED2-4595-BCD2-B0A032E1640E}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4805A180-E9B2-49F8-AA75-0D4C081DFB89}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DAE0D35D-7DB3-41D4-9723-ED957BB53903}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9F098143-7E37-4D90-973B-602A203A55A0}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{0B5BB3F9-0A5A-4288-82B7-2353A6C24341}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4F1A7742-DF00-4870-B9B5-C7E64624FE46}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{51BC0EDE-9905-4195-84C8-BF8939908167}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C15FC5C7-99CF-4E5A-81C4-5A877BDBEE9D}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{601CBF0E-78FD-4E8C-8772-947FB93CC163}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{4F1CDB89-3C49-433D-86B1-2D5CC565EF99}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{36D44B57-18D0-4CCB-857D-EAD0612ED622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A61ED98D-9440-405A-ADB5-1EAEF2939046}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6D69BDBC-C579-450C-959A-516BBF68A966}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EDF74F32-C9FB-41CB-8C78-D08F9A57FDC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F1406EE3-FB4E-40B4-BB3C-791F4B8E61EA}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5A8C7D3-2EF3-40DF-B166-6F8856341311}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{039CC2A6-8753-4013-81A2-192A59E09349}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{76A2E5F8-8DE7-403B-943C-444F76A881A3}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8D0D9326-C7CC-49CA-B92A-2066BC8FB3B4}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{05B77BB7-1039-449D-8CF0-2FE18A7D3B2B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AAD8536A-C438-4191-8919-10DAB48B0B5B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35C23D4C-B2E7-4FEE-B85D-A3F57B11B1D2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{794435CE-BA25-4692-9EF8-FEE00FC5ABC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{06BD6921-70BE-4F1F-9A4F-FC21D6F2519F}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{838F76D9-1920-427F-94F4-5628B0920463}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{8B533F19-34FF-4DCC-8EB9-45195214C599}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8FA91647-E1BB-4C0A-8020-07B890998ED0}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4D3DDB90-2F38-49FA-A655-293BAACD5A1F}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{DBCE5122-0967-41F0-983B-1BB6E7E6E5B9}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{F285FC3E-1572-4385-AB56-B7D21DE2B1BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB42E26-0AF2-4681-80E8-B3CFA38A5EB1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B6E957B7-7F7D-4B16-8C4F-95446738EDEF}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [UDP Query User{854267C1-E051-42CD-8387-E8599E49DFED}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [{A5656CAA-E9E5-4CC3-8A79-9724545EB2FE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1E2617A2-D5F6-4502-AEE9-D480E007CA65}] => (Allow) C:\Users\Primitive\AppData\Local\ddnowyes.exe
FirewallRules: [{E9588507-2313-4762-A50D-4A9BC832F19B}] => (Allow) C:\Users\Primitive\AppData\Local\15150554.exe
FirewallRules: [{1164D2F8-5ADE-4E91-AE40-363A1857F0D2}] => (Allow) C:\Users\Primitive\AppData\Local\tinstall.exe
FirewallRules: [{3A395A1F-936B-4FF0-8710-ACE9917AC481}] => (Allow) C:\Users\Primitive\AppData\Local\sc76258249.exe
FirewallRules: [{18A66A25-E1E5-4171-B75F-2549447C195D}] => (Allow) C:\Users\Primitive\AppData\Local\ddnow.exe
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => (Allow) C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => (Allow) C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => (Allow) C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => (Allow) C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => (Allow) C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => (Allow) C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => (Allow) C:\WINDOWS\cutler.exe
FirewallRules: [{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83}] => (Allow) C:\Users\Primitive\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{24C5640D-65EF-4A6C-B98C-25D98020B0BA}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [{CDB59CAC-6EA0-44E9-B9C5-79DEF750C615}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [TCP Query User{257134CB-FB7F-4A5F-B70E-615278E2F341}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [UDP Query User{B9B4FABC-C0C7-4271-873D-AAB2E8375D52}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [{94165F0E-E46B-4FAD-819B-F80DD84B6B2E}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\MHO_Setup_2.0.11.371.exe
FirewallRules: [TCP Query User{54C272DB-35D3-4B75-8531-03FA9660D41F}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{3E26C92C-C10E-4022-8C7B-2B853009E665}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [TCP Query User{74A20A0A-A3A0-4E05-A6A1-3E19C20C810F}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{6BAC593A-0CCB-4133-87FE-87FF5647C786}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{1CDB3F0C-5413-44ED-A81C-275A4F02EB44}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{6A10EFAA-6B24-4BA9-91F8-D2C1EB57E198}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{9F0E65CA-13E0-41A0-A772-D6BAD6AC2008}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{8DFF6AEE-9F5E-4982-B96F-6855C931C2AB}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{50AC1C5E-C9B2-4D1D-8157-85CFE9721CB0}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{B5DAAF87-D3EC-484D-AF79-C975877DB8CE}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{BE36E881-D2F3-4BDA-873B-D5E344EC19C8}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{684762C8-09C7-4D20-9CB2-0AB204FCB721}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{75E28886-DB3E-42BD-AEF6-4AFC51A2893F}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{73C8C34B-996A-42BB-9E0A-83CBC1746732}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D8DA5CEC-1D66-42C7-8B78-73163972EB98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9C0CA1A0-16C0-465B-B993-B151C7891A50}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{40E2A678-1545-4C46-A612-8AAF7EC23DD1}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [TCP Query User{9739C598-80F5-4741-8A01-E3E405A3F46B}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0C3A87F1-55D8-4C31-8311-9F6E02BE9576}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{D6A13C37-397B-43B1-B4C3-1811650C09DD}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{AF66AF0B-6362-47C7-830E-FE6962B43302}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{263AD6B1-E37B-455B-A44C-CD7DCE21974E}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{9240B2EF-2D8E-4E3E-A98B-97128E127B4D}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{8D538934-A429-4E32-A470-6ADBCED3F4AB}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{0587789B-43B1-4355-96D1-2C34AA798207}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{84627E43-4C3B-4134-989E-FFFF1949E403}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{E0BAB900-2391-4176-8E6D-DB728B375794}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{8B626F06-40B1-4CA8-A7C7-02D7E6864E0F}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A639E62A-CD46-415C-87FC-E23CA40FDFDD}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{76ED4AFF-6B43-4B40-B678-3D88F6A60052}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{952AD197-BB15-4421-B7BC-ADCAE8CE8DB7}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{879C7199-73F5-4DBD-934C-DE69807A919B}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{646BE1CC-964E-4EC4-87E5-D2F5DCAF1D5B}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8C423CA3-1393-4A11-816E-F8A0FD6FA15D}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B85EE0DE-7034-44D2-9D29-2E4F1CDC4852}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe

==================== Restore Points =========================

06-03-2017 21:24:49 Installed Zoo Tycoon 2 - Ultimate Collection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2017 09:23:32 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 08:51:36 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 08:21:47 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 08:07:05 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 06:59:22 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 06:53:58 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 06:53:57 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 06:53:56 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 06:49:15 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 06:40:54 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.


System errors:
=============
Error: (03/27/2017 09:22:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 08:52:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 08:52:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 08:52:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 08:22:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 08:22:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 08:21:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 07:52:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 07:52:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2017 07:22:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-03-24 20:04:45.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-02 23:02:35.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-19 19:02:26.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-11 23:42:31.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 20:20:45.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-09 21:55:28.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 21:07:40.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 14:23:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 18:59:40.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-16 18:20:33.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 73%
Total physical RAM: 8143.07 MB
Available physical RAM: 2163.11 MB
Total Virtual: 14799.07 MB
Available Virtual: 2778.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.01 GB) (Free:12.31 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:931.39 GB) (Free:365.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E8FD8D51)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
You do not have the required permissions to view the files attached to this post.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top
Advertisement
Register to Remove

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » March 29th, 2017, 11:27 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello JustTheEngineer,

Welcome back to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2686
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 29th, 2017, 4:22 pm

Hi mAL, unfortunately the issue seems to have gotten worse since the last time. :( Don't recall doing anything to spark this, just used my computer regularly, no installations or anything. Now, my Google Chrome (and all other browsers on the computer) have proxy error messages and it is not possible me to use the browser at all. Don't know if this helps but, other wifi-based apps seem to be working like Spotify and Steam (albeit Steam is giving me error messages) but Discord seems to be forever initializing. I can't use the internet on that computer so at the moment I'm using a different computer in my household to transfer files to and from the infected computer. I'm hoping this won't interfere too much with the treatment you had planned.

I also redid my FRST and Addition logs just in case. Here's what I got:

FRST.txt


LastRegBack: 2017-01-09 20:00

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (29-03-2017 16:01:07)
Running from C:\Users\Primitive\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 05:06:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233390903-2661952563-451428824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-233390903-2661952563-451428824-503 - Limited - Disabled)
Guest (S-1-5-21-233390903-2661952563-451428824-501 - Limited - Disabled)
Primitive (S-1-5-21-233390903-2661952563-451428824-1001 - Administrator - Enabled) => C:\Users\Primitive

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
BitTorrent (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\BitTorrent) (Version: 7.9.9.43389 - BitTorrent Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Cloud Penguin (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Cloud Penguin) (Version: 2.0.6210.36208 - Cloud Penguin) <==== ATTENTION
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Depth (HKLM\...\Steam App 274940) (Version: - Digital Confectioners)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Discord (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Git version 2.11.1 (HKLM\...\Git_is1) (Version: 2.11.1 - The Git Development Community)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7870.2024 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monster Hunter Online (HKLM-x32\...\Monster Hunter Online) (Version: - Tencent)
Natural Selection 2 (HKLM\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version: - Uber Entertainment)
Python 3.5.1 (64-bit) (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
ROBLOX Player for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)
Super Hexagon (HKLM\...\Steam App 221640) (Version: - Terry Cavanagh)
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {0C557DF1-E92D-458A-8E6F-6C3D1D24242A} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {0CC8C3D9-71F8-4D15-97D6-38645131BAB9} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {0D2AD9B3-ADDB-40A5-A136-3E0102ADBF82} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {10661CA9-C443-4EB0-91B3-4676DC558427} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {236D5E93-AC70-40C8-8507-71ED54E82425} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {36FC4F2D-2FC1-4C0F-9F44-41B280A32779} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {3F2DCA07-5247-4396-A732-55CFACB24016} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {3F39F139-E558-49F2-94D9-5443E998C7DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {45A64C74-3F8C-42EE-8DEB-DF1A83FCCD4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {4752A296-189E-4FD5-A55B-16D29353EEF8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-02-04] ()
Task: {4B25888B-8985-4F3F-B91E-496D45D90F69} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {54E033B2-E527-4D00-B522-6E3845CDF2E1} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {5A63E6F8-C360-4ED1-AC63-7167C03D1785} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {5DBF077D-34EF-4AC4-ABE9-B051D1CC57E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {66E21683-3ABA-4D5F-B96A-97B64E81E6F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {718654D7-45FE-4114-8169-D671714DB898} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7813514E-C52D-4C08-BCE8-6CFD9B1B3685} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {7EA057AD-62FC-43FD-BE2E-2A8DC9D0A261} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {85148911-6B3A-4DA0-BE2A-EC73B3E91C67} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {8C66C891-8007-46D0-8A70-0F04AFD28BC9} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {95BF1522-875E-4138-B6E6-A36B795D7D25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {97119FF0-B283-4618-9ECE-8ACD504E0A01} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {AE34D356-1919-4106-9136-CD5F218496D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {B481EED0-482D-4E11-B005-299A4747938A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {B5015F98-BD11-457C-AF42-4257BD35FEFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-08] (Microsoft Corporation)
Task: {BF3CD351-0A42-4629-87ED-61FC9961439A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {C62F2AFE-67E3-4033-B157-B302AA4C9F01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {DB3840F1-A2BA-4B6F-9098-D94CACB970FC} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {ED519B11-3B3F-4B0B-9C63-CC6B72B6E04B} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {EE8D7CAE-3277-4C79-84FD-215F3C05BA5F} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {F8691C31-7151-4D63-ABB0-CA44666DB472} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {F926E2CA-0E8B-4955-BF7F-CC1836FDF8E0} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {FC17B985-39D1-41BC-88AA-E56D1701A505} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {FD3CA9F1-D4CB-4460-BF78-0FAC0BF6ED8E} - System32\Tasks\PPI Update => C:\WINDOWS\explorer.exe "hxxp://windowsdefender.site/download/download.php?mn=9996" <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2017-03-26 17:26 - 2017-03-26 17:26 - 00230400 _____ () C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs
2016-10-08 15:14 - 2017-02-23 14:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-24 16:52 - 2017-03-24 16:52 - 00008704 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\dataup.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-07 01:10 - 2017-03-16 19:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-29 15:49 - 2017-03-29 15:49 - 00318976 _____ () C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns3C43.tmp
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 20:11 - 2016-05-19 20:11 - 00959168 _____ () C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 23:27 - 2017-02-25 04:59 - 08921648 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-02-07 03:36 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 19:31 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 18:34 - 2016-10-25 00:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 18:33 - 2016-10-25 00:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 18:34 - 2016-10-25 00:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 18:33 - 2016-10-25 00:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 09:31 - 2017-01-23 09:31 - 01037824 _____ () C:\Users\Primitive\AppData\Roaming\Rainmeter\Plugins\SpotifyPlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00173568 _____ () G:\Rainmeter\Plugins\AudioLevel.DLL
2017-01-01 09:59 - 2017-01-01 09:59 - 00120832 _____ () G:\Rainmeter\Plugins\QuotePlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00093696 _____ () G:\Rainmeter\Plugins\Process.DLL
2016-04-18 16:14 - 2016-04-18 16:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-03-24 16:53 - 2017-03-24 16:53 - 00404992 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 67725936 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libcef.dll
2016-10-08 15:14 - 2017-02-23 14:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 01929840 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libglesv2.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 00087152 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libegl.dll
2016-10-08 15:14 - 2017-02-23 10:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-08 15:14 - 2017-02-23 10:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-04-18 16:14 - 2016-04-18 16:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-03-23 17:25 - 2017-03-09 20:13 - 00674592 _____ () G:\Steam\SDL2.dll
2016-12-20 18:49 - 2016-08-31 21:02 - 04969248 _____ () G:\Steam\v8.dll
2017-03-23 17:25 - 2017-03-22 20:52 - 02465056 _____ () G:\Steam\video.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 02549760 _____ () G:\Steam\libavcodec-56.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00491008 _____ () G:\Steam\libavformat-56.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00332800 _____ () G:\Steam\libavresample-2.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00442880 _____ () G:\Steam\libavutil-54.dll
2016-12-20 18:49 - 2016-01-27 03:49 - 00485888 _____ () G:\Steam\libswscale-3.dll
2016-12-20 18:49 - 2016-08-31 21:02 - 01563936 _____ () G:\Steam\icui18n.dll
2016-12-20 18:49 - 2016-08-31 21:02 - 01195296 _____ () G:\Steam\icuuc.dll
2017-03-28 20:09 - 2017-03-27 20:18 - 00848160 _____ () G:\Steam\bin\chromehtml.DLL
2016-12-20 18:49 - 2016-07-04 18:17 - 00266560 _____ () G:\Steam\openvr_api.dll
2017-03-10 17:32 - 2017-01-30 17:41 - 68875552 _____ () G:\Steam\bin\cef\cef.win7\libcef.dll
2016-12-20 18:49 - 2015-09-24 19:52 - 00119208 _____ () G:\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\google.com -> hxxps://google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-01-12 18:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233390903-2661952563-451428824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primitive\AppData\Roaming\Rainmeter\Layouts\Test\Wallpaper.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{623EAC45-1598-4EEE-BD2F-C554D19FAA58}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{882D562F-D8CF-47F0-91D5-5FF20B26E4D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F32F6EE-7D5A-4F87-890D-C43E6E5B1D6B}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{37B62C7A-6269-448C-B0F0-C5F4DD354D39}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{62D0C5AA-BAC2-46E9-875E-4A481824893A}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{13C2835A-1846-4F6B-8DBB-D5013C3538E6}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E12D0410-C1CD-4A84-9D2B-A549A6FE2C42}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{66C4B93B-2AA9-4B9B-8CBD-B461DFB712E2}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3908B23D-06E8-409A-955B-5EB59B18597B}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{450E2008-E396-433A-A2C2-A8DD4DA0B3CE}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{44F09366-8258-4497-AE39-AAF7A7B95146}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{A0E6F6F2-A76C-4190-A05C-EEC139D4A3A9}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{436E6A5A-63DA-466D-97E6-04584B352F1B}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{AF18843B-D775-4C5B-961C-E4BE8E0D4D85}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C2B76408-6377-4C86-8CA0-23DC44A17D81}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DFDDC1C2-D40E-452E-BA03-AD93719A722A}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{0C7AE528-35AA-4CA9-BEEF-9273410642C4}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [TCP Query User{F94CD4E5-A551-4850-AC31-08A71433FA3E}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{4CCE744F-9643-4D7F-8D50-08A1F5F83204}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{F2230469-9934-4F74-B6BB-F29B3E279064}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{E1999BC2-8EC4-468A-BC7F-0D0176ADE6A1}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{212B39BF-7C90-4A18-A2A0-49AEE8CBB838}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{73721E6F-4821-40A6-92A7-4A410A50DD18}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{0CC94886-5F31-440B-8375-8650C49219BA}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1327FD25-DABA-4F25-8721-6FF3482ABA8E}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{23BC6235-E46E-443A-A509-DBB2C0214867}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7A57483F-0EDC-4AAA-8F16-7E6225D68E64}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [{8BC5D79D-ECCB-4824-9964-F2E73A249C60}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E2B86AF-644D-43C9-9426-2B434A9EC1DA}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [TCP Query User{826E5577-F48E-48C4-B788-4237C7C64054}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [UDP Query User{8EE5BE3A-F201-4B23-92EA-00303D2F81B9}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [TCP Query User{71689633-D477-4FA3-93C7-39DBD8D16D0B}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [UDP Query User{27419A28-CEAF-4934-9067-F9E56798A149}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [TCP Query User{6BB72CFE-E6C9-488E-AFF8-4C42BB966AD3}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B6347567-B904-4E85-8E5E-D12FE7AD6B69}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{0B7EA474-5A25-4B8A-B994-1513540C3243}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2A64718-D7CE-425D-8560-15ABFD84E229}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7736D49B-8E9F-4C87-855D-E2A19BCCB59C}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B00BB64-BBE7-49F4-B690-75EF262E2C5E}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [{F11A6418-583B-4BF4-BBB3-D99BBB3B311F}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F3B40AAB-4713-4A2E-A857-1DD7013ACAAC}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{1A7FB639-11ED-46E5-8932-FA17C6FC5D7E}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{A5C8EBCC-699E-4F6F-BFD8-BF07593D6353}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{2E6C0288-6D7C-4326-AEB4-EAD4FC13974A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38366E24-9DD0-49C6-B75F-B82810C36C0A}] => (Allow) LPort=2869
FirewallRules: [{933CF27E-CDC8-46C2-8C32-54C742A26086}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{554E64E0-949D-48E5-A53D-1F12FD8B9D3E}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E374850A-708E-450A-8CC5-5F768F4CBE08}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [TCP Query User{A034A264-0945-466C-B892-5A5228B0651D}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{C5F98DCB-D2DA-4B11-9343-035AE2F2AB7F}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{1BDF9A2F-CD29-4E5E-A082-C38AF929DAE3}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [UDP Query User{7613A658-F25F-4404-8E58-F5EA70D316C2}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [{8A0F9ABD-4B7B-4B99-BBD7-A0C569DE9D3C}] => (Allow) LPort=3724
FirewallRules: [{2FDD3BE2-9AE2-4E50-87D5-C75A81102691}] => (Allow) LPort=80
FirewallRules: [{64B5E32C-9C1B-46CD-B0C0-AF4960C6BA50}] => (Allow) LPort=3724
FirewallRules: [{0F99289A-A5F7-422C-9402-3B7926840156}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{D062639C-BE7D-4157-9324-71092FA90889}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E0E46D31-D846-433F-93BB-C40904D76206}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6D25C008-C437-4F1F-BDB4-836EB6CD91C7}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{63443DFF-2AB7-43C1-8214-30B975D2C89E}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5570ED2F-A868-4505-8D6F-AF68B4627C86}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{932D63EC-38F6-4AE0-9D77-51B8E11419A7}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{8B4BD4CE-9BC1-4122-84CD-E06FC899FDFD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{A97DEDDE-8734-44C5-8468-66F39BBE8CF0}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{F5F33787-D7C4-4739-948D-4CF5489C3196}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{699B12A2-F38A-45F5-90A0-C0D6FA07048C}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{0A946021-97EC-4123-8B35-3F540E4C0B87}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{2532257F-66FE-4A7F-B558-7DEB53E91923}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E847E4B7-F8CA-40EF-BE4E-7178535D8AFF}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{0689DDDF-B42B-4EE1-97E3-C93CB1769EC1}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A6FE3A00-4642-44DB-A8E7-6DC7EDC91103}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{2860814A-C858-435B-93FF-CAEAF06283E5}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{B71182B9-2FF4-4350-A587-12661B101AE2}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{D7323373-425E-4712-9CAF-B9EAAA0BD3BD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{2FC5CCF0-1EBA-4F2E-AEF2-3564E3BE2089}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{8599F9E1-4132-4FCE-9E2A-134AF4221A9F}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{8491AA07-3E7C-4D2C-970F-6DDD8647E6E2}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{680C8538-AB76-4C9D-AA64-88528517232B}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{90022BBC-7821-4A38-8499-7D4720C7F399}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{70314229-B02C-47BC-803D-36EAD79CB19E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{809CF0FE-0CFC-43F4-8B08-DE1EA5404EC2}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{0A4BB1E4-2739-45A6-9B44-7574F239D6FE}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1EE99792-B9F5-4336-B6A4-67CDE297D939}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A731D180-3785-4690-B244-8E072AACA54B}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7890BBC5-C71C-45FC-90CA-F355C715C194}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [{85A541F6-343A-415C-B0CC-41F490595474}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{B3306EE5-DEE6-4CDA-B7FE-EF05D863260D}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{6134967A-DD57-43EE-9C37-B49E9B734E02}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{D7997AEA-89B2-4C2D-8D18-197288A3B3D6}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{A3F2F9DB-7E59-4228-B86B-90275A4CECC1}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{72E3CBF9-EA97-42BF-AEBB-C409E5EAE144}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{53EF9765-8F3F-4CE0-891F-6ABD0BCCF0CA}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{BA877EC9-C8B6-482F-8301-28A60C63338D}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{F4B04EE7-CE5B-43A7-B020-7300ED880910}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [{4CD296B7-581C-4259-BACC-6CD4A284EF77}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [TCP Query User{50C74FB9-13D1-4C0F-B363-2C3454C39C2F}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [UDP Query User{4E57BD46-5D4B-4445-BEAE-89D68AF55E29}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [{DE1E98E7-D7D7-4D9A-B4D2-13432A2B5137}] => (Allow) G:\MHO_Setup_1.0.10.281.exe
FirewallRules: [{AA64C9C3-345B-45A6-B70C-0160C707B77D}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{67205B16-3A61-4047-AD66-C2BCE10F7EBC}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{DB59E90A-56E4-420D-9F34-A77FFD35A498}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{FC74637D-B211-4EFB-AEE3-CACE48FDDBDC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9640D995-3E8B-4B47-B24E-D1DF382E7A36}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{CEDE9F51-5B8F-4CCD-B830-73E73E7F7A8E}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{40741CA0-A58F-4341-AD44-A15FEC3B0B70}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{3A379FC4-8321-492C-AB7E-F9C97A82FA62}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [TCP Query User{01336705-8EAD-4B36-BF65-D9C44FA9FEBC}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{3B9A6431-CFC2-4DC3-A89B-53215014C478}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{B1FE646A-C2FB-45D2-A8E9-CB422DB1CCAC}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{91C7C2FF-6B69-4EE3-84A5-D879D600722F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{CCCB8CA6-598C-4530-947B-AAB3BDF7AAE3}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{29501E58-6243-482A-991A-4846F989EE04}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{B72F9913-9157-41F6-86AA-209D85553F52}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{AD359F3F-BDBE-4180-A8BD-DD70B3A26389}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{1B669228-ECC6-4BD2-8A6F-5F16E4BB126A}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{F5F2B9C2-95EF-439B-9CF3-52C59EC8258F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [TCP Query User{4EE97130-FC57-4E76-AC59-99C458FA3C80}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{5B808CD5-68F6-496E-B030-D5313FC11F38}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{9E7CC219-9CB1-4CD5-9335-EBE8533250B9}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{239FFC90-287E-495D-AB59-7FC23145B069}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [{58497E58-8543-4AF6-BF1A-C796522D7DA6}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{47E63243-0844-48FE-9178-FAC61F31B063}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{C30F45C8-7A7E-43BA-9AAA-5A0A299DA24C}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E2717E1C-8DA8-449D-A315-2559FA37A472}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{01F09A5D-56CE-4C06-B469-C085C6012A5F}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{80F297EA-BC13-4FB9-8DDF-2A331DAFCC40}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{61721D0C-C71A-426C-B802-0B547DC1B72F}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{43ACBCD6-DF48-4705-9F58-0FFE049BB002}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{F8CE015C-4705-49BB-9DAF-76AAF36EF185}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{395F18A2-BD53-4597-8E8F-3E6B097674BF}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{9CEF9ED1-1338-4485-8D6D-1179EC70FDA3}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B81A4465-DE02-478B-B2D9-E4AB64D227FA}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{C5FEAB5F-ED17-42C6-93BF-7AB26DB81BA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72E2569E-16E8-4425-88AC-00603841CFFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{45330A66-5327-4487-8F80-32299908671A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C099841-F916-4F42-9021-A854C1357C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9220A0FA-B81F-4D45-AC6A-044F0B6CF166}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3C4E80F4-A092-4CB6-B540-A86C8952ABEF}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B710C0C4-08D9-4145-BE07-866286CB2C00}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{5F375B40-602F-416C-BAA3-3EF955EBE04A}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [{33153EA4-8120-4115-92CE-6BF18BA639F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2B9A0DD5-F582-4889-9535-849B35C83F43}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{17839E54-88C3-47D1-A7A0-01D3012CED39}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{72A80336-7300-4FDE-A344-9853CE2CCB18}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4D705E32-6B9B-47B0-9186-E328FEC23B20}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{98ED55A4-A4DA-4C4F-9BEF-37A596F6AFD4}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0AAF8FD3-D5E6-47BD-AE05-B74BAB84B9F1}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{4677494E-ED85-4AA0-A66D-902FBE60FB4A}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E4C68492-42B1-4604-915F-21EAAD919D23}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{CFA6BAC5-80B5-47DE-BF2D-209F657C615E}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{788EBD02-A83A-489C-9813-CF080BEFB30F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{0B5233E7-8472-4AC6-8565-AD80C46D3885}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{401DF6F8-8DC1-4ACB-8AD5-ABCD9EC01CAB}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{DE649370-1ED2-4595-BCD2-B0A032E1640E}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4805A180-E9B2-49F8-AA75-0D4C081DFB89}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DAE0D35D-7DB3-41D4-9723-ED957BB53903}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9F098143-7E37-4D90-973B-602A203A55A0}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{0B5BB3F9-0A5A-4288-82B7-2353A6C24341}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4F1A7742-DF00-4870-B9B5-C7E64624FE46}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{51BC0EDE-9905-4195-84C8-BF8939908167}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C15FC5C7-99CF-4E5A-81C4-5A877BDBEE9D}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{601CBF0E-78FD-4E8C-8772-947FB93CC163}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{4F1CDB89-3C49-433D-86B1-2D5CC565EF99}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{36D44B57-18D0-4CCB-857D-EAD0612ED622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A61ED98D-9440-405A-ADB5-1EAEF2939046}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6D69BDBC-C579-450C-959A-516BBF68A966}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EDF74F32-C9FB-41CB-8C78-D08F9A57FDC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F1406EE3-FB4E-40B4-BB3C-791F4B8E61EA}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5A8C7D3-2EF3-40DF-B166-6F8856341311}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{039CC2A6-8753-4013-81A2-192A59E09349}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{76A2E5F8-8DE7-403B-943C-444F76A881A3}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8D0D9326-C7CC-49CA-B92A-2066BC8FB3B4}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{05B77BB7-1039-449D-8CF0-2FE18A7D3B2B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AAD8536A-C438-4191-8919-10DAB48B0B5B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35C23D4C-B2E7-4FEE-B85D-A3F57B11B1D2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{794435CE-BA25-4692-9EF8-FEE00FC5ABC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{06BD6921-70BE-4F1F-9A4F-FC21D6F2519F}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{838F76D9-1920-427F-94F4-5628B0920463}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{8B533F19-34FF-4DCC-8EB9-45195214C599}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8FA91647-E1BB-4C0A-8020-07B890998ED0}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4D3DDB90-2F38-49FA-A655-293BAACD5A1F}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{DBCE5122-0967-41F0-983B-1BB6E7E6E5B9}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{F285FC3E-1572-4385-AB56-B7D21DE2B1BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB42E26-0AF2-4681-80E8-B3CFA38A5EB1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B6E957B7-7F7D-4B16-8C4F-95446738EDEF}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [UDP Query User{854267C1-E051-42CD-8387-E8599E49DFED}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [{A5656CAA-E9E5-4CC3-8A79-9724545EB2FE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1E2617A2-D5F6-4502-AEE9-D480E007CA65}] => (Allow) C:\Users\Primitive\AppData\Local\ddnowyes.exe
FirewallRules: [{E9588507-2313-4762-A50D-4A9BC832F19B}] => (Allow) C:\Users\Primitive\AppData\Local\15150554.exe
FirewallRules: [{1164D2F8-5ADE-4E91-AE40-363A1857F0D2}] => (Allow) C:\Users\Primitive\AppData\Local\tinstall.exe
FirewallRules: [{3A395A1F-936B-4FF0-8710-ACE9917AC481}] => (Allow) C:\Users\Primitive\AppData\Local\sc76258249.exe
FirewallRules: [{18A66A25-E1E5-4171-B75F-2549447C195D}] => (Allow) C:\Users\Primitive\AppData\Local\ddnow.exe
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => (Allow) C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => (Allow) C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => (Allow) C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => (Allow) C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => (Allow) C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => (Allow) C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => (Allow) C:\WINDOWS\cutler.exe
FirewallRules: [{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83}] => (Allow) C:\Users\Primitive\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{24C5640D-65EF-4A6C-B98C-25D98020B0BA}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [{CDB59CAC-6EA0-44E9-B9C5-79DEF750C615}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [TCP Query User{257134CB-FB7F-4A5F-B70E-615278E2F341}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [UDP Query User{B9B4FABC-C0C7-4271-873D-AAB2E8375D52}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [{94165F0E-E46B-4FAD-819B-F80DD84B6B2E}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\MHO_Setup_2.0.11.371.exe
FirewallRules: [TCP Query User{54C272DB-35D3-4B75-8531-03FA9660D41F}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{3E26C92C-C10E-4022-8C7B-2B853009E665}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [TCP Query User{74A20A0A-A3A0-4E05-A6A1-3E19C20C810F}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{6BAC593A-0CCB-4133-87FE-87FF5647C786}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{1CDB3F0C-5413-44ED-A81C-275A4F02EB44}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{6A10EFAA-6B24-4BA9-91F8-D2C1EB57E198}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{9F0E65CA-13E0-41A0-A772-D6BAD6AC2008}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{8DFF6AEE-9F5E-4982-B96F-6855C931C2AB}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{50AC1C5E-C9B2-4D1D-8157-85CFE9721CB0}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{B5DAAF87-D3EC-484D-AF79-C975877DB8CE}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{BE36E881-D2F3-4BDA-873B-D5E344EC19C8}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{684762C8-09C7-4D20-9CB2-0AB204FCB721}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{75E28886-DB3E-42BD-AEF6-4AFC51A2893F}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{73C8C34B-996A-42BB-9E0A-83CBC1746732}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D8DA5CEC-1D66-42C7-8B78-73163972EB98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9C0CA1A0-16C0-465B-B993-B151C7891A50}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{40E2A678-1545-4C46-A612-8AAF7EC23DD1}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [TCP Query User{9739C598-80F5-4741-8A01-E3E405A3F46B}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0C3A87F1-55D8-4C31-8311-9F6E02BE9576}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{D6A13C37-397B-43B1-B4C3-1811650C09DD}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{AF66AF0B-6362-47C7-830E-FE6962B43302}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{263AD6B1-E37B-455B-A44C-CD7DCE21974E}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{9240B2EF-2D8E-4E3E-A98B-97128E127B4D}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{8D538934-A429-4E32-A470-6ADBCED3F4AB}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{0587789B-43B1-4355-96D1-2C34AA798207}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{84627E43-4C3B-4134-989E-FFFF1949E403}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{E0BAB900-2391-4176-8E6D-DB728B375794}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{8B626F06-40B1-4CA8-A7C7-02D7E6864E0F}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A639E62A-CD46-415C-87FC-E23CA40FDFDD}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{76ED4AFF-6B43-4B40-B678-3D88F6A60052}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{952AD197-BB15-4421-B7BC-ADCAE8CE8DB7}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{879C7199-73F5-4DBD-934C-DE69807A919B}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{646BE1CC-964E-4EC4-87E5-D2F5DCAF1D5B}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8C423CA3-1393-4A11-816E-F8A0FD6FA15D}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B85EE0DE-7034-44D2-9D29-2E4F1CDC4852}] => (Allow) C:\Users\Primitive\AppData\Roaming\BitTorrent\BitTorrent.exe

==================== Restore Points =========================

06-03-2017 21:24:49 Installed Zoo Tycoon 2 - Ultimate Collection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2017 08:14:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/28/2017 08:12:54 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/28/2017 08:11:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/28/2017 08:09:49 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/28/2017 08:09:30 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/28/2017 07:16:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent

Error: (03/28/2017 12:03:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANY)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/27/2017 11:47:45 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 10:32:18 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/27/2017 09:45:05 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.


System errors:
=============
Error: (03/28/2017 08:17:29 PM) (Source: DCOM) (EventID: 10010) (User: RANY)
Description: The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.

Error: (03/28/2017 08:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_88b70 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/28/2017 08:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_88b70 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/28/2017 08:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_88b70 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/28/2017 08:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_88b70 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/28/2017 08:14:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The srcsrv service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/28/2017 08:13:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Dataup Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/28/2017 08:11:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2017 08:11:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/28/2017 08:10:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-03-24 20:04:45.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-02 23:02:35.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-19 19:02:26.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-11 23:42:31.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 20:20:45.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-09 21:55:28.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 21:07:40.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 14:23:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 18:59:40.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-16 18:20:33.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 35%
Total physical RAM: 8143.07 MB
Available physical RAM: 5287.37 MB
Total Virtual: 14799.07 MB
Available Virtual: 11946.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.01 GB) (Free:12.35 GB) NTFS
Drive f: (ESD-USB) (Removable) (Total:31.99 GB) (Free:23.96 GB) FAT32
Drive g: (New Volume) (Fixed) (Total:931.39 GB) (Free:365.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E8FD8D51)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » March 29th, 2017, 4:54 pm

Hello JustTheEngineer,

JustTheEngineer wrote:Hi mAL, unfortunately the issue seems to have gotten worse since the last time. :( Don't recall doing anything to spark this, just used my computer regularly, no installations or anything

Your computer was hit by a nasty piece of adware that can cause serious damage, since it exhibits Rootkit-like behaviour. My advice would be to limit your use of this computer until we get it up and running again.

Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)

Since you already have Tweaking Registry Backup installed on your computer, please do the following..
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Please do the following..

  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
    • BitTorrent
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.

Next..

  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.



-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problems while following my instructions?
  • CKFiles.txt
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2686
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 29th, 2017, 6:04 pm

No problems at all. Here's what the CKFiles.txt scan says:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\windows\autokms\autokms.exe
scanner sequence 3.AP.11.SLCHU0
----- EOF -----
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » March 29th, 2017, 7:11 pm

Hello JustTheEngineer,

2017-03-26 21:10 - 2017-03-26 21:11 - 07301732 _____ C:\Users\Primitive\Downloads\Microsoft Toolkit Final pass 123456.rar
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe

Task: {4752A296-189E-4FD5-A55B-16D29353EEF8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2017-02-04] ()

The lines quoted above indicate Cracked/illegal software!! As per forum policy I will not be able to provide you help until you've removed any and all of the following from your computer:

  • Illegal software
  • Cracked software
  • illegal software key generators


Once this is done, I would like to see a fresh set of FRST logs..


  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2686
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 29th, 2017, 7:37 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Primitive (administrator) on RANY (29-03-2017 19:33:02)
Running from C:\Users\Primitive\Desktop
Loaded Profiles: Primitive (Available Profiles: Primitive)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\dataup.exe
() C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Hi-Rez Studios) G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns3C43.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Users\Primitive\AppData\Local\microlabs\ct.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IvoSoft) G:\Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Tools\tqos_reporter.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Spotify Ltd) C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe
(Rainmeter) G:\Rainmeter\Rainmeter.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Spotify Ltd) C:\Users\Primitive\Downloads\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => G:\Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [rainey] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => G:\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [uplifting] => "C:\Program Files (x86)\Hits\omagh.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Steam] => G:\Steam\steam.exe [3019552 2017-03-22] (Valve Corporation)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Discord] => C:\Users\Primitive\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [TQOS_REPORT] => g:\non-steam games\monster hunter online\monster hunter online\bin\client\tools\tqos_reporter.exe [440832 2015-10-27] ()
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weyman] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [weymanweyman] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiac] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [cardiaccardiac] => "C:\Program Files (x86)\Defects\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [maternal] => "C:\Program Files (x86)\operant\maternal.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [pacifying] => "C:\Program Files (x86)\neuharth\pacifying.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [mcnab] => "C:\Program Files (x86)\Hits\omagh.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [deleon] => "C:\Program Files (x86)\acidosis\popularity.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [accusation] => "C:\Program Files (x86)\operant\hoosiers.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [hits] => "C:\Program Files (x86)\Ralph\demurrage.exe"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify] => C:\Users\Primitive\AppData\Roaming\Spotify\Spotify.exe [7089776 2017-03-23] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Chromium] => c:\users\primitive\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs" <===== ATTENTION
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Run: [Spotify Web Helper] => C:\Users\Primitive\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-23] (Spotify Ltd)
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [Uninstall C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs" <===== ATTENTION
HKU\S-1-5-18\...\Run: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs" <===== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [WinResSync] => C:\WINDOWS\system32\regsvr32.exe /s "C:\Users\Primitive\AppData\Roaming\Microsoft\Protect\67e0fec3-69b4-47c8-8d70-2605c1561f4c.rs" <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\havilland.lnk [2017-01-09]
ShortcutTarget: havilland.lnk -> C:\Program Files (x86)\acidosis\popularity.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\orgasmic.lnk [2017-01-09]
ShortcutTarget: orgasmic.lnk -> C:\Program Files (x86)\Hits\omagh.exe (No File)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-01-23]
ShortcutTarget: Rainmeter.lnk -> G:\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpotifyWebHelper.exe - Shortcut.lnk [2017-01-25]
ShortcutTarget: SpotifyWebHelper.exe - Shortcut.lnk -> C:\Users\Primitive\Downloads\SpotifyWebHelper.exe (Spotify Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-233390903-2661952563-451428824-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-233390903-2661952563-451428824-1001] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7eb64d0a-f41c-4682-a71c-66653c8069d9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{83fe7494-0511-4654-8018-3bf915ca7f93}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{a7427483-624e-4d4c-9009-612f371d9f4c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{c88be9c3-cd57-11e5-a678-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{da1f936d-0f02-458a-b213-8a6f50e16559}: [DhcpNameServer] 192.168.29.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-233390903-2661952563-451428824-1001 -> {BDDDE980-C83F-4A8C-84E1-4F78EEF45929} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> G:\Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - G:\Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)

FireFox:
========
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2017-02-26] (Unity Technologies ApS)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-233390903-2661952563-451428824-1001: SkypePlugin64 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)

Chrome:
=======
CHR DefaultSearchURL: Default -> file://C:\\Users\\Primitive\\AppData\\Local\\Temp\\C82F.html?bn=gch&ch_id=NOCHPC&g=3b4f51ef-73de-4277-a2f6-3e687129283e&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com
CHR Profile: C:\Users\Primitive\AppData\Local\Google\Chrome\User Data\Default [2017-03-29]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
R2 Dataup; C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-03-11] (EasyAntiCheat Ltd)
U2 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; G:\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 realtek_amd64; C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe [8704 2017-03-24] () [File not signed] <==== ATTENTION
R2 servervo; C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns3C43.tmp [318976 2017-03-29] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Primitive\AppData\Local\microlabs\ct.exe [852480 2017-03-26] (Google Inc.) [File not signed] <==== ATTENTION
R2 gemeloki; C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [76576 2017-03-26] () [File not signed] <==== ATTENTION
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-09-24] (Echobit, LLC)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2017-01-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251840 2017-03-28] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Apple Inc.) [File not signed]
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2196480 2015-10-30] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
S3 TesMon; C:\WINDOWS\system32\TesMon.sys [71976 2016-09-18] (Tencent)
S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [1007928 2017-01-18] (TENCENT)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S1 lmimirr; \SystemRoot\system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 19:33 - 2017-03-29 19:33 - 00021963 _____ C:\Users\Primitive\Desktop\FRST.txt
2017-03-29 18:20 - 2017-03-29 18:20 - 00516096 _____ C:\WINDOWS\SysWOW64\SurfShield.exe
2017-03-29 18:20 - 2017-03-29 18:20 - 00011568 _____ C:\Users\Primitive\AppData\Roaming\InstallationConfiguration.xml
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Screenshot Pro
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Interstatnogui
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Se Browser Enhancer
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files\2a3f425bfffb88bb1aaf86a4ef800345
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files (x86)\ScreenshotPro
2017-03-29 18:20 - 2017-03-29 18:20 - 00000000 ____D C:\Program Files (x86)\ParentalControl
2017-03-29 18:03 - 2017-03-29 18:03 - 00000159 _____ C:\Users\Primitive\Desktop\ckfiles.txt
2017-03-29 18:02 - 2017-03-29 17:50 - 00468480 _____ () C:\Users\Primitive\Desktop\CKScanner.exe
2017-03-29 17:47 - 2017-03-29 17:47 - 00000000 ____D C:\RegBackup
2017-03-29 16:01 - 2017-03-29 16:01 - 00083371 _____ C:\Users\Primitive\Desktop\2 (1).txt
2017-03-29 16:01 - 2017-03-29 16:01 - 00000100 _____ C:\Users\Primitive\Desktop\2 (2).txt
2017-03-28 20:14 - 2017-03-29 17:57 - 00000000 ____D C:\Users\Primitive\AppData\Local\llssoft
2017-03-27 21:36 - 2017-03-27 21:37 - 00086726 _____ C:\Users\Primitive\Desktop\1 (2).txt
2017-03-27 21:35 - 2017-03-29 19:33 - 00000000 ____D C:\FRST
2017-03-27 21:35 - 2017-03-29 16:01 - 00045799 _____ C:\Users\Primitive\Desktop\1 (1).txt
2017-03-27 21:29 - 2017-03-27 21:34 - 02424832 _____ (Farbar) C:\Users\Primitive\Desktop\FRST64.exe
2017-03-26 21:16 - 2017-03-28 20:14 - 00000000 ____D C:\Users\Primitive\AppData\Local\ntuserlitelist
2017-03-26 21:16 - 2017-03-26 21:46 - 00000000 ____D C:\Program Files (x86)\s5
2017-03-26 21:16 - 2017-03-26 21:18 - 00000398 _____ C:\WINDOWS\Tasks\Online Application Updater.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000384 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000352 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Online Application v2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000342 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-03-26 21:16 - 2017-03-26 21:18 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-03-26 21:16 - 2017-03-26 21:16 - 00833024 ____N C:\WINDOWS\system32\tprdpw32.exe
2017-03-26 21:16 - 2017-03-26 21:16 - 00076576 ____N C:\WINDOWS\system32\Drivers\ndistpr64.sys
2017-03-26 21:16 - 2017-03-26 21:16 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
2017-03-26 21:16 - 2017-03-26 21:16 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
2017-03-26 21:16 - 2017-03-26 21:16 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-03-26 21:16 - 2017-03-26 21:16 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application
2017-03-26 21:16 - 2017-03-26 21:16 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-03-26 21:16 - 2017-03-26 21:16 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-03-26 21:16 - 2017-03-26 21:16 - 00003292 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
2017-03-26 21:16 - 2017-03-26 21:16 - 00003272 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-03-26 21:16 - 2017-03-26 21:16 - 00003258 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
2017-03-26 21:16 - 2017-03-26 21:16 - 00003252 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
2017-03-26 21:16 - 2017-03-26 21:16 - 00003244 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
2017-03-26 21:16 - 2017-03-26 21:16 - 00003240 _____ C:\WINDOWS\System32\Tasks\Online Application v209
2017-03-26 21:16 - 2017-03-26 21:16 - 00003238 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003234 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00003226 _____ C:\WINDOWS\System32\Tasks\Online Application v2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-03-26 21:16 - 2017-03-26 21:16 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microleaves
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\c
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\AGData
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Local\microlabs
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\AppData\Local\AnonymizerLauncher
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\.proxycheck
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Primitive\.AnonymizerLauncher
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\ProgramData\1490577405
2017-03-26 21:16 - 2017-03-26 21:16 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-03-26 21:15 - 2017-03-26 21:46 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-03-26 21:14 - 2017-03-26 21:14 - 00000000 ____D C:\WINDOWS\src_srv
2017-03-26 17:25 - 2017-03-26 17:25 - 00000000 ____D C:\Users\Primitive\AppData\Local\AppTrailers
2017-03-26 17:24 - 2017-03-29 17:49 - 00000000 ____D C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447
2017-03-26 17:24 - 2017-03-26 21:13 - 00003612 _____ C:\WINDOWS\System32\Tasks\PPI Update
2017-03-26 17:24 - 2017-03-26 17:24 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Note-UP
2017-03-26 17:24 - 2017-03-26 17:24 - 00000000 ____D C:\ProgramData\f8ff187d-7e47-1
2017-03-26 17:24 - 2017-03-26 17:24 - 00000000 ____D C:\ProgramData\f8ff187d-1425-0
2017-03-25 00:36 - 2017-03-25 00:36 - 01962408 _____ C:\Users\Primitive\Downloads\wrar540.exe
2017-03-24 22:52 - 2017-03-24 22:52 - 00014474 _____ C:\Users\Primitive\Downloads\57c8c80bfc2b70a697687c0b88e41b1c.torrent
2017-03-24 21:20 - 2017-03-25 12:27 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\BitTorrent
2017-03-24 21:14 - 2017-03-24 21:14 - 00012872 ____N C:\bootsqm.dat
2017-03-24 21:08 - 2017-03-24 21:08 - 00009371 _____ C:\Users\Primitive\Downloads\8e409b424596c2ce2e468e3b3a366a4f.torrent
2017-03-24 19:16 - 2017-03-24 21:17 - 00000000 ____D C:\Users\Primitive\Desktop\Keep Talking and Nobody Explodes
2017-03-24 19:16 - 2017-03-24 19:16 - 00000000 ____D C:\Users\Primitive\AppData\LocalLow\Steel Crate Games
2017-03-24 11:54 - 2017-03-24 11:54 - 03083458 _____ C:\WINDOWS\75dffb6da80dd620d53b0fc631c7fcbc.exe
2017-03-24 11:49 - 2017-03-24 11:49 - 08501584 _____ (MPDV6U) C:\WINDOWS\system32\Drivers\1d160a49fc8ecb3cfce1289a40c9b4dc.sys
2017-03-20 17:17 - 2017-03-16 18:56 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-03-20 17:15 - 2017-03-16 21:01 - 40190400 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 34991672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 19006832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 16851280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 11019888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 09306312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 08990256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 03169848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 02716096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437892.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00687408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00515648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00500792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00207856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00183136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00177992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-03-20 17:15 - 2017-03-16 21:01 - 00152064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-03-16 16:37 - 2017-03-25 21:20 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Natural Selection 2
2017-03-14 12:44 - 2017-03-14 12:44 - 04220719 _____ C:\Users\Primitive\Downloads\HS-HSS-TAP-Part_5_--_Chapter_31-_American_Life_in_the_Roaring_Twenties.pdf
2017-03-12 21:46 - 2016-10-27 17:18 - 00000000 ____D C:\Users\Primitive\Desktop\4.3.0
2017-03-09 19:27 - 2017-02-23 18:55 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437878.dll
2017-03-09 19:27 - 2017-02-23 06:32 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437878.dll
2017-03-06 21:26 - 2017-03-06 21:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2017-03-06 21:07 - 2017-03-06 21:10 - 00000000 ____D C:\Users\Primitive\AppData\Local\{F7ECC1B0-D344-AD08-BEDC-88E09AB47478}
2017-03-06 20:54 - 2017-03-06 20:57 - 1182291124 _____ C:\Users\Primitive\Downloads\397483-ZOTYCE.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-29 19:32 - 2016-02-07 01:12 - 00770738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-29 19:30 - 2016-10-09 16:08 - 00000000 ____D C:\Users\Primitive\AppData\Local\ClassicShell
2017-03-29 19:29 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Local\Spotify
2017-03-29 19:29 - 2016-02-07 01:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-29 18:22 - 2016-10-09 15:09 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Spotify
2017-03-29 18:21 - 2017-01-12 18:10 - 00264598 ____N C:\WINDOWS\Minidump\032917-4390-01.dmp
2017-03-29 18:21 - 2016-04-07 16:21 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-29 18:21 - 2016-02-07 01:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-29 18:21 - 2016-02-07 01:04 - 00000000 ____D C:\Users\Primitive
2017-03-29 18:20 - 2017-01-09 22:52 - 00140288 _____ C:\Users\Primitive\AppData\Roaming\Installer.dat
2017-03-29 15:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-28 20:09 - 2016-04-30 12:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\discord
2017-03-28 19:13 - 2016-04-04 16:11 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-26 22:18 - 2016-02-07 01:07 - 00000000 ____D C:\Users\Primitive\AppData\Local\Packages
2017-03-26 21:20 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-26 21:18 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-03-26 17:26 - 2017-01-10 00:49 - 00000073 _____ C:\WINDOWS\wininit.ini
2017-03-26 17:24 - 2017-01-09 22:52 - 00000000 _____ C:\TOSTACK
2017-03-25 21:53 - 2016-02-09 15:31 - 00000000 ____D C:\Users\Primitive\AppData\Local\Battle.net
2017-03-25 21:52 - 2016-02-09 15:30 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-25 20:03 - 2016-02-07 04:59 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Mumble
2017-03-24 23:47 - 2017-02-04 04:52 - 00000000 ____D C:\Users\Primitive\MusicBot
2017-03-24 20:05 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-24 20:04 - 2016-10-14 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-24 17:40 - 2016-03-11 18:19 - 00565800 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-03-20 17:18 - 2016-10-06 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 17:18 - 2016-02-07 01:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 17:18 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-20 17:18 - 2014-08-31 14:59 - 00000000 ____D C:\Temp
2017-03-20 17:17 - 2016-04-30 16:35 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-17 16:03 - 2016-04-05 18:23 - 14574640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-03-16 21:01 - 2017-01-01 20:05 - 28254264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-03-16 21:01 - 2017-01-01 20:05 - 00043636 _____ C:\WINDOWS\system32\nvinfo.pb
2017-03-16 21:01 - 2016-10-28 21:08 - 00640456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-03-16 21:01 - 2016-09-21 22:00 - 00573632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 24492880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 20769264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 13800944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-03-16 21:01 - 2016-04-05 18:23 - 03597456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-03-16 19:31 - 2016-10-08 15:14 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-03-16 19:16 - 2016-04-05 18:24 - 00549944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-16 19:16 - 2016-04-05 18:24 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 06401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-16 19:16 - 2016-02-07 01:10 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-16 05:39 - 2016-02-07 01:10 - 07813427 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-09 00:07 - 2016-02-07 01:15 - 00000000 ____D C:\Users\Primitive\AppData\Local\Roblox
2017-03-08 22:00 - 2016-09-26 17:57 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-03-08 19:25 - 2017-01-10 02:01 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-06 21:44 - 2016-05-01 20:31 - 00000000 ____D C:\Users\Primitive\AppData\Roaming\Microsoft Games
2017-03-06 21:43 - 2016-05-01 20:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-06 21:43 - 2016-05-01 20:30 - 00000000 ____D C:\ProgramData\Microsoft Games
2017-03-06 21:24 - 2016-02-07 01:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-04 19:12 - 2017-01-22 01:30 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2017-01-22 01:30 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-04 19:12 - 2016-02-07 01:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-01 17:53 - 2017-01-10 02:14 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AAA7E8BD-894E-42B0-A4E4-C7C98A5F38BF}

==================== Files in the root of some directories =======

2017-03-29 18:20 - 2017-03-29 18:20 - 0011568 _____ () C:\Users\Primitive\AppData\Roaming\InstallationConfiguration.xml
2017-01-09 22:52 - 2017-03-29 18:20 - 0140288 _____ () C:\Users\Primitive\AppData\Roaming\Installer.dat
2016-06-01 21:22 - 2016-06-01 21:22 - 0007606 _____ () C:\Users\Primitive\AppData\Local\Resmon.ResmonCfg
2017-01-09 22:52 - 2017-01-09 22:52 - 0000000 _____ () C:\Users\Primitive\AppData\Local\run.txt
2017-01-09 22:54 - 2017-01-09 22:54 - 0000001 _____ () C:\Users\Primitive\AppData\Local\setupsuccessful.txt
2017-01-09 22:52 - 2017-01-09 22:54 - 0000000 _____ () C:\Users\Primitive\AppData\Local\stxtname.txt
2017-01-15 01:50 - 2017-01-18 19:43 - 0000292 _____ () C:\ProgramData\DP0004.dat
2016-12-23 20:55 - 2016-12-23 20:55 - 0000016 _____ () C:\ProgramData\mntemp
2016-12-23 20:55 - 2016-12-23 20:55 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
2017-01-01 20:00 - 2017-01-22 01:30 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-01 20:00 - 2017-01-22 00:32 - 0004188 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Files to move or delete:
====================
C:\ProgramData\DP0004.dat


Some files in TEMP:
====================
2017-03-29 18:20 - 2017-03-29 18:20 - 1150603 _____ (Hekedugani ) C:\Users\Primitive\AppData\Local\Temp\DB39.tmp.exe
2017-01-11 04:53 - 2017-01-11 04:53 - 0762992 _____ () C:\Users\Primitive\AppData\Local\Temp\InstallHelper.exe
2017-01-23 20:37 - 2017-01-23 20:37 - 0739904 _____ (Oracle Corporation) C:\Users\Primitive\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-01 20:08 - 2017-02-23 04:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI.dll
2017-01-01 20:08 - 2017-02-23 04:17 - 0868152 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvSCPAPI64.dll
2017-01-24 19:38 - 2017-02-23 04:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\nvStInst.exe
2016-10-08 15:14 - 2017-01-05 21:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-08 15:14 - 2017-01-05 21:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\Primitive\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-01-15 00:53 - 2017-01-15 00:53 - 1472872 _____ () C:\Users\Primitive\AppData\Local\Temp\QQPCDOWNLOAD74707.EXE

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-09 20:00

==================== End of FRST.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 29th, 2017, 7:38 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Primitive (29-03-2017 19:33:35)
Running from C:\Users\Primitive\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-07 05:06:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-233390903-2661952563-451428824-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-233390903-2661952563-451428824-503 - Limited - Disabled)
Guest (S-1-5-21-233390903-2661952563-451428824-501 - Limited - Disabled)
Primitive (S-1-5-21-233390903-2661952563-451428824-1001 - Administrator - Enabled) => C:\Users\Primitive

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version: - Studio Wildcard)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Cloud Penguin (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Cloud Penguin) (Version: 2.0.6210.36208 - Cloud Penguin) <==== ATTENTION
Clustertruck (HKLM\...\Steam App 397950) (Version: - Landfall Games)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Depth (HKLM\...\Steam App 274940) (Version: - Digital Confectioners)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version: - Eidos Montreal)
Discord (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
Epic Games Launcher (HKLM-x32\...\{2DE76AAC-8061-4D9B-B7BA-A7CFBE0F8048}) (Version: 1.1.86.0 - Epic Games, Inc.)
Git version 2.11.1 (HKLM\...\Git_is1) (Version: 2.11.1 - The Git Development Community)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Guns of Icarus Online (HKLM\...\Steam App 209080) (Version: - Muse Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7870.2024 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Monster Hunter Online (HKLM-x32\...\Monster Hunter Online) (Version: - Tencent)
Natural Selection 2 (HKLM\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Planetary Annihilation: TITANS (HKLM\...\Steam App 386070) (Version: - Uber Entertainment)
Python 3.5.1 (64-bit) (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{b8440650-9dbe-4b7d-8167-6e0e3dcdf5d0}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 Add to Path (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Core Interpreter (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Development Libraries (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Documentation (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Executables (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Launcher (32-bit) (HKLM-x32\...\{EC00AEF9-6544-4FEC-8152-C8949CDDCC85}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.1 pip Bootstrap (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Standard Library (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Tcl/Tk Support (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Test Suite (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Python 3.5.1 Utility Scripts (64-bit) (Version: 3.5.1150.0 - Python Software Foundation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.0 r2746 - )
ROBLOX Player for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio for Primitive (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.0.5 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
SMITE (HKLM\...\Steam App 386360) (Version: - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\Spotify) (Version: 1.0.51.693.g6ea1e7f6 - Spotify AB)
Super Hexagon (HKLM\...\Steam App 221640) (Version: - Terry Cavanagh)
Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 24.0.1 - Ubisoft)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zoo Tycoon 2 - Ultimate Collection (HKLM-x32\...\InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}) (Version: 1.00.0000 - Microsoft Game Studios)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Primitive\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-233390903-2661952563-451428824-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\Primitive\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041BD7F2-9D4D-4C9B-B7BC-46A4F59A7431} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {0C557DF1-E92D-458A-8E6F-6C3D1D24242A} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {0CC8C3D9-71F8-4D15-97D6-38645131BAB9} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {0D2AD9B3-ADDB-40A5-A136-3E0102ADBF82} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {10661CA9-C443-4EB0-91B3-4676DC558427} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {236D5E93-AC70-40C8-8507-71ED54E82425} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {36FC4F2D-2FC1-4C0F-9F44-41B280A32779} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {3F2DCA07-5247-4396-A732-55CFACB24016} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {3F39F139-E558-49F2-94D9-5443E998C7DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {45A64C74-3F8C-42EE-8DEB-DF1A83FCCD4D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {4752A296-189E-4FD5-A55B-16D29353EEF8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: {4B25888B-8985-4F3F-B91E-496D45D90F69} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {54E033B2-E527-4D00-B522-6E3845CDF2E1} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {5A63E6F8-C360-4ED1-AC63-7167C03D1785} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {5DBF077D-34EF-4AC4-ABE9-B051D1CC57E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {66E21683-3ABA-4D5F-B96A-97B64E81E6F5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {718654D7-45FE-4114-8169-D671714DB898} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {7813514E-C52D-4C08-BCE8-6CFD9B1B3685} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {7EA057AD-62FC-43FD-BE2E-2A8DC9D0A261} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {85148911-6B3A-4DA0-BE2A-EC73B3E91C67} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {8C66C891-8007-46D0-8A70-0F04AFD28BC9} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {95BF1522-875E-4138-B6E6-A36B795D7D25} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {97119FF0-B283-4618-9ECE-8ACD504E0A01} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {9C8FF20F-ACB5-43FE-B59C-991453FAB0FE} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {AE34D356-1919-4106-9136-CD5F218496D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {B481EED0-482D-4E11-B005-299A4747938A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B4F276E6-7AE1-4A1D-8CD2-D1B6059AC5F4} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {B5015F98-BD11-457C-AF42-4257BD35FEFC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-08] (Microsoft Corporation)
Task: {BF3CD351-0A42-4629-87ED-61FC9961439A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-08] (Microsoft Corporation)
Task: {C62F2AFE-67E3-4033-B157-B302AA4C9F01} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-05] (Microsoft Corporation)
Task: {DB3840F1-A2BA-4B6F-9098-D94CACB970FC} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {ED519B11-3B3F-4B0B-9C63-CC6B72B6E04B} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {EE8D7CAE-3277-4C79-84FD-215F3C05BA5F} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
Task: {EF195EFC-DAE2-47F4-9AF7-9896A8FF1C62} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
Task: {F8691C31-7151-4D63-ABB0-CA44666DB472} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {F926E2CA-0E8B-4955-BF7F-CC1836FDF8E0} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
Task: {FC17B985-39D1-41BC-88AA-E56D1701A505} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
Task: {FD3CA9F1-D4CB-4460-BF78-0FAC0BF6ED8E} - System32\Tasks\PPI Update => C:\WINDOWS\explorer.exe "hxxp://windowsdefender.site/download/download.php?mn=9996" <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Primitive\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Еpiс Gаmеs Lаunсhеr.lnk -> G:\Non-Steam Games\Paragon\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 _____ () C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\dataup.exe
2017-03-26 17:26 - 2017-03-26 17:26 - 00230400 _____ () C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\prot3b4f51ef-73de-4277-a2f6-3e687129283e.tmpfs
2016-10-08 15:14 - 2017-02-23 14:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-29 15:49 - 2017-03-29 15:49 - 00318976 _____ () C:\Program Files (x86)\3b4f51ef-73de-4277-a2f6-3e687129283e1490563447\kns3C43.tmp
2017-03-24 16:52 - 2017-03-24 16:52 - 00008704 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-07 01:10 - 2017-03-16 19:16 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-08 18:33 - 2016-10-25 05:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-19 20:11 - 2016-05-19 20:11 - 00959168 _____ () C:\Users\Primitive\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 23:27 - 2017-02-25 04:59 - 08921648 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-16 21:30 - 2017-01-16 21:30 - 00230064 _____ () G:\rhinobot\Notepad++\NppShell_06.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-07 03:36 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 19:31 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-11-08 18:34 - 2016-10-25 00:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 18:33 - 2016-10-25 00:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 18:34 - 2016-10-25 00:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 18:33 - 2016-10-25 00:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-15 01:09 - 2015-10-27 07:30 - 00440832 _____ () G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Tools\tqos_reporter.exe
2017-01-23 09:31 - 2017-01-23 09:31 - 01037824 _____ () C:\Users\Primitive\AppData\Roaming\Rainmeter\Plugins\SpotifyPlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00173568 _____ () G:\Rainmeter\Plugins\AudioLevel.DLL
2017-01-01 09:59 - 2017-01-01 09:59 - 00120832 _____ () G:\Rainmeter\Plugins\QuotePlugin.dll
2017-01-01 09:59 - 2017-01-01 09:59 - 00093696 _____ () G:\Rainmeter\Plugins\Process.DLL
2016-12-22 19:02 - 2016-12-22 19:09 - 36960256 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\XboxApp.dll
2016-11-10 18:29 - 2016-11-10 18:29 - 00879104 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\sqlite3.dll
2016-02-07 02:30 - 2016-02-07 02:52 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.XboxApp_24.24.20004.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Users\Primitive\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2017-03-24 16:53 - 2017-03-24 16:53 - 00404992 _____ () C:\Users\Primitive\AppData\Local\Temp\WS\realtek_amd64.lib.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-08 15:14 - 2017-02-23 14:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 16:14 - 2016-04-18 16:14 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 67725936 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libcef.dll
2016-10-08 15:14 - 2017-02-23 14:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 01929840 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libglesv2.dll
2016-10-09 15:09 - 2017-03-23 17:24 - 00087152 _____ () C:\Users\Primitive\AppData\Roaming\Spotify\libegl.dll
2016-10-08 15:14 - 2017-02-23 10:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-08 15:14 - 2017-02-23 10:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-08 15:14 - 2017-02-23 10:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77684213.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\google.com -> hxxps://google.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2017-03-29 18:20 - 00007286 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost
92.53.119.169 469ba60d9681f961064c-3cca6631dac1b4997db921c060b712f6.r30.cf2.rackcdn.com
92.53.119.169 a.bf-ad.net
92.53.119.169 a.visualrevenue.com
92.53.119.169 a1.vdna-assets.com
92.53.119.169 a248.e.akamai.net
92.53.119.169 aax.amazon-adsystem.com
92.53.119.169 ad.crwdcntrl.net
92.53.119.169 ad.mail.ru
92.53.119.169 ade.clmbtech.com
92.53.119.169 ads.adfox.ru
92.53.119.169 ads.pubmatic.com
92.53.119.169 apis.google.com
92.53.119.169 asset.pagefair.net
92.53.119.169 assets.adobedtm.com
92.53.119.169 assets.flocktory.com
92.53.119.169 autocontext.begun.ru
92.53.119.169 b.grvcdn.com
92.53.119.169 b.ns1p.net
92.53.119.169 b.scorecardresearch.com
92.53.119.169 b.wal.co
92.53.119.169 babator-stg-cdn.babator.com
92.53.119.169 beacon.krxd.net
92.53.119.169 beacon.walmart.com
92.53.119.169 c.amazon-adsystem.com
92.53.119.169 c.vepxl1.net
92.53.119.169 c2.taboola.com
92.53.119.169 cdn.3lift.com
92.53.119.169 cdn.admixer.net
92.53.119.169 cdn.brcdn.com
92.53.119.169 cdn.cxense.com
92.53.119.169 cdn.interactivemedia.ne
92.53.119.169 cdn.krxd.net
92.53.119.169 cdn.lenmit.com
92.53.119.169 cdn.livefyre.com
92.53.119.169 cdn.m-pathy.com
92.53.119.169 cdn.mathjax.org
92.53.119.169 cdn.mxpnl.com
92.53.119.169 cdn.onthe.io
92.53.119.169 cdn.optimizely.com
92.53.119.169 cdn.prom.st
92.53.119.169 cdn.pushwoosh.com
92.53.119.169 cdn.scarabresearch.com
92.53.119.169 cdn.taboola.com
92.53.119.169 cdn.taplytics.com
92.53.119.169 cdn.tt.omtrdc.net
92.53.119.169 cdn.unid.go.com
92.53.119.169 cdn1.graphiq.com
92.53.119.169 cdn3.optimizely.com
92.53.119.169 cdnjs.cloudflare.com
92.53.119.169 cdnssl.clicktale.net
92.53.119.169 comet.yahoo.com
92.53.119.169 consent.truste.com
92.53.119.169 content.adriver.ru
92.53.119.169 contextual.media.net
92.53.119.169 cstatic.weborama.fr
92.53.119.169 d134l0cdryxgwa.cloudfront.net
92.53.119.169 d2oh4tlt9mrke9.cloudfront.net
92.53.119.169 dpm.demdex.net
92.53.119.169 e.monetate.net
92.53.119.169 edge.quantserve.com
92.53.119.169 edx-uk.s3ae.com
92.53.119.169 eu-services.babator.com
92.53.119.169 fc.yahoo.com
92.53.119.169 gaua.hit.gemius.pl
92.53.119.169 gde-default.hit.gemius.pl
92.53.119.169 go.flx1.com
92.53.119.169 googleadservices.com
92.53.119.169 hpr.outbrain.com
92.53.119.169 i.cricketcb.com
92.53.119.169 i.tfag.de
92.53.119.169 ib.adnxs.com
92.53.119.169 imagesrv.adition.com
92.53.119.169 img.imgsmail.ru
92.53.119.169 img7.auto.ria.com
92.53.119.169 j.ophan.co.uk
92.53.119.169 js-agent.newrelic.com
92.53.119.169 js-sec.indexww.com
92.53.119.169 js.revsci.net
92.53.119.169 js.ui-portal.de
92.53.119.169 kamradamnaradost.ru
92.53.119.169 kpmediagaua.hit.gemius.pl
92.53.119.169 level1cdn.com
92.53.119.169 mc.yandex.ru
92.53.119.169 ml314.com
92.53.119.169 mtrx.go.sonobi.com
92.53.119.169 ninja.onap.io
92.53.119.169 o.aolcdn.com
92.53.119.169 odb.outbrain.com
92.53.119.169 ok-bar.love.mail.ru
92.53.119.169 ok-portal.mail.ru
92.53.119.169 optimize-stats.voxmedia.com
92.53.119.169 p.d.0fmm.com
92.53.119.169 p.t-online.de
92.53.119.169 pagead2.googlesyndication.com
92.53.119.169 peermapcontent.affino.com
92.53.119.169 pixel.vihub.ru
92.53.119.169 psma02.com

There are 51 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-233390903-2661952563-451428824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Primitive\AppData\Roaming\Rainmeter\Layouts\Test\Wallpaper.bmp
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-233390903-2661952563-451428824-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{623EAC45-1598-4EEE-BD2F-C554D19FAA58}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{882D562F-D8CF-47F0-91D5-5FF20B26E4D6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F32F6EE-7D5A-4F87-890D-C43E6E5B1D6B}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{37B62C7A-6269-448C-B0F0-C5F4DD354D39}] => (Allow) G:\Steam\Steam.exe
FirewallRules: [{62D0C5AA-BAC2-46E9-875E-4A481824893A}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [{13C2835A-1846-4F6B-8DBB-D5013C3538E6}] => (Allow) G:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{0DB0ECE8-19E6-4A88-938C-7A7268B91FE9}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE87E032-962F-4070-80E1-0F26707C370F}C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\windows.old\users\primitive\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E12D0410-C1CD-4A84-9D2B-A549A6FE2C42}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{66C4B93B-2AA9-4B9B-8CBD-B461DFB712E2}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{3908B23D-06E8-409A-955B-5EB59B18597B}G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{450E2008-E396-433A-A2C2-A8DD4DA0B3CE}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{44F09366-8258-4497-AE39-AAF7A7B95146}G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{A0E6F6F2-A76C-4190-A05C-EEC139D4A3A9}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{436E6A5A-63DA-466D-97E6-04584B352F1B}] => (Allow) G:\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{AF18843B-D775-4C5B-961C-E4BE8E0D4D85}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C2B76408-6377-4C86-8CA0-23DC44A17D81}] => (Allow) G:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DFDDC1C2-D40E-452E-BA03-AD93719A722A}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [{0C7AE528-35AA-4CA9-BEEF-9273410642C4}] => (Allow) G:\Steam\SteamApps\common\The Isle\TheIsle.exe
FirewallRules: [TCP Query User{F94CD4E5-A551-4850-AC31-08A71433FA3E}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{4CCE744F-9643-4D7F-8D50-08A1F5F83204}G:\epic games\4.10\engine\binaries\win64\ue4editor.exe] => (Allow) G:\epic games\4.10\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{F2230469-9934-4F74-B6BB-F29B3E279064}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{E1999BC2-8EC4-468A-BC7F-0D0176ADE6A1}G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe] => (Block) G:\epic games\4.10\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [TCP Query User{212B39BF-7C90-4A18-A2A0-49AEE8CBB838}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{73721E6F-4821-40A6-92A7-4A410A50DD18}G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) G:\non-steam games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{0CC94886-5F31-440B-8375-8650C49219BA}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1327FD25-DABA-4F25-8721-6FF3482ABA8E}] => (Allow) G:\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{23BC6235-E46E-443A-A509-DBB2C0214867}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7A57483F-0EDC-4AAA-8F16-7E6225D68E64}C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-d0ea8fd26e144a48\robloxstudiobeta.exe
FirewallRules: [{8BC5D79D-ECCB-4824-9964-F2E73A249C60}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{0E2B86AF-644D-43C9-9426-2B434A9EC1DA}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [UDP Query User{1B6BC57A-E430-4B42-B2D2-6D16FA5FEBD0}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe
FirewallRules: [TCP Query User{6C500A62-A08C-4EA0-96B7-7D3CCD8E02C0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [UDP Query User{45C7D1CE-847C-42D9-A580-3607B07097F0}C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.979\microsoft toolkit.exe
FirewallRules: [TCP Query User{F3520FB5-F1CC-4074-87DE-5CF415688408}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [UDP Query User{8B4AD559-39E8-4A1D-96C8-F4410E45AF2A}C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.958\microsoft toolkit.exe
FirewallRules: [TCP Query User{826E5577-F48E-48C4-B788-4237C7C64054}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [UDP Query User{8EE5BE3A-F201-4B23-92EA-00303D2F81B9}C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe] => (Block) C:\users\primitive\desktop\igg-huniecam.studio\huniecamstudio.exe
FirewallRules: [TCP Query User{71689633-D477-4FA3-93C7-39DBD8D16D0B}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [UDP Query User{27419A28-CEAF-4934-9067-F9E56798A149}C:\users\primitive\desktop\stuff\huniecamstudio.exe] => (Allow) C:\users\primitive\desktop\stuff\huniecamstudio.exe
FirewallRules: [TCP Query User{6BB72CFE-E6C9-488E-AFF8-4C42BB966AD3}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{B6347567-B904-4E85-8E5E-D12FE7AD6B69}G:\non-steam games\hearthstone\hearthstone.exe] => (Allow) G:\non-steam games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{0B7EA474-5A25-4B8A-B994-1513540C3243}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A2A64718-D7CE-425D-8560-15ABFD84E229}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{7736D49B-8E9F-4C87-855D-E2A19BCCB59C}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1B00BB64-BBE7-49F4-B690-75EF262E2C5E}G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe] => (Allow) G:\new folder\heroes of the storm\versions\base42273\heroesofthestorm_x64.exe
FirewallRules: [{F11A6418-583B-4BF4-BBB3-D99BBB3B311F}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F3B40AAB-4713-4A2E-A857-1DD7013ACAAC}] => (Allow) G:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{1A7FB639-11ED-46E5-8932-FA17C6FC5D7E}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [UDP Query User{A5C8EBCC-699E-4F6F-BFD8-BF07593D6353}G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the orion project\orion\binaries\win64\orion-win64-shipping.exe
FirewallRules: [{2E6C0288-6D7C-4326-AEB4-EAD4FC13974A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38366E24-9DD0-49C6-B75F-B82810C36C0A}] => (Allow) LPort=2869
FirewallRules: [{933CF27E-CDC8-46C2-8C32-54C742A26086}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{554E64E0-949D-48E5-A53D-1F12FD8B9D3E}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [UDP Query User{E374850A-708E-450A-8CC5-5F768F4CBE08}G:\new folder\overwatch\overwatch.exe] => (Allow) G:\new folder\overwatch\overwatch.exe
FirewallRules: [TCP Query User{A034A264-0945-466C-B892-5A5228B0651D}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{C5F98DCB-D2DA-4B11-9343-035AE2F2AB7F}G:\5kplayer\5kplayer.exe] => (Allow) G:\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{1BDF9A2F-CD29-4E5E-A082-C38AF929DAE3}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [UDP Query User{7613A658-F25F-4404-8E58-F5EA70D316C2}G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe] => (Allow) G:\steam\steamapps\common\the isle\theisle\binaries\win64\theisle-win64-shipping.exe
FirewallRules: [{8A0F9ABD-4B7B-4B99-BBD7-A0C569DE9D3C}] => (Allow) LPort=3724
FirewallRules: [{2FDD3BE2-9AE2-4E50-87D5-C75A81102691}] => (Allow) LPort=80
FirewallRules: [{64B5E32C-9C1B-46CD-B0C0-AF4960C6BA50}] => (Allow) LPort=3724
FirewallRules: [{0F99289A-A5F7-422C-9402-3B7926840156}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{D062639C-BE7D-4157-9324-71092FA90889}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{E0E46D31-D846-433F-93BB-C40904D76206}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{6D25C008-C437-4F1F-BDB4-836EB6CD91C7}] => (Allow) G:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{63443DFF-2AB7-43C1-8214-30B975D2C89E}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5570ED2F-A868-4505-8D6F-AF68B4627C86}G:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) G:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{932D63EC-38F6-4AE0-9D77-51B8E11419A7}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{8B4BD4CE-9BC1-4122-84CD-E06FC899FDFD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\PA.exe
FirewallRules: [{A97DEDDE-8734-44C5-8468-66F39BBE8CF0}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{F5F33787-D7C4-4739-948D-4CF5489C3196}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\PA.exe
FirewallRules: [{699B12A2-F38A-45F5-90A0-C0D6FA07048C}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{0A946021-97EC-4123-8B35-3F540E4C0B87}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\crashupload.exe
FirewallRules: [{2532257F-66FE-4A7F-B558-7DEB53E91923}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{E847E4B7-F8CA-40EF-BE4E-7178535D8AFF}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x86\host\CoherentUI_Host.exe
FirewallRules: [{0689DDDF-B42B-4EE1-97E3-C93CB1769EC1}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{A6FE3A00-4642-44DB-A8E7-6DC7EDC91103}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\crashupload.exe
FirewallRules: [{2860814A-C858-435B-93FF-CAEAF06283E5}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{B71182B9-2FF4-4350-A587-12661B101AE2}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\host\CoherentUI_Host.exe
FirewallRules: [{D7323373-425E-4712-9CAF-B9EAAA0BD3BD}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{2FC5CCF0-1EBA-4F2E-AEF2-3564E3BE2089}] => (Allow) G:\Steam\SteamApps\common\Planetary Annihilation Titans\bin_x64\server.exe
FirewallRules: [{8599F9E1-4132-4FCE-9E2A-134AF4221A9F}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{8491AA07-3E7C-4D2C-970F-6DDD8647E6E2}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_91\bin\java.exe
FirewallRules: [{680C8538-AB76-4C9D-AA64-88528517232B}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [{90022BBC-7821-4A38-8499-7D4720C7F399}] => (Allow) C:\Users\Primitive\Ubiquiti UniFi\bin\mongod.exe
FirewallRules: [TCP Query User{70314229-B02C-47BC-803D-36EAD79CB19E}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{809CF0FE-0CFC-43F4-8B08-DE1EA5404EC2}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{0A4BB1E4-2739-45A6-9B44-7574F239D6FE}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{1EE99792-B9F5-4336-B6A4-67CDE297D939}G:\new folder\overwatch test\overwatch.exe] => (Allow) G:\new folder\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{A731D180-3785-4690-B244-8E072AACA54B}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [UDP Query User{7890BBC5-C71C-45FC-90CA-F355C715C194}C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-ff140f5bd46141f7\robloxstudiobeta.exe
FirewallRules: [{85A541F6-343A-415C-B0CC-41F490595474}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{B3306EE5-DEE6-4CDA-B7FE-EF05D863260D}] => (Allow) G:\Steam\SteamApps\common\Evolve\Bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{6134967A-DD57-43EE-9C37-B49E9B734E02}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{D7997AEA-89B2-4C2D-8D18-197288A3B3D6}G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) G:\new folder\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{A3F2F9DB-7E59-4228-B86B-90275A4CECC1}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{72E3CBF9-EA97-42BF-AEBB-C409E5EAE144}G:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) G:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{53EF9765-8F3F-4CE0-891F-6ABD0BCCF0CA}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{BA877EC9-C8B6-482F-8301-28A60C63338D}] => (Allow) G:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{F4B04EE7-CE5B-43A7-B020-7300ED880910}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [{4CD296B7-581C-4259-BACC-6CD4A284EF77}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1471404134_46113\MiniQQDL.exe
FirewallRules: [TCP Query User{50C74FB9-13D1-4C0F-B363-2C3454C39C2F}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [UDP Query User{4E57BD46-5D4B-4445-BEAE-89D68AF55E29}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1471404134_46113\teniodl.exe
FirewallRules: [{DE1E98E7-D7D7-4D9A-B4D2-13432A2B5137}] => (Allow) G:\MHO_Setup_1.0.10.281.exe
FirewallRules: [{AA64C9C3-345B-45A6-B70C-0160C707B77D}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{67205B16-3A61-4047-AD66-C2BCE10F7EBC}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\B0DEBE954B4E9315DB8B362D20D3CDBB\TenioDL\teniodl.exe
FirewallRules: [{DB59E90A-56E4-420D-9F34-A77FFD35A498}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{FC74637D-B211-4EFB-AEE3-CACE48FDDBDC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{9640D995-3E8B-4B47-B24E-D1DF382E7A36}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{CEDE9F51-5B8F-4CCD-B830-73E73E7F7A8E}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{40741CA0-A58F-4341-AD44-A15FEC3B0B70}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{3A379FC4-8321-492C-AB7E-F9C97A82FA62}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [TCP Query User{01336705-8EAD-4B36-BF65-D9C44FA9FEBC}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{3B9A6431-CFC2-4DC3-A89B-53215014C478}G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\new folder (2)\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{B1FE646A-C2FB-45D2-A8E9-CB422DB1CCAC}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{91C7C2FF-6B69-4EE3-84A5-D879D600722F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{CCCB8CA6-598C-4530-947B-AAB3BDF7AAE3}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{29501E58-6243-482A-991A-4846F989EE04}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{B72F9913-9157-41F6-86AA-209D85553F52}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{AD359F3F-BDBE-4180-A8BD-DD70B3A26389}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{1B669228-ECC6-4BD2-8A6F-5F16E4BB126A}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [{F5F2B9C2-95EF-439B-9CF3-52C59EC8258F}] => (Allow) G:\New folder (2)\Monster Hunter Online\Bin\Client\Bin32\Cross\apps\cqs\qtalk\bin\miniqtalk.exe
FirewallRules: [TCP Query User{4EE97130-FC57-4E76-AC59-99C458FA3C80}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{5B808CD5-68F6-496E-B030-D5313FC11F38}G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) G:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{9E7CC219-9CB1-4CD5-9335-EBE8533250B9}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [UDP Query User{239FFC90-287E-495D-AB59-7FC23145B069}G:\non-steam games\overwatch\overwatch\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch\overwatch.exe
FirewallRules: [{58497E58-8543-4AF6-BF1A-C796522D7DA6}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{47E63243-0844-48FE-9178-FAC61F31B063}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{C30F45C8-7A7E-43BA-9AAA-5A0A299DA24C}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E2717E1C-8DA8-449D-A315-2559FA37A472}G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) G:\non-steam games\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{01F09A5D-56CE-4C06-B469-C085C6012A5F}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{80F297EA-BC13-4FB9-8DDF-2A331DAFCC40}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{61721D0C-C71A-426C-B802-0B547DC1B72F}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [{43ACBCD6-DF48-4705-9F58-0FFE049BB002}] => (Allow) G:\Steam\SteamApps\common\SMITE\Binaries\Win32\HirezBridge.exe
FirewallRules: [TCP Query User{F8CE015C-4705-49BB-9DAF-76AAF36EF185}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{395F18A2-BD53-4597-8E8F-3E6B097674BF}G:\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) G:\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{9CEF9ED1-1338-4485-8D6D-1179EC70FDA3}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{B81A4465-DE02-478B-B2D9-E4AB64D227FA}] => (Allow) G:\Steam\SteamApps\common\ClusterTruck\Clustertruck.exe
FirewallRules: [{C5FEAB5F-ED17-42C6-93BF-7AB26DB81BA5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{72E2569E-16E8-4425-88AC-00603841CFFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{45330A66-5327-4487-8F80-32299908671A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3C099841-F916-4F42-9021-A854C1357C97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9220A0FA-B81F-4D45-AC6A-044F0B6CF166}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3C4E80F4-A092-4CB6-B540-A86C8952ABEF}C:\users\primitive\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\primitive\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B710C0C4-08D9-4145-BE07-866286CB2C00}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [UDP Query User{5F375B40-602F-416C-BAA3-3EF955EBE04A}G:\non-steam games\overwatch\overwatch test\overwatch.exe] => (Allow) G:\non-steam games\overwatch\overwatch test\overwatch.exe
FirewallRules: [{33153EA4-8120-4115-92CE-6BF18BA639F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2B9A0DD5-F582-4889-9535-849B35C83F43}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{17839E54-88C3-47D1-A7A0-01D3012CED39}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{72A80336-7300-4FDE-A344-9853CE2CCB18}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4D705E32-6B9B-47B0-9186-E328FEC23B20}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{98ED55A4-A4DA-4C4F-9BEF-37A596F6AFD4}] => (Allow) G:\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{0AAF8FD3-D5E6-47BD-AE05-B74BAB84B9F1}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{4677494E-ED85-4AA0-A66D-902FBE60FB4A}] => (Allow) G:\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{E4C68492-42B1-4604-915F-21EAAD919D23}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{CFA6BAC5-80B5-47DE-BF2D-209F657C615E}] => (Allow) G:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{788EBD02-A83A-489C-9813-CF080BEFB30F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{0B5233E7-8472-4AC6-8565-AD80C46D3885}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [UDP Query User{401DF6F8-8DC1-4ACB-8AD5-ABCD9EC01CAB}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{DE649370-1ED2-4595-BCD2-B0A032E1640E}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4805A180-E9B2-49F8-AA75-0D4C081DFB89}G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{DAE0D35D-7DB3-41D4-9723-ED957BB53903}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{9F098143-7E37-4D90-973B-602A203A55A0}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{0B5BB3F9-0A5A-4288-82B7-2353A6C24341}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{4F1A7742-DF00-4870-B9B5-C7E64624FE46}G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) G:\non-steam games\paragon\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{51BC0EDE-9905-4195-84C8-BF8939908167}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C15FC5C7-99CF-4E5A-81C4-5A877BDBEE9D}G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe] => (Allow) G:\non-steam games\heroes of the storm\versions\base48027\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{601CBF0E-78FD-4E8C-8772-947FB93CC163}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [UDP Query User{4F1CDB89-3C49-433D-86B1-2D5CC565EF99}C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8142\battle.net.exe
FirewallRules: [{36D44B57-18D0-4CCB-857D-EAD0612ED622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A61ED98D-9440-405A-ADB5-1EAEF2939046}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6D69BDBC-C579-450C-959A-516BBF68A966}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EDF74F32-C9FB-41CB-8C78-D08F9A57FDC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{F1406EE3-FB4E-40B4-BB3C-791F4B8E61EA}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{A5A8C7D3-2EF3-40DF-B166-6F8856341311}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{039CC2A6-8753-4013-81A2-192A59E09349}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{76A2E5F8-8DE7-403B-943C-444F76A881A3}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8D0D9326-C7CC-49CA-B92A-2066BC8FB3B4}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{05B77BB7-1039-449D-8CF0-2FE18A7D3B2B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AAD8536A-C438-4191-8919-10DAB48B0B5B}] => (Allow) G:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{35C23D4C-B2E7-4FEE-B85D-A3F57B11B1D2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{794435CE-BA25-4692-9EF8-FEE00FC5ABC2}] => (Allow) G:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{06BD6921-70BE-4F1F-9A4F-FC21D6F2519F}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{838F76D9-1920-427F-94F4-5628B0920463}] => (Allow) G:\Steam\SteamApps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{8B533F19-34FF-4DCC-8EB9-45195214C599}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8FA91647-E1BB-4C0A-8020-07B890998ED0}] => (Allow) G:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{4D3DDB90-2F38-49FA-A655-293BAACD5A1F}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{DBCE5122-0967-41F0-983B-1BB6E7E6E5B9}C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\primitive\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{F285FC3E-1572-4385-AB56-B7D21DE2B1BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FCB42E26-0AF2-4681-80E8-B3CFA38A5EB1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B6E957B7-7F7D-4B16-8C4F-95446738EDEF}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [UDP Query User{854267C1-E051-42CD-8387-E8599E49DFED}C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe] => (Allow) C:\users\primitive\appdata\local\roblox\versions\version-506d9e2f695a4b05\robloxstudiobeta.exe
FirewallRules: [{A5656CAA-E9E5-4CC3-8A79-9724545EB2FE}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1E2617A2-D5F6-4502-AEE9-D480E007CA65}] => (Allow) C:\Users\Primitive\AppData\Local\ddnowyes.exe
FirewallRules: [{E9588507-2313-4762-A50D-4A9BC832F19B}] => (Allow) C:\Users\Primitive\AppData\Local\15150554.exe
FirewallRules: [{1164D2F8-5ADE-4E91-AE40-363A1857F0D2}] => (Allow) C:\Users\Primitive\AppData\Local\tinstall.exe
FirewallRules: [{3A395A1F-936B-4FF0-8710-ACE9917AC481}] => (Allow) C:\Users\Primitive\AppData\Local\sc76258249.exe
FirewallRules: [{18A66A25-E1E5-4171-B75F-2549447C195D}] => (Allow) C:\Users\Primitive\AppData\Local\ddnow.exe
FirewallRules: [{ECEEF00D-A964-4D2E-B07C-F1416D28C662}] => (Allow) C:\Program Files (x86)\Hits\omagh.exe
FirewallRules: [{CDA10417-98CE-4E1B-A851-8B3AEF1EE378}] => (Allow) C:\Program Files (x86)\Defects\omagh.exe
FirewallRules: [{C14106C9-8997-405B-B721-26E3FE0AEEE1}] => (Allow) C:\Program Files (x86)\acidosis\popularity.exe
FirewallRules: [{46ACFB00-CC12-4F10-BBFE-ADEDCC06C7F2}] => (Allow) C:\Program Files (x86)\acidosis\hijacking.exe
FirewallRules: [{05EA7D8A-7FF5-4521-B9C9-6771B65766F3}] => (Allow) C:\Program Files (x86)\operant\hoosiers.exe
FirewallRules: [{8609F1BC-8209-48BF-BB46-BCE98E4C61C7}] => (Allow) C:\Program Files (x86)\Ralph\demurrage.exe
FirewallRules: [{B5A97146-0EDE-49AC-AABD-AD6F8F0D22A9}] => (Allow) C:\WINDOWS\cutler.exe
FirewallRules: [{D02A3C86-A7FA-4549-9C2D-96ADE4BFBB83}] => (Allow) C:\Users\Primitive\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{24C5640D-65EF-4A6C-B98C-25D98020B0BA}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [{CDB59CAC-6EA0-44E9-B9C5-79DEF750C615}] => (Allow) C:\Users\Primitive\AppData\Local\Temp\QQVipDownloader\mhfc_1482204874_49659\MiniQQDL.exe
FirewallRules: [TCP Query User{257134CB-FB7F-4A5F-B70E-615278E2F341}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [UDP Query User{B9B4FABC-C0C7-4271-873D-AAB2E8375D52}C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe] => (Allow) C:\users\primitive\appdata\local\temp\qqvipdownloader\mhfc_1482204874_49659\teniodl.exe
FirewallRules: [{94165F0E-E46B-4FAD-819B-F80DD84B6B2E}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\MHO_Setup_2.0.11.371.exe
FirewallRules: [TCP Query User{54C272DB-35D3-4B75-8531-03FA9660D41F}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [UDP Query User{3E26C92C-C10E-4022-8C7B-2B853009E665}G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe] => (Block) G:\non-steam games\monster hunter online\monster hunter online\tcls\tenprotect\tensafe_1.exe
FirewallRules: [TCP Query User{74A20A0A-A3A0-4E05-A6A1-3E19C20C810F}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [UDP Query User{6BAC593A-0CCB-4133-87FE-87FF5647C786}G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe] => (Allow) G:\non-steam games\monster hunter online\monster hunter online\bin\client\bin32\mhoclient.exe
FirewallRules: [{1CDB3F0C-5413-44ED-A81C-275A4F02EB44}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{6A10EFAA-6B24-4BA9-91F8-D2C1EB57E198}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{9F0E65CA-13E0-41A0-A772-D6BAD6AC2008}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{8DFF6AEE-9F5E-4982-B96F-6855C931C2AB}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\Bin32\Cross\crossproxy.exe
FirewallRules: [{50AC1C5E-C9B2-4D1D-8157-85CFE9721CB0}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{B5DAAF87-D3EC-484D-AF79-C975877DB8CE}] => (Allow) C:\Users\Primitive\AppData\Roaming\Tencent\怪物猎人Online\4BA085A6FF5A5BACCD60AEFD185903C5\TenioDL\teniodl.exe
FirewallRules: [{BE36E881-D2F3-4BDA-873B-D5E344EC19C8}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{684762C8-09C7-4D20-9CB2-0AB204FCB721}] => (Allow) G:\Non-Steam Games\Monster Hunter Online\Monster Hunter Online\Bin\Client\IIPS\iipshostapp.exe
FirewallRules: [{75E28886-DB3E-42BD-AEF6-4AFC51A2893F}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{73C8C34B-996A-42BB-9E0A-83CBC1746732}] => (Allow) G:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D8DA5CEC-1D66-42C7-8B78-73163972EB98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{9C0CA1A0-16C0-465B-B993-B151C7891A50}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{40E2A678-1545-4C46-A612-8AAF7EC23DD1}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [TCP Query User{9739C598-80F5-4741-8A01-E3E405A3F46B}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0C3A87F1-55D8-4C31-8311-9F6E02BE9576}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{D6A13C37-397B-43B1-B4C3-1811650C09DD}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{AF66AF0B-6362-47C7-830E-FE6962B43302}] => (Allow) G:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{263AD6B1-E37B-455B-A44C-CD7DCE21974E}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{9240B2EF-2D8E-4E3E-A98B-97128E127B4D}] => (Allow) G:\Steam\SteamApps\common\Depth\BETA\Binaries\Win32\DepthGame.exe
FirewallRules: [{8D538934-A429-4E32-A470-6ADBCED3F4AB}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{0587789B-43B1-4355-96D1-2C34AA798207}] => (Allow) G:\Steam\SteamApps\common\Natural Selection 2\NS2.exe
FirewallRules: [{84627E43-4C3B-4134-989E-FFFF1949E403}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{E0BAB900-2391-4176-8E6D-DB728B375794}] => (Allow) G:\Steam\SteamApps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{8B626F06-40B1-4CA8-A7C7-02D7E6864E0F}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A639E62A-CD46-415C-87FC-E23CA40FDFDD}] => (Allow) G:\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

06-03-2017 21:24:49 Installed Zoo Tycoon 2 - Ultimate Collection

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2017 07:32:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/29/2017 06:22:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RANY)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/29/2017 05:56:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/29/2017 04:03:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/28/2017 08:14:32 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/28/2017 08:12:54 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/28/2017 08:11:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is WMI Objects. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (03/28/2017 08:09:49 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/28/2017 08:09:30 PM) (Source: CertEnroll) (EventID: 57) (User: NT AUTHORITY)
Description: The "Microsoft Base Smart Card Crypto Provider" provider was not loaded because initialization failed.

Error: (03/28/2017 07:16:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent


System errors:
=============
Error: (03/29/2017 06:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/29/2017 06:22:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wcmsvc service.

Error: (03/29/2017 06:22:23 PM) (Source: DCOM) (EventID: 10010) (User: RANY)
Description: The server CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mca did not register with DCOM within the required timeout.

Error: (03/29/2017 06:21:49 PM) (Source: DCOM) (EventID: 10005) (User: RANY)
Description: DCOM got error "170" attempting to start the service MBAMService with arguments "Unavailable" in order to run the server:
{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}

Error: (03/29/2017 06:21:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
The requested resource is in use.

Error: (03/29/2017 06:21:48 PM) (Source: DCOM) (EventID: 10005) (User: RANY)
Description: DCOM got error "170" attempting to start the service MBAMService with arguments "Unavailable" in order to run the server:
{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}

Error: (03/29/2017 06:21:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
The requested resource is in use.

Error: (03/29/2017 06:21:47 PM) (Source: DCOM) (EventID: 10005) (User: RANY)
Description: DCOM got error "170" attempting to start the service MBAMService with arguments "Unavailable" in order to run the server:
{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}

Error: (03/29/2017 06:21:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Malwarebytes Service service failed to start due to the following error:
The requested resource is in use.

Error: (03/29/2017 06:21:46 PM) (Source: DCOM) (EventID: 10005) (User: RANY)
Description: DCOM got error "170" attempting to start the service MBAMService with arguments "Unavailable" in order to run the server:
{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}


CodeIntegrity:
===================================
Date: 2017-03-24 20:04:45.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-03-02 23:02:35.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-19 19:02:26.632
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-11 23:42:31.566
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-10 20:20:45.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-09 21:55:28.712
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-08 21:07:40.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-02 14:23:36.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-12-14 18:59:40.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-16 18:20:33.005
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 35%
Total physical RAM: 8143.07 MB
Available physical RAM: 5267.57 MB
Total Virtual: 14799.07 MB
Available Virtual: 11942.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.01 GB) (Free:11.92 GB) NTFS
Drive f: (USB) (Removable) (Total:31.99 GB) (Free:31.99 GB) FAT32
Drive g: (New Volume) (Fixed) (Total:931.39 GB) (Free:365.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E8FD8D51)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 29th, 2017, 7:39 pm

I was able to delete some of the software but I'm not if

FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe


is an address to a file I may have missed. If it is an address, how can I navigate to it and delete this file?
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » March 30th, 2017, 9:07 am

Hello JustTheEngineer,

JustTheEngineer wrote:I was able to delete some of the software but I'm not if

FirewallRules: [TCP Query User{477E4D73-E14F-4979-BA4E-463E509A435C}C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe] => (Allow) C:\users\primitive\appdata\local\temp\rar$exa0.688\microsoft toolkit.exe


is an address to a file I may have missed. If it is an address, how can I navigate to it and delete this file?

Don't worry about this entry for now. Please follow the instructions below..


  • Please download Malwarebyes Anti-Rootkit Beta from Here
  • Save it to your Desktop.
  • Right-Click on mbar-1.09.3.1001.exe and select Run as Administrator.
  • Extract the files to your Desktop and MBAR will automatically open.
  • Click on Next and then Update.
  • Select Next and ensure that the following boxes are checked:
    • Drivers
    • Sectors
    • System
  • Click on Scan and the scan will start.
  • Once completed, please ensure that all flagged items are checked and select Cleanup.
    Please note that a reboot might be required at this point.
  • The MBAR log can be found inside the MBAR folder on your desktop as MBAR-log-<date>.txt
  • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you encounter any problem while following my instruction?
  • Mbar log
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2686
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 30th, 2017, 5:18 pm

I could not run Malwarebytes Anti-Rookit Beta. Once I installed it on my computer's desktop and tried to run as an administrator, I got the following error message:

C:\Users\Primitive\Desktop\mba-1.09.3.1001.exe

The request resource is in use
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » March 30th, 2017, 6:12 pm

Hello JustTheEngineer,

JustTheEngineer wrote:I could not run Malwarebytes Anti-Rookit Beta. Once I installed it on my computer's desktop and tried to run as an administrator, I got the following error message:

C:\Users\Primitive\Desktop\mba-1.09.3.1001.exe

The request resource is in use

Yes, this is caused by the trojan on your computer. Let's try the following..

  • Please download Rkill from one of the following links.
  • Save it to your Desktop.
  • Right-click on Rkill and select Run as administrator.
  • A command windows will appear and dissapear once the scan is completed. This is normal.
  • Once the process is finished a notepad window will appear. Please copy/paste the contents in your next reply.

Next..

Malwarebyes Anti-Rootkit Supplement
  • Please download Malwarebyes Anti-Rootkit Supplement from Here.
  • Save it to your Desktop.
  • Double-Click on mbar-1.09.3.1001.zip.
  • Extract the files to your Desktop.
  • Locate mbar.cmd and double-click on it to open MBAR.
  • Click on Next and then Update.
  • Select Next and ensure that the following boxes are checked:
    • Drivers
    • Sectors
    • System
  • Click on Scan and the scan will start.
  • Once completed, please ensure that all flagged items are checked and select Cleanup.
    Please note that a reboot might be required at this point.
  • The MBAR log can be found inside the MBAR folder on your desktop as MBAR-log-<date>.txt
  • Please post it in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble with any of the steps?
  • Rkill report
  • MBAR-log-<date>.txt
  • Update on your computer's behaviour.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2686
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 30th, 2017, 6:43 pm

I'm getting the same error where it says the "The request resource is in use" when I try and use the rkill.exe file. Should I try using the others or will that not make a difference?
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top

Re: Google Chrome is running slower and displaying ads

Unread postby mAL_rEm018 » March 30th, 2017, 6:57 pm

Hello JustTheEngineer

JustTheEngineer wrote:I'm getting the same error where it says the "The request resource is in use" when I try and use the rkill.exe file. Should I try using the others or will that not make a difference?

Yes try using the others and if they don't work, forget about Rkill and move on to Malwarebytes Anti-Rootkit Supplement.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2686
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Top

Re: Google Chrome is running slower and displaying ads

Unread postby JustTheEngineer » March 30th, 2017, 7:42 pm

Had no luck with the Rkill programs. Got the error will all three programs except rkill.scr. When I ran rkill.scr the first time it ran and created a program called rkill64.exe and an rkill.txt log that had no text in it. Tried to run the rkill.scr again and I got the resource error, same thing happened when I tried running the new rkill64.exe.

Did the MBARS program but I don't notice any change in my computer's behavior. It still has proxy errors when I use Google Chrome.

Here's the log from MBAR.
JustTheEngineer
Regular Member
 
Posts: 57
Joined: January 10th, 2017, 10:43 pm
Top
Advertisement
Register to Remove
Next
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index