[SOLVED] DISM doesn't work

Status
Not open for further replies.

SonnyChill

Active member
Joined
Jul 14, 2024
Posts
26
I want to factory reset my pc but the Windows reset hits me with the "There was a problem resetting your pc no changes were made in Windows". After this error, I've tried every solution which included using sfc /scannow, which was giving me the "Windows Resource Protection could not start the repair service." error, which once again led me to using the DISM restorehealth command. But after pressing enter, this error pops up "An error occurred while attempting to start the servicing process for the image located at C:\. For more information, review the log file.". So I found this thread explaining what to do so I will attach the .txt files here and wait for more instructions.
 

Attachments

Hello, and welcome to Sysnative Forums.
EPFGbk7.gif


I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below. As soon as I have your consent, I'll start the cleaning procedure.

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
 
I don't have any cracked or pirated games at this moment, but i did have them in the past. I'm fairly certain though that they are the reason my pc has been acting weird for quite some time. Otherwise, you have any consent you need to start the cleaning process
 
Hi, SonnyChill.

Yes, the computer is infected.

We need to uninstall some programs first, and then check fresh FRST logs.


1. Uninstall programs

1.1. P2P programs

You have qBittorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it now.


1.2. Java

There are very few reasons these days to continue having Java installed on your computer. However, if you do elect to keep Java, it needs to be updated to the latest version which you can find here: Java SE Runtime Environment 8 - Downloads. Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

FOR NOW, just uninstall:

Java 8 Update 301
Java 8 Update 51


1.3. Avast SecureLine VPN

There are signs that the program is missing some files. It is better to uninstall it now, and when we finish, if you would like, you can install it again.


1.4. Synej PC Cleaner

I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. My recommendation is to uninstall this program too.



2. Fresh FRST logs

After all the above uninstalls, please attach for me fresh FRST logs to check.




In your next reply, please post:
  1. If you uninstalled qBittorent
  2. If you successfully uninstalled Java, Avast VPN and Synej PC Cleaner
  3. Fresh FRST logs, Addition and FRST
 
Hi, SonnyChill.

It took me a lot of time to review your logs.

I have a question:

Do you recognize these items on your Desktop? If you don't need them, go on to delete them.

2024-07-05 16:12 - 2024-07-05 16:11 - 003450846 _____ C:\Users\Xander\Desktop\content_warning_286aa0a0.webm
2024-07-05 15:59 - 2024-07-05 15:58 - 003532134 _____ C:\Users\Xander\Desktop\content_warning_8f19e4f5.webm
2024-07-05 15:46 - 2024-07-05 15:41 - 004022182 _____ C:\Users\Xander\Desktop\content_warning_b51bcb51.webm
2024-07-05 15:27 - 2024-07-05 15:25 - 003147024 _____ C:\Users\Xander\Desktop\content_warning_a01d6b4a.webm
2024-07-05 15:17 - 2024-07-05 15:15 - 003693113 _____ C:\Users\Xander\Desktop\content_warning_6ee608b0.webm
2024-07-05 15:03 - 2024-07-05 15:00 - 004050707 _____ C:\Users\Xander\Desktop\content_warning_35d5c424.webm
2024-07-05 14:54 - 2024-07-05 14:52 - 003736005 _____ C:\Users\Xander\Desktop\content_warning_aa83ebbf.webm
2024-07-05 14:47 - 2024-07-05 14:45 - 003887001 _____ C:\Users\Xander\Desktop\content_warning_3a146e13.webm
2024-07-05 14:35 - 2024-07-05 14:32 - 003722610 _____ C:\Users\Xander\Desktop\content_warning_21167b2c.webm
2024-07-05 00:28 - 2024-07-05 00:26 - 003657475 _____ C:\Users\Xander\Desktop\content_warning_d2641ef2.webm
2024-07-05 00:10 - 2024-07-05 00:08 - 003860551 _____ C:\Users\Xander\Desktop\content_warning_b49e276a.webm
2024-07-04 23:58 - 2024-07-04 23:56 - 003207199 _____ C:\Users\Xander\Desktop\content_warning_81b34e5f.webm
2024-07-04 23:50 - 2024-07-04 23:48 - 003573164 _____ C:\Users\Xander\Desktop\content_warning_9eff3710.webm
2024-07-04 23:38 - 2024-07-04 23:37 - 003383853 _____ C:\Users\Xander\Desktop\content_warning_4d76641d.webm
2024-07-04 23:30 - 2024-07-04 23:29 - 003692445 _____ C:\Users\Xander\Desktop\content_warning_bfe27531.webm
2024-07-04 23:23 - 2024-07-04 23:21 - 003461839 _____ C:\Users\Xander\Desktop\content_warning_05df1996.webm
2024-07-04 23:12 - 2024-07-04 23:10 - 003472565 _____ C:\Users\Xander\Desktop\content_warning_f6f1abf6.webm
2024-07-04 22:55 - 2024-07-04 22:55 - 000000223 _____ C:\Users\Xander\Desktop\Content Warning.url


Synej PC Cleaner was not uninstalled. I'll include it in the fix to get uninstalled.


Moving on.


1. Remove an Edge extension

Please, remove Hoxx VPN Proxy extension from your Edge.



2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AV: Kaspersky Anti-Virus (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [3442]
AlternateDataStreams: C:\ProgramData\freebl3.dll:73198F5FA8 [3442]
AlternateDataStreams: C:\ProgramData\mozglue.dll:E70ABABF3B [3442]
AlternateDataStreams: C:\ProgramData\msvcp140.dll:377D193849 [3442]
AlternateDataStreams: C:\ProgramData\nss3.dll:4D85C0477E [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat:D4F6BC83AF [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG1:94949E25BC [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat.LOG2:CCE2DBB696 [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat{5352b14e-3606-11ed-b482-7427ea12bb85}.TM.blf:CF3181BAD7 [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat{5352b14e-3606-11ed-b482-7427ea12bb85}.TMContainer00000000000000000001.regtrans-ms:91D21377CA [3442]
AlternateDataStreams: C:\ProgramData\ntuser.dat{5352b14e-3606-11ed-b482-7427ea12bb85}.TMContainer00000000000000000002.regtrans-ms:A334921E67 [3442]
AlternateDataStreams: C:\ProgramData\softokn3.dll:36323B3C9D [3442]
AlternateDataStreams: C:\ProgramData\vcruntime140.dll:77600C94A7 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doxillion Document Converter.lnk:8EE6E08816 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk:E076B612B9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk:17F06177B6 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk:D9AE717392 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk:B4E9412B98 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RecordPad Sound Recorder.lnk:F207B055C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs Desktop.lnk:578370639A [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [6170]
AlternateDataStreams: C:\Users\Xander\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Xander\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll => No File
HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [TCP Query User{E2BF9E1A-9DDF-4762-B299-D3C41B014DF7}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [UDP Query User{672C364B-A22F-45D5-8596-BE108BE2A027}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [TCP Query User{F1E503E4-B176-4D8E-A9A6-80D3BAB1B262}C:\users\xander\appdata\local\temp\rar$exa640.40595\microtown.v0.3.10\microtown.v0.3.10\microtown.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa640.40595\microtown.v0.3.10\microtown.v0.3.10\microtown.exe => No File
FirewallRules: [UDP Query User{1A3C3168-B537-4B34-858C-0C8FE9B4E73F}C:\users\xander\appdata\local\temp\rar$exa640.40595\microtown.v0.3.10\microtown.v0.3.10\microtown.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa640.40595\microtown.v0.3.10\microtown.v0.3.10\microtown.exe => No File
FirewallRules: [TCP Query User{65356F7A-F9D9-43FE-A349-088FABF6B516}C:\users\xander\appdata\local\temp\rar$exa1960.46299\microtown.v0.3.10\microtown.v0.3.10\microtown.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa1960.46299\microtown.v0.3.10\microtown.v0.3.10\microtown.exe => No File
FirewallRules: [UDP Query User{44FDF6F7-44DA-45F6-9CB1-33E272282FDF}C:\users\xander\appdata\local\temp\rar$exa1960.46299\microtown.v0.3.10\microtown.v0.3.10\microtown.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa1960.46299\microtown.v0.3.10\microtown.v0.3.10\microtown.exe => No File
FirewallRules: [{095F0EBD-DCC8-4E89-8D0B-1DAB8C68B6DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{6EABB305-4697-437B-B1D2-CF1EF71207A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [TCP Query User{9E692134-64E3-4959-8B7C-9CB05458EECB}C:\users\xander\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\xander\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [UDP Query User{29AB0941-47FB-4C44-8378-47A7CFB06AE3}C:\users\xander\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\users\xander\appdata\roaming\.minecraft\runtime\java-runtime-alpha\windows\java-runtime-alpha\bin\javaw.exe => No File
FirewallRules: [{2EBF40E5-AF83-4878-9712-1546FB8468C3}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [TCP Query User{880A012F-B85D-49DF-82AC-0C27C3BAB347}C:\users\xander\appdata\local\temp\rar$exa7336.1744\family.man\family man\familyman.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7336.1744\family.man\family man\familyman.exe => No File
FirewallRules: [UDP Query User{B1EAE3E5-FF48-4946-9BCA-6300795F1998}C:\users\xander\appdata\local\temp\rar$exa7336.1744\family.man\family man\familyman.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7336.1744\family.man\family man\familyman.exe => No File
FirewallRules: [TCP Query User{A45FEA1C-1B57-4A4F-8784-8A6C709F7052}C:\users\xander\appdata\local\temp\rar$exa7336.13492\family.man\family man\familyman.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7336.13492\family.man\family man\familyman.exe => No File
FirewallRules: [UDP Query User{C71CFBDC-60C7-4581-8274-57AA1D52568D}C:\users\xander\appdata\local\temp\rar$exa7336.13492\family.man\family man\familyman.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7336.13492\family.man\family man\familyman.exe => No File
FirewallRules: [TCP Query User{B5FBF2EC-3B31-484B-B4BC-0F3722D5145C}C:\users\xander\appdata\local\temp\rar$exa14440.18694\family.man\family man\familyman.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa14440.18694\family.man\family man\familyman.exe => No File
FirewallRules: [UDP Query User{8075AE74-3589-4EC9-852A-ADC779FD5E9D}C:\users\xander\appdata\local\temp\rar$exa14440.18694\family.man\family man\familyman.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa14440.18694\family.man\family man\familyman.exe => No File
FirewallRules: [TCP Query User{646EB048-9DF2-4477-8108-63836EBE33ED}C:\users\xander\appdata\local\temp\rar$exa9076.29211\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa9076.29211\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe => No File
FirewallRules: [UDP Query User{6084C60B-2DAB-4E49-805C-2CE1BC0A93E1}C:\users\xander\appdata\local\temp\rar$exa9076.29211\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa9076.29211\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe => No File
FirewallRules: [TCP Query User{5EDA7260-F7BF-49A2-A7F9-B59001448703}C:\users\xander\appdata\local\crsed\launcher.exe] => (Allow) C:\users\xander\appdata\local\crsed\launcher.exe => No File
FirewallRules: [UDP Query User{4B8A5CF2-FD63-4E80-8AD7-9FC9AE44F1DA}C:\users\xander\appdata\local\crsed\launcher.exe] => (Allow) C:\users\xander\appdata\local\crsed\launcher.exe => No File
FirewallRules: [TCP Query User{FF283BA7-BE03-4BCD-A021-FD8E88371F46}C:\users\xander\appdata\local\temp\rar$exa1812.29158\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe] => (Block) C:\users\xander\appdata\local\temp\rar$exa1812.29158\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe => No File
FirewallRules: [UDP Query User{64B94DAC-4C76-43AB-ABD7-EE0C0C6C5EE4}C:\users\xander\appdata\local\temp\rar$exa1812.29158\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe] => (Block) C:\users\xander\appdata\local\temp\rar$exa1812.29158\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe => No File
FirewallRules: [TCP Query User{9D0675B9-3678-45E6-85A9-4119F7E6E4F7}C:\program files\epic games\thehuntercallofthewild\thehuntercotw_f.exe] => (Allow) C:\program files\epic games\thehuntercallofthewild\thehuntercotw_f.exe => No File
FirewallRules: [UDP Query User{DCE204C9-89A9-4DAB-93B2-E23C09B14B02}C:\program files\epic games\thehuntercallofthewild\thehuntercotw_f.exe] => (Allow) C:\program files\epic games\thehuntercallofthewild\thehuntercotw_f.exe => No File
FirewallRules: [TCP Query User{7C693357-7DC9-4ACE-B00E-B82FD3F38BC5}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{E2327F9D-E119-4EF3-893D-AC97EF4D3259}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A521BE2A-D470-48BE-9758-FFB620449963}C:\users\xander\appdata\local\temp\rar$exa8748.14229\simulacra\simulacra\simulacra.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8748.14229\simulacra\simulacra\simulacra.exe => No File
FirewallRules: [UDP Query User{9CAA3160-573E-4E56-8FBA-2825FF61725A}C:\users\xander\appdata\local\temp\rar$exa8748.14229\simulacra\simulacra\simulacra.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8748.14229\simulacra\simulacra\simulacra.exe => No File
FirewallRules: [TCP Query User{E4AC1814-5BAD-45C5-948A-AD46786DA062}C:\users\xander\appdata\local\temp\rar$exa8748.8460\simulacra\simulacra\simulacra.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8748.8460\simulacra\simulacra\simulacra.exe => No File
FirewallRules: [UDP Query User{1EC498BD-08C5-454B-B10D-7AC3BC3C6303}C:\users\xander\appdata\local\temp\rar$exa8748.8460\simulacra\simulacra\simulacra.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8748.8460\simulacra\simulacra\simulacra.exe => No File
FirewallRules: [TCP Query User{0AB4260C-EBBE-445D-9373-F9A922E6776C}C:\users\xander\appdata\local\temp\rar$exa5916.29146\simulacra\simulacra\simulacra.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa5916.29146\simulacra\simulacra\simulacra.exe => No File
FirewallRules: [UDP Query User{F17A8CF8-3017-4215-9549-E8759C5407E6}C:\users\xander\appdata\local\temp\rar$exa5916.29146\simulacra\simulacra\simulacra.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa5916.29146\simulacra\simulacra\simulacra.exe => No File
FirewallRules: [TCP Query User{9B697692-DAEA-4CAD-A250-FA8FE168AC7C}C:\program files\epic games\neonabyss\neonabyss.exe] => (Allow) C:\program files\epic games\neonabyss\neonabyss.exe => No File
FirewallRules: [UDP Query User{AF275EC5-66C1-4698-BAC2-E0C4715DE5D3}C:\program files\epic games\neonabyss\neonabyss.exe] => (Allow) C:\program files\epic games\neonabyss\neonabyss.exe => No File
FirewallRules: [{E2F42EC7-35CB-4BAF-BC5A-944BB1DD369B}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe => No File
FirewallRules: [{E619F4B9-79F3-4678-8CAE-35F67695EEF7}] => (Allow) C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe => No File
FirewallRules: [TCP Query User{29FE51B6-811C-41ED-B1C6-C560B9189B31}C:\users\xander\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\xander\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [UDP Query User{F17DE9A7-421F-4B57-8F14-B6C0FFF4BCCB}C:\users\xander\appdata\local\gamecenter\gamecenter.exe] => (Allow) C:\users\xander\appdata\local\gamecenter\gamecenter.exe => No File
FirewallRules: [TCP Query User{DCC1D8B9-28FD-4EDB-BAEF-84222C71549A}D:\mygames\warface my.com\bin64release\game.exe] => (Allow) D:\mygames\warface my.com\bin64release\game.exe => No File
FirewallRules: [UDP Query User{40E377D6-62D9-4BCF-BDCC-4CA8C32FBB02}D:\mygames\warface my.com\bin64release\game.exe] => (Allow) D:\mygames\warface my.com\bin64release\game.exe => No File
FirewallRules: [TCP Query User{8CFC1928-D34B-4854-9C89-0C54E7E075D5}C:\users\xander\appdata\local\temp\rar$exa15740.11069\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa15740.11069\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe => No File
FirewallRules: [UDP Query User{5A2CF7F7-43AC-4A1E-B2C6-20BB25A1F47F}C:\users\xander\appdata\local\temp\rar$exa15740.11069\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa15740.11069\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe => No File
FirewallRules: [TCP Query User{2A6F9D99-E882-48D9-B10C-034FB2F9755A}C:\users\xander\appdata\local\temp\rar$exa7792.19419\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe] => (Block) C:\users\xander\appdata\local\temp\rar$exa7792.19419\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe => No File
FirewallRules: [UDP Query User{4F1D61DF-723D-4617-8DAC-8A73100ECB0B}C:\users\xander\appdata\local\temp\rar$exa7792.19419\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe] => (Block) C:\users\xander\appdata\local\temp\rar$exa7792.19419\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe => No File
FirewallRules: [TCP Query User{466CE06D-C787-4C78-BE18-33E80598381E}C:\users\xander\appdata\local\temp\rar$exa13324.13817\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa13324.13817\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe => No File
FirewallRules: [UDP Query User{93F7C58E-E26A-4148-944B-8AF9947F5539}C:\users\xander\appdata\local\temp\rar$exa13324.13817\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa13324.13817\plague.inc.evolved.v1.18.4.0\plague.inc.evolved.v1.18.4.0\plagueincevolved.exe => No File
FirewallRules: [TCP Query User{A5650CBA-D9AB-41D1-9CA8-B9667998258C}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [UDP Query User{ED0FCD80-1BA7-4251-9D85-0BE0CC4EBC0A}D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe => No File
FirewallRules: [TCP Query User{38E6105E-510C-4EB3-9C43-00265027355D}C:\users\xander\appdata\local\temp\rar$exa11384.10431\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa11384.10431\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe => No File
FirewallRules: [UDP Query User{1C5B92CE-0FE7-4C40-B973-962A49CC83B0}C:\users\xander\appdata\local\temp\rar$exa11384.10431\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa11384.10431\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe => No File
FirewallRules: [TCP Query User{ED89A8F4-0956-4573-AF00-DD190E688F3E}C:\users\xander\appdata\local\temp\rar$exa6656.41648\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa6656.41648\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe => No File
FirewallRules: [UDP Query User{927E02FC-7767-496C-86DE-53BF5B1258D7}C:\users\xander\appdata\local\temp\rar$exa6656.41648\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa6656.41648\among.us.v2021.12.16s\among.us.v2021.12.16s\among us.exe => No File
FirewallRules: [TCP Query User{9E110192-9FC8-4C38-ABF5-A0AD71C7C31D}C:\users\xander\appdata\local\temp\rar$exa20856.13336\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa20856.13336\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [UDP Query User{05B5646B-1B79-49D5-8449-BC143F8FF321}C:\users\xander\appdata\local\temp\rar$exa20856.13336\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa20856.13336\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [TCP Query User{739B14AD-4540-4545-94F9-8CBDBB398F84}D:\steamlibrary\steamapps\common\deceit\bin\win_x64\deceit.exe] => (Allow) D:\steamlibrary\steamapps\common\deceit\bin\win_x64\deceit.exe => No File
FirewallRules: [UDP Query User{15611A26-FBAD-4F9B-9F2E-BADD5652B6E5}D:\steamlibrary\steamapps\common\deceit\bin\win_x64\deceit.exe] => (Allow) D:\steamlibrary\steamapps\common\deceit\bin\win_x64\deceit.exe => No File
FirewallRules: [TCP Query User{B3E172BF-DABC-4A66-9FCF-9D9A8060E168}C:\users\xander\appdata\local\temp\rar$exa10672.42446\project.zomboid.v41.65\project.zomboid.v41.65\projectzomboid64.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa10672.42446\project.zomboid.v41.65\project.zomboid.v41.65\projectzomboid64.exe => No File
FirewallRules: [UDP Query User{D40A5EA8-A5CF-464D-90B3-CCCB9B290719}C:\users\xander\appdata\local\temp\rar$exa10672.42446\project.zomboid.v41.65\project.zomboid.v41.65\projectzomboid64.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa10672.42446\project.zomboid.v41.65\project.zomboid.v41.65\projectzomboid64.exe => No File
FirewallRules: [TCP Query User{3139F889-11FA-4558-9A97-E747EDF556F6}C:\users\xander\appdata\local\temp\rar$exa13684.18357\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hoi4.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa13684.18357\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hoi4.exe => No File
FirewallRules: [UDP Query User{37C5F3D2-4948-41E1-B599-3F6CA6E28A81}C:\users\xander\appdata\local\temp\rar$exa13684.18357\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hoi4.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa13684.18357\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hearts.of.iron.iv.v1.11.7.incl.all.dlc\hoi4.exe => No File
FirewallRules: [{BABC10F9-0444-454F-864B-2FF0951EDD76}] => (Allow) C:\Program Files (x86)\Zona\Zona.exe => No File
FirewallRules: [{6C3298F1-EDE6-48EC-9BD6-CB2EAA33A588}] => (Allow) C:\Program Files (x86)\Zona\Zona.exe => No File
FirewallRules: [{5AB126A1-0E24-4DCC-BE05-9871A6F1B02E}] => (Allow) D:\SteamLibrary\steamapps\common\The Two of Us\The Two of Us\The Two of Us.exe => No File
FirewallRules: [{2484AEAC-ECF0-47A9-B434-490D5572F88C}] => (Allow) D:\SteamLibrary\steamapps\common\The Two of Us\The Two of Us\The Two of Us.exe => No File
FirewallRules: [TCP Query User{683BEAF7-B708-4036-908D-AF4D10D8FAD1}C:\users\xander\appdata\local\temp\rar$exa27484.22261\windowsnoeditor\whereismyhammer\binaries\win64\whereismyhammer.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa27484.22261\windowsnoeditor\whereismyhammer\binaries\win64\whereismyhammer.exe => No File
FirewallRules: [UDP Query User{4FF0A8B9-974C-4DB8-9B6E-6CBCC985882E}C:\users\xander\appdata\local\temp\rar$exa27484.22261\windowsnoeditor\whereismyhammer\binaries\win64\whereismyhammer.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa27484.22261\windowsnoeditor\whereismyhammer\binaries\win64\whereismyhammer.exe => No File
FirewallRules: [TCP Query User{E94EC9F2-C562-47CB-9865-ED03FE761BA4}C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe] => (Allow) C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe => No File
FirewallRules: [UDP Query User{5B54B8C2-4BC5-43C0-A330-3F05B5356255}C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe] => (Allow) C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe => No File
FirewallRules: [TCP Query User{9F8D7E26-9969-400B-ABDD-75F2B1902365}C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win32\udk.exe] => (Allow) C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win32\udk.exe => No File
FirewallRules: [UDP Query User{8D07945B-B58F-4524-B7CD-3F8203AA6F51}C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win32\udk.exe] => (Allow) C:\users\xander\desktop\vcd\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win32\udk.exe => No File
FirewallRules: [{D497F56A-846A-4A9C-B9D8-48185B8DD738}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe => No File
FirewallRules: [TCP Query User{8B77BD79-4AD0-45AC-8410-14EDBFEEC751}D:\program files\epic games\xcom2\binaries\win64\xcom2.exe] => (Allow) D:\program files\epic games\xcom2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{D5060AEC-743E-4FFC-A87D-C856EFCE9A33}D:\program files\epic games\xcom2\binaries\win64\xcom2.exe] => (Allow) D:\program files\epic games\xcom2\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{88A3DA60-F257-4CE3-93BF-46DA9057374B}C:\users\xander\appdata\local\temp\rar$exa16444.2535\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa16444.2535\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe => No File
FirewallRules: [UDP Query User{4C74EE0E-1B76-480A-8C8D-A9A656A642A7}C:\users\xander\appdata\local\temp\rar$exa16444.2535\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa16444.2535\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe => No File
FirewallRules: [TCP Query User{F0C8FAB6-3830-4E69-8805-25E8DE824CC4}C:\users\xander\appdata\local\temp\rar$exa2884.1853\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa2884.1853\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe => No File
FirewallRules: [UDP Query User{D18FBA5D-189C-45C9-B458-6D4C9A5F2FDB}C:\users\xander\appdata\local\temp\rar$exa2884.1853\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa2884.1853\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe => No File
FirewallRules: [TCP Query User{380380A9-69FB-4F93-98FC-DEB1963421F9}C:\users\xander\appdata\local\temp\rar$exa13052.27483\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa13052.27483\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe => No File
FirewallRules: [UDP Query User{5AA1C4A7-B4A1-4011-8046-EFB9D147A9EE}C:\users\xander\appdata\local\temp\rar$exa13052.27483\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa13052.27483\kyle.is.famous.complete.edition\kyle is famous\kyle is famous.exe => No File
FirewallRules: [TCP Query User{A05D0F15-F5A3-461A-B2A7-0500CE303BFE}C:\users\xander\appdata\local\temp\rar$exa15660.37501\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa15660.37501\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe => No File
FirewallRules: [UDP Query User{0D5E4D52-2178-42FF-80C7-483B0557C657}C:\users\xander\appdata\local\temp\rar$exa15660.37501\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa15660.37501\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe => No File
FirewallRules: [TCP Query User{8FF06B02-EBF8-4FCF-8186-07B371743EE5}C:\users\xander\appdata\local\temp\rar$exa18984.2537\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa18984.2537\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe => No File
FirewallRules: [UDP Query User{1DE8FF7B-C02A-4054-ADF1-87DFFF79DE67}C:\users\xander\appdata\local\temp\rar$exa18984.2537\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa18984.2537\911.operator.v17.10.2021\911.operator.v17.10.2021\911.exe => No File
FirewallRules: [TCP Query User{9AACE308-183E-4264-B2DE-9918DC91981F}C:\users\xander\appdata\local\temp\rar$exa6796.25839\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa6796.25839\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe => No File
FirewallRules: [UDP Query User{B7D5479C-8505-4C00-8205-E93954BED422}C:\users\xander\appdata\local\temp\rar$exa6796.25839\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa6796.25839\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe => No File
FirewallRules: [TCP Query User{C6974C37-55D3-4A58-92A3-C42BC48C6508}C:\users\xander\appdata\local\temp\rar$exa2624.30845\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa2624.30845\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe => No File
FirewallRules: [UDP Query User{0AE3E31F-E0C2-4AAC-A18E-F8061C827118}C:\users\xander\appdata\local\temp\rar$exa2624.30845\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa2624.30845\passpartout.the.starving.artist.v24.10.2017\passpartout.the.starving.artist.v24.10.2017\passpartout.exe => No File
FirewallRules: [TCP Query User{C2198B01-401C-426A-992E-269B069973D2}C:\users\xander\appdata\local\temp\rar$exa21088.8023\ready.or.not.v21474\ready.or.not.v21474\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa21088.8023\ready.or.not.v21474\ready.or.not.v21474\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File
FirewallRules: [UDP Query User{846AE0EA-A833-4F7D-9864-A0E1DF7833F3}C:\users\xander\appdata\local\temp\rar$exa21088.8023\ready.or.not.v21474\ready.or.not.v21474\readyornot\binaries\win64\readyornot-win64-shipping.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa21088.8023\ready.or.not.v21474\ready.or.not.v21474\readyornot\binaries\win64\readyornot-win64-shipping.exe => No File
FirewallRules: [TCP Query User{D5C07338-21D6-4A25-98A8-92A6E1E935BB}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe => No File
FirewallRules: [UDP Query User{4530A437-27D1-4BD9-BD76-BC3388140B92}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe => No File
FirewallRules: [TCP Query User{44B6D0A0-BA25-41AF-9B31-8218496920FC}D:\the henry stickmin collection\henrystickmin.exe] => (Allow) D:\the henry stickmin collection\henrystickmin.exe => No File
FirewallRules: [UDP Query User{88E25D0A-A7DC-4C19-8BE4-4F641385D60E}D:\the henry stickmin collection\henrystickmin.exe] => (Allow) D:\the henry stickmin collection\henrystickmin.exe => No File
FirewallRules: [TCP Query User{B981964F-43A6-4158-B178-4E2DC7673C30}C:\users\xander\appdata\local\temp\rar$exa14624.47444\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa14624.47444\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe => No File
FirewallRules: [UDP Query User{F3579460-C228-4EC2-ADA3-C8D42522247B}C:\users\xander\appdata\local\temp\rar$exa14624.47444\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa14624.47444\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe => No File
FirewallRules: [TCP Query User{7DDE9C86-D8C7-484B-9A58-6E1179FB0E3C}C:\users\xander\desktop\new folder\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe] => (Allow) C:\users\xander\desktop\new folder\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe => No File
FirewallRules: [UDP Query User{92C16A42-BAFA-4F53-A01B-BC3ECC533F08}C:\users\xander\desktop\new folder\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe] => (Allow) C:\users\xander\desktop\new folder\hooked.on.you.a.dead.by.daylight.dating.sim\hooked.on.you.a.dead.by.daylight.dating.sim\hooked on you.exe => No File
FirewallRules: [TCP Query User{824FD9F1-8571-4268-8501-FE7550D82A78}C:\users\xander\appdata\local\temp\rar$exa684.14444\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa684.14444\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{1538C2EF-EEE4-4A9D-A1CA-01293FDB0F49}C:\users\xander\appdata\local\temp\rar$exa684.14444\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa684.14444\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{67E4B67E-B79C-4A4C-BA80-FD668C2201B9}C:\users\xander\appdata\local\temp\rar$exa684.29190\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa684.29190\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{AE62E467-9F5F-4358-BB8D-CCFCE35EC38E}C:\users\xander\appdata\local\temp\rar$exa684.29190\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa684.29190\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{E1E5A3AF-D119-4DAE-8442-8A8573B37FDF}C:\users\xander\appdata\local\temp\rar$exa23424.7640\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.7640\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{1999197F-33D0-4EA8-B6C5-1B4B3E93DC4B}C:\users\xander\appdata\local\temp\rar$exa23424.7640\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.7640\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{6FED821E-FE37-49DE-AF72-8D4EAC7439BF}C:\users\xander\appdata\local\temp\rar$exa23424.13509\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.13509\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{65674BC1-3BC6-40D3-8338-5864CCF66A17}C:\users\xander\appdata\local\temp\rar$exa23424.13509\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.13509\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{4C8E5909-BAE7-4F5A-B45F-196D4D3D0988}C:\users\xander\appdata\local\temp\rar$exa23424.10912\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.10912\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{A2D7259C-EB41-47D8-9575-D172B35C298C}C:\users\xander\appdata\local\temp\rar$exa23424.10912\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.10912\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{0FCE0541-0FA1-4F67-906C-A83BF7DC6E50}C:\users\xander\appdata\local\temp\rar$exa23424.17012\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.17012\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{636079C2-610E-464E-962B-2A74AFCFA00F}C:\users\xander\appdata\local\temp\rar$exa23424.17012\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23424.17012\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{8B8646FB-6853-4A0E-B93D-DF3974714F79}C:\users\xander\appdata\local\temp\rar$exa7244.23142\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.23142\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{29B0C26C-B1CE-4B53-AF6A-04B9EC920B88}C:\users\xander\appdata\local\temp\rar$exa7244.23142\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.23142\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{B5788380-D0B9-4142-BDD4-FA23F1FF0756}C:\users\xander\appdata\local\temp\rar$exa7244.43757\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.43757\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{13A874E3-2F56-4D32-8420-305BE1DD45EC}C:\users\xander\appdata\local\temp\rar$exa7244.43757\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.43757\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{0B36B999-F209-43EB-8D42-60A54A5DF409}C:\users\xander\appdata\local\temp\rar$exa7244.49280\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.49280\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{8B540E93-EAE5-460C-946E-0AE44E2849A8}C:\users\xander\appdata\local\temp\rar$exa7244.49280\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.49280\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{3519C1F2-B4AC-4064-A9C6-F588CB195C23}C:\users\xander\appdata\local\temp\rar$exa7244.8996\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.8996\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{BDAFCE05-9442-4B9D-A410-3245AA0DD743}C:\users\xander\appdata\local\temp\rar$exa7244.8996\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa7244.8996\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{14636F3C-894C-4009-89A6-5DF8FC3C4E50}C:\users\xander\appdata\local\temp\rar$exa20888.7703\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa20888.7703\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{0F63C022-3B1A-40A2-8EC2-8A9F68228BC8}C:\users\xander\appdata\local\temp\rar$exa20888.7703\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa20888.7703\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{611F1677-29C0-4E0D-A14A-664A9144A621}C:\users\xander\appdata\local\temp\rar$exa23180.44543\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23180.44543\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{F977EAE5-5C65-4812-8A4C-E321DC745283}C:\users\xander\appdata\local\temp\rar$exa23180.44543\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23180.44543\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{0894795C-78E2-4A62-8CA9-A0A58B1B501C}C:\users\xander\appdata\local\temp\rar$exa23180.42608\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23180.42608\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{559DA6E5-4560-4AF5-AB90-B10D7B74F126}C:\users\xander\appdata\local\temp\rar$exa23180.42608\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23180.42608\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{034E8E85-8AD7-4E0E-8582-2A5806CC22A7}C:\users\xander\appdata\local\temp\rar$exa23180.38966\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23180.38966\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{2BFE09AD-5253-4280-8D0A-8870C6BF5720}C:\users\xander\appdata\local\temp\rar$exa23180.38966\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa23180.38966\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{131ED806-E176-4E5D-865A-74A7DAD3858E}C:\users\xander\appdata\local\temp\rar$exa8572.30756\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8572.30756\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{9FC0D707-D66E-45C8-BEA7-9EC0FB87CCAA}C:\users\xander\appdata\local\temp\rar$exa8572.30756\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8572.30756\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{54B602F2-D9B9-40C4-B2A4-DB85EADD0A12}C:\users\xander\appdata\local\temp\rar$exa8572.47243\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8572.47243\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{A38DDE06-C548-4049-81DA-73E27E59C313}C:\users\xander\appdata\local\temp\rar$exa8572.47243\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8572.47243\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{766443E0-F8C1-4C98-933D-E99B62D8B3F0}C:\users\xander\appdata\local\temp\rar$exa8572.17758\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8572.17758\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{31D56379-A387-48F4-A9C9-AC0C571CE3C8}C:\users\xander\appdata\local\temp\rar$exa8572.17758\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa8572.17758\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{9A703009-C1E9-486C-92D7-D7AE9D4E512B}C:\users\xander\appdata\local\temp\rar$exa10312.6753\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa10312.6753\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{519D3EE1-AEAE-4BF3-9D6D-73FA13D90310}C:\users\xander\appdata\local\temp\rar$exa10312.6753\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa10312.6753\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [TCP Query User{CCE0D63B-69D5-470E-B340-1799E83F2B5F}C:\users\xander\appdata\local\temp\rar$exa6516.45362\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa6516.45362\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [UDP Query User{8A16B7ED-C948-402A-87A1-F45C5DA27BE7}C:\users\xander\appdata\local\temp\rar$exa6516.45362\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa6516.45362\clone.drone.in.the.danger.zone.v1.3.1.37\clone.drone.in.the.danger.zone.v1.3.1.37\clone drone in the danger zone.exe => No File
FirewallRules: [{1F904D92-95FA-439D-8CA3-A4C08BE81D3B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{07C8FA56-E3C4-4179-BD22-1AD7FB23FB59}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [File not signed]
FirewallRules: [{D4F79A99-48CA-4889-95C7-B4AF007D78F7}] => (Allow) D:\SteamLibrary\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [{129E20D1-DEB5-4A8A-9255-BFD7D8B56047}] => (Allow) D:\SteamLibrary\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [{62DCF37B-177B-45B5-B5B4-E5CB1BFC6F77}] => (Allow) D:\SteamLibrary\steamapps\common\Mafia\Mafia\setup.exe => No File
FirewallRules: [{E269A04B-703C-4704-B88F-A285E572159D}] => (Allow) D:\SteamLibrary\steamapps\common\Mafia\Mafia\setup.exe => No File
FirewallRules: [{6B4C5A78-7075-4D0B-A371-AF4394842678}] => (Allow) C:\Program Files (x86)\DODI-Repacks\Grand Theft Auto San Andreas\gta_sa.exe => No File
FirewallRules: [{319C0CAC-7252-4D3B-9C30-564965DD4D21}] => (Allow) C:\Program Files (x86)\DODI-Repacks\Grand Theft Auto San Andreas\gta_sa.exe => No File
FirewallRules: [TCP Query User{BCDF00A4-DF09-49AC-859E-4DE8536F5655}D:\games\mfe\midnightfightexpress.exe] => (Allow) D:\games\mfe\midnightfightexpress.exe => No File
FirewallRules: [UDP Query User{E7857DF0-82DA-47E4-BB16-4F654A74A498}D:\games\mfe\midnightfightexpress.exe] => (Allow) D:\games\mfe\midnightfightexpress.exe => No File
FirewallRules: [TCP Query User{7D442EDD-AFDF-4951-9829-FE4A96C88A8A}C:\users\xander\appdata\local\temp\rar$exa21316.5812\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa21316.5812\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe => No File
FirewallRules: [UDP Query User{801E446D-AD0F-436F-A1CB-BDEA8CECCD11}C:\users\xander\appdata\local\temp\rar$exa21316.5812\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa21316.5812\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe => No File
FirewallRules: [TCP Query User{E7DC4F53-4A2F-4A5B-9BE2-EE05F2DD5668}C:\users\xander\appdata\local\temp\rar$exa21316.15340\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa21316.15340\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe => No File
FirewallRules: [UDP Query User{762072B0-B249-482A-B033-AB7BE7EA94D7}C:\users\xander\appdata\local\temp\rar$exa21316.15340\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa21316.15340\tabletop.simulator.v13.1.1\tabletop.simulator.v13.1.1\tabletop simulator.exe => No File
FirewallRules: [TCP Query User{C0A2F3AB-A70C-4E75-8C8A-18296D731533}C:\users\xander\appdata\local\temp\rar$exa22780.44787\among.us.v2022.3.29s\among.us.v2022.3.29s\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa22780.44787\among.us.v2022.3.29s\among.us.v2022.3.29s\among us.exe => No File
FirewallRules: [UDP Query User{93BFD2B7-69BC-4B37-8401-65AD43B4AFAD}C:\users\xander\appdata\local\temp\rar$exa22780.44787\among.us.v2022.3.29s\among.us.v2022.3.29s\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa22780.44787\among.us.v2022.3.29s\among.us.v2022.3.29s\among us.exe => No File
FirewallRules: [TCP Query User{AEC71E30-0070-4130-84C1-C555975AA55B}C:\users\xander\appdata\local\temp\rar$exa19192.37354\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa19192.37354\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe => No File
FirewallRules: [UDP Query User{4FAF3777-1D0A-4B37-BD21-4C37B79436FF}C:\users\xander\appdata\local\temp\rar$exa19192.37354\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa19192.37354\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe => No File
FirewallRules: [TCP Query User{F0448FAB-8A10-4CFD-9ED3-083C663A8756}C:\users\xander\appdata\local\temp\rar$exa19192.39901\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa19192.39901\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe => No File
FirewallRules: [UDP Query User{50A35875-4C68-4C95-A42F-EB93C974FBA1}C:\users\xander\appdata\local\temp\rar$exa19192.39901\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe] => (Allow) C:\users\xander\appdata\local\temp\rar$exa19192.39901\among.us.v2022.7.12s.mp\among.us.v2022.7.12s.mp\among us.exe => No File
FirewallRules: [TCP Query User{009644D5-0AE2-4E03-8AAF-54D0E2794AFC}D:\warthunder\launcher.exe] => (Block) D:\warthunder\launcher.exe => No File
FirewallRules: [UDP Query User{D431A32C-7F03-48B6-A11F-775F7F7694A0}D:\warthunder\launcher.exe] => (Block) D:\warthunder\launcher.exe => No File
FirewallRules: [TCP Query User{1D6DF53E-AF2E-45AD-860D-A21DE2FDE2F7}D:\games\mfe\midnightfightexpress.exe] => (Allow) D:\games\mfe\midnightfightexpress.exe => No File
FirewallRules: [UDP Query User{F06AD8AD-3934-4B5F-B678-739A8EFD4374}D:\games\mfe\midnightfightexpress.exe] => (Allow) D:\games\mfe\midnightfightexpress.exe => No File
FirewallRules: [{4C63ACDD-75A7-4458-8A2C-91370AAD68A8}] => (Allow) D:\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{9743F7AD-B49C-4357-945D-3996B8912F89}] => (Allow) D:\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{63CEE9CD-6286-49BE-9858-31F974FC0008}] => (Allow) D:\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{504E30BA-AEB5-4A88-8E47-A26A0C456BB4}] => (Allow) D:\Epic Games\TheCycleEarlyAccess\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe => No File
FirewallRules: [{AB0C6B05-D9AC-4E15-91D4-7A80221DDD55}] => (Allow) D:\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{BD4A9FD8-CF4F-49E9-B3E5-FBBE55E4C1D4}] => (Allow) D:\qBittorrent\qbittorrent.exe => No File
FirewallRules: [{A5D76927-0C9E-4DA1-8085-386261C37111}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{BCE0AF8B-6DE8-426A-9D99-B14BBAB0EEC6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{B4628ECA-AFDC-487A-977B-7C8D627ABFE0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{3605B63A-4C02-4BEB-8AB8-0B250F945C89}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{DD2C16DA-990F-423C-97F6-0376BF6A0062}] => (Allow) D:\SteamLibrary\steamapps\common\WitchIt\WitchIt\Binaries\Win64\PropWitchHuntModule-Win64-Shipping.exe => No File
FirewallRules: [{CB25E998-F375-4D8A-9DC2-78BE713E6132}] => (Allow) D:\SteamLibrary\steamapps\common\WitchIt\WitchIt\Binaries\Win64\PropWitchHuntModule-Win64-Shipping.exe => No File
FirewallRules: [TCP Query User{D998FD30-AF9F-4C6A-BF16-92A3E08EAADC}C:\users\xander\desktop\viscera cleanup\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe] => (Allow) C:\users\xander\desktop\viscera cleanup\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe => No File
FirewallRules: [UDP Query User{144F1F0B-FC0B-4B36-8098-C4E192A9A476}C:\users\xander\desktop\viscera cleanup\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe] => (Allow) C:\users\xander\desktop\viscera cleanup\viscera.cleanup.detail.v1.145\viscera cleanup detail\binaries\win64\udk.exe => No File
FirewallRules: [TCP Query User{9C3FE43F-15F7-4084-8879-3769A56FCADF}D:\program files\epic games\sable\sable.exe] => (Allow) D:\program files\epic games\sable\sable.exe => No File
FirewallRules: [UDP Query User{984F699A-2F16-4902-B694-FA36522FA9F8}D:\program files\epic games\sable\sable.exe] => (Allow) D:\program files\epic games\sable\sable.exe => No File
FirewallRules: [TCP Query User{38BE3A94-0A8C-4B78-9E99-7A629F0C29D9}C:\users\xander\desktop\shotgun.king.the.final.checkmate.v1.35\shotgun.king.the.final.checkmate.v1.35\shotgun_king.exe] => (Allow) C:\users\xander\desktop\shotgun.king.the.final.checkmate.v1.35\shotgun.king.the.final.checkmate.v1.35\shotgun_king.exe => No File
FirewallRules: [UDP Query User{30030F15-99D4-4C88-AFB5-A1DEB2B0189C}C:\users\xander\desktop\shotgun.king.the.final.checkmate.v1.35\shotgun.king.the.final.checkmate.v1.35\shotgun_king.exe] => (Allow) C:\users\xander\desktop\shotgun.king.the.final.checkmate.v1.35\shotgun.king.the.final.checkmate.v1.35\shotgun_king.exe => No File
FirewallRules: [TCP Query User{8FD60B38-CFB1-4FBC-A758-1208DF1850FD}C:\users\xander\desktop\turmoil.v3.0.70c.incl.all.dlc\turmoil.v3.0.70c.incl.all.dlc\turmoil.exe] => (Allow) C:\users\xander\desktop\turmoil.v3.0.70c.incl.all.dlc\turmoil.v3.0.70c.incl.all.dlc\turmoil.exe => No File
FirewallRules: [UDP Query User{BD39474C-9545-479B-9012-205EAE47BD75}C:\users\xander\desktop\turmoil.v3.0.70c.incl.all.dlc\turmoil.v3.0.70c.incl.all.dlc\turmoil.exe] => (Allow) C:\users\xander\desktop\turmoil.v3.0.70c.incl.all.dlc\turmoil.v3.0.70c.incl.all.dlc\turmoil.exe => No File
FirewallRules: [TCP Query User{9297D771-97C0-479E-A553-846526543C48}C:\users\xander\desktop\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe] => (Allow) C:\users\xander\desktop\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe => No File
FirewallRules: [UDP Query User{75ABD1A2-DD64-4DC8-ADA0-F0BB6F7FFAC0}C:\users\xander\desktop\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe] => (Allow) C:\users\xander\desktop\garbage day\garbage day\gday410\binaries\win32\gday410-win32-shipping.exe => No File
FirewallRules: [TCP Query User{2B6D147A-5FDF-4D78-BD15-B97D5E86F72B}C:\users\xander\desktop\no.plan.b.v5.0.8\no.plan.b.v5.0.8\noplanb.exe] => (Allow) C:\users\xander\desktop\no.plan.b.v5.0.8\no.plan.b.v5.0.8\noplanb.exe => No File
FirewallRules: [UDP Query User{D8783672-3ACF-4388-8128-9D66F9D38C9A}C:\users\xander\desktop\no.plan.b.v5.0.8\no.plan.b.v5.0.8\noplanb.exe] => (Allow) C:\users\xander\desktop\no.plan.b.v5.0.8\no.plan.b.v5.0.8\noplanb.exe => No File
FirewallRules: [TCP Query User{EFA676ED-3848-4F47-A0D5-B249343E3821}C:\users\xander\desktop\tiny.rails.v2.10.0\tiny.rails.v2.10.0\tinyrails.exe] => (Allow) C:\users\xander\desktop\tiny.rails.v2.10.0\tiny.rails.v2.10.0\tinyrails.exe => No File
FirewallRules: [UDP Query User{E60BAEF8-1B28-4234-8D10-786C5933F06F}C:\users\xander\desktop\tiny.rails.v2.10.0\tiny.rails.v2.10.0\tinyrails.exe] => (Allow) C:\users\xander\desktop\tiny.rails.v2.10.0\tiny.rails.v2.10.0\tinyrails.exe => No File
FirewallRules: [TCP Query User{85FEC175-D6E9-4CCB-9B6A-2120833CE391}D:\plateup\plateup.exe] => (Allow) D:\plateup\plateup.exe => No File
FirewallRules: [UDP Query User{FE166760-9037-4C8C-9C13-60B1C6DEAF0F}D:\plateup\plateup.exe] => (Allow) D:\plateup\plateup.exe => No File
FirewallRules: [TCP Query User{3D35C9A6-B66C-4E0C-8B9B-BB1D2D01B594}D:\steamlibrary\steamapps\common\cry of fear\cof.exe] => (Allow) D:\steamlibrary\steamapps\common\cry of fear\cof.exe => No File
FirewallRules: [UDP Query User{94E2896A-1500-4D9A-98DA-1D5779DAFD5E}D:\steamlibrary\steamapps\common\cry of fear\cof.exe] => (Allow) D:\steamlibrary\steamapps\common\cry of fear\cof.exe => No File
FirewallRules: [TCP Query User{504EEB5D-9D61-429D-8E58-B3BFCAC509A3}D:\steamlibrary\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9EB2D65D-5F74-42DE-8EBD-7F05C5F25A95}D:\steamlibrary\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\hideandshriek\hideandshriek\binaries\win64\hideandshriek-win64-shipping.exe => No File
FirewallRules: [TCP Query User{307E608F-4B8D-4433-B5D0-6DF8573884AE}D:\steamlibrary\steamapps\common\drunken wrestlers 2\dw2.exe] => (Allow) D:\steamlibrary\steamapps\common\drunken wrestlers 2\dw2.exe => No File
FirewallRules: [UDP Query User{F73DE471-DC39-41CE-9290-16925949AE5E}D:\steamlibrary\steamapps\common\drunken wrestlers 2\dw2.exe] => (Allow) D:\steamlibrary\steamapps\common\drunken wrestlers 2\dw2.exe => No File
FirewallRules: [{B91C86BF-9EFE-42E4-91E9-6D6B30BCD3D2}] => (Block) D:\steamlibrary\steamapps\common\drunken wrestlers 2\dw2.exe => No File
FirewallRules: [{88E27FDA-C312-467A-AC2A-2291809A4B0E}] => (Block) D:\steamlibrary\steamapps\common\drunken wrestlers 2\dw2.exe => No File
FirewallRules: [TCP Query User{EC59D69B-8B40-4E63-A197-8E01C2B10DAC}D:\dyinglight\dyinglightgame.exe] => (Allow) D:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{23B664A4-679D-4455-BD16-9D0EED72404E}D:\dyinglight\dyinglightgame.exe] => (Allow) D:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{BF22F6A8-7E82-4790-A626-4D7446EBBF6B}] => (Block) D:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{6D8CB2EA-A8AE-4AB7-837E-D05CF0B8EFC4}] => (Block) D:\dyinglight\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{D6744E87-1018-40EC-9994-A9F44EFE3D29}D:\enlisted\launcher.exe] => (Allow) D:\enlisted\launcher.exe => No File
FirewallRules: [UDP Query User{7DAEB3F5-DE51-4976-AB7D-9416A99AEE7B}D:\enlisted\launcher.exe] => (Allow) D:\enlisted\launcher.exe => No File
FirewallRules: [{9127727B-18E1-462B-91F4-5AB68E94641D}] => (Block) D:\enlisted\launcher.exe => No File
FirewallRules: [{C56A09F5-0C76-413E-8AFD-7827D0164062}] => (Block) D:\enlisted\launcher.exe => No File
FirewallRules: [TCP Query User{B66AD9A7-6502-4109-B7E5-06453F6CA549}C:\users\xander\desktop\aground.v2.1.2\aground.v2.1.2\aground.exe] => (Allow) C:\users\xander\desktop\aground.v2.1.2\aground.v2.1.2\aground.exe => No File
FirewallRules: [UDP Query User{7CC7CC1E-778F-4161-81C9-30F0480A223F}C:\users\xander\desktop\aground.v2.1.2\aground.v2.1.2\aground.exe] => (Allow) C:\users\xander\desktop\aground.v2.1.2\aground.v2.1.2\aground.exe => No File
FirewallRules: [TCP Query User{E462C085-0F63-4D59-AE14-6360DCA427E8}C:\users\xander\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\xander\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{65F62484-B62B-4569-8F9F-2A56ABE0498B}C:\users\xander\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\xander\appdata\local\diFirewallRules: [TCP Query User{B0260E18-E949-4D0F-BD4A-A691F96FB746}D:\cadmiumorangefreeweekend\crimeboss\binaries\win64\crimeboss-win64-shipping.exe] => (Allow) D:\cadmiumorangefreeweekend\crimeboss\binaries\win64\crimeboss-win64-shipping.exe => No File
FirewallRules: [UDP Query User{82F692EF-1CC9-490D-BA99-75E0F1CDEEEF}D:\cadmiumorangefreeweekend\crimeboss\binaries\win64\crimeboss-win64-shipping.exe] => (Allow) D:\cadmiumorangefreeweekend\crimeboss\binaries\win64\crimeboss-win64-shipping.exe => No File
FirewallRules: [{C389CA90-2878-4969-9F12-3B94B4230E0C}] => (Block) D:\cadmiumorangefreeweekend\crimeboss\binaries\win64\crimeboss-win64-shipping.exe => No File
FirewallRules: [{0E3182FB-A441-4ACB-B655-05EE96C0F776}] => (Block) D:\cadmiumorangefreeweekend\crimeboss\binaries\win64\crimeboss-win64-shipping.exe => No File
scord\app-1.0.9013\discord.exe => No File
FirewallRules: [TCP Query User{D2559031-3817-465E-A684-0B9A838F7EC7}D:\steamlibrary\steamapps\common\the finals playtest\discovery\binaries\win64\discovery.exe] => (Allow) D:\steamlibrary\steamapps\common\the finals playtest\discovery\binaries\win64\discovery.exe => No File
FirewallRules: [UDP Query User{05B05B25-7B6B-4623-AAF5-72489549DB3D}D:\steamlibrary\steamapps\common\the finals playtest\discovery\binaries\win64\discovery.exe] => (Allow) D:\steamlibrary\steamapps\common\the finals playtest\discovery\binaries\win64\discovery.exe => No File
FirewallRules: [TCP Query User{2D5EF74F-9125-4384-B5EA-3ACA01F4AC4E}C:\users\xander\desktop\no umbrellas allowed\no.umbrellas.allowed.v1.1.3\no.umbrellas.allowed.v1.1.3\no umbrellas allowed.exe] => (Allow) C:\users\xander\desktop\no umbrellas allowed\no.umbrellas.allowed.v1.1.3\no.umbrellas.allowed.v1.1.3\no umbrellas allowed.exe => No File
FirewallRules: [UDP Query User{204062E9-822B-4C4E-B07E-FC9F1DF43F68}C:\users\xander\desktop\no umbrellas allowed\no.umbrellas.allowed.v1.1.3\no.umbrellas.allowed.v1.1.3\no umbrellas allowed.exe] => (Allow) C:\users\xander\desktop\no umbrellas allowed\no.umbrellas.allowed.v1.1.3\no.umbrellas.allowed.v1.1.3\no umbrellas allowed.exe => No File
FirewallRules: [{0785D315-1B76-4B4F-A713-05397D1B392A}] => (Allow) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{A5F7BF4B-E44B-4B8D-A92F-8F52A1511F53}] => (Allow) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{B94C20D7-A95A-4D76-B0F8-264E6D2138C1}] => (Block) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => No File
FirewallRules: [{C7837072-CFFC-48C1-AA2E-25BC74D00438}] => (Block) C:\Program Files (x86)\Overwolf\0.254.0.12\OverwolfBrowser.exe => No File
HKLM-x32\...\Run: [Genshin Impact_launcher__1_1] => [X]
HKU\S-1-5-21-2229901156-645102699-2266091295-1005\...\Run: [WallpaperEngine] => "C:\Users\Xander\Desktop\Wallpaper Engine\wallpaper_engine_1.1.341\wallpaper_engine_1.1.341\wallpaper_engine\wallpaper32.exe" -silent (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2022-09-12]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\Avast Software\SecureLine VPN\Vpn.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {5BDA8A56-4172-4E64-A00F-7910C6C5EFD9} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe  (No File)
Task: {AFC41212-E327-4FAE-8700-B445D5E87EAF} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe  -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramDat (the data entry has 80 more characters).
Task: {0460948E-76F0-4A59-9A41-13D7916D4EE6} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe  /update:avast-vpn /silent (No File)
Task: {F6A8E85B-807D-48AE-9CAB-D993EF2E60F1} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe  /c (No File)
Task: {2500903A-9E2C-48CE-9544-B6FBC1828988} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe  /ua /installsource scheduler (No File)
Task: {61DE531D-2F36-43EE-BF10-C9F4F6890B0D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe  /waitUpgrade (No File)
CHR HKU\S-1-5-21-2229901156-645102699-2266091295-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fhkbfkkohcdgpckffakhbllifkakihmh]
S2 brave; "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc [X]
S3 bravem; "C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /medsvc [X]
S2 luminati_net_updater_win_buff_game; "C:/Users/Xander/AppData/Local/Overwolf/Extensions/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl/0.7.10.0/plugins/net_updater64.exe" --updater win_buff.game [X]
S2 SecureLine; "C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe" [X]
S3 ucldr_battlegrounds_gl; "C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe" [X]
S3 zksvc; "C:\Program Files\Common Files\PUBG\zksvc.exe" [X]
S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [53904 2021-12-19] (AVAST Software s.r.o. -> The OpenVPN Project)
S3 aswVpnRdr; C:\Windows\System32\drivers\aswVpnRdr.sys [65944 2022-06-08] (Avast Software s.r.o. -> Avast Software)
S3 aswWintun; C:\Windows\System32\drivers\aswWintun.sys [37104 2021-12-19] (Avast Software s.r.o. -> WireGuard LLC)
S3 kltun; C:\Windows\system32\DRIVERS\kltun.sys [90032 2024-01-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 klids; \??\C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [X]
2024-07-18 22:39 - 2024-02-06 23:44 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk
2024-07-18 22:39 - 2021-09-03 13:45 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk
2024-06-22 15:06 - 2022-10-11 02:34 - 000002865 _____ C:\Windows\system32\Drivers\etc\hosts.rollback
C:\Program Files\Avast Software
C:\ProgramData\Avast Software
C:\Windows\System32\drivers\aswTap.sys
C:\Windows\System32\drivers\aswVpnRdr.sys
C:\Windows\System32\drivers\aswWintun.sys
C:\Windows\system32\DRIVERS\kltun.sys
Edge HKU\S-1-5-21-2229901156-645102699-2266091295-1005\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Hosts:
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B915B06-6B25-4D41-8D41-5DA278BE03C4}_is1
RemoveProxy:
cmd: netsh advfirewall reset
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


In your next reply, please post:
  1. If you successfully uninstalled the Edge extension
  2. The fixlog.txt
 
Those files on my desktop are just recordings from Content Warning, a game from Steam and the .url file I'm pretty sure is just the shortcut for the game.

I thought I had deleted the cleaner fully, but i guess I missed a remnant of it or something.

I have removed the Edge extension, and ran the fix from the app. The file is attached below.
 

Attachments

Thanks.

Two more scans.


1. Run Malwarebytes (scan only)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the General tab. Under the title Windows Security Center, make sure the option is disabled.
  • Click the Scan and Detections tab and under the Scan options title, enable Scan for rootkits option. Do not change any other option.
  • Return to the Dashboard and choose Scan.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected,close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click the Scan Now button.
  • Once the scan completes, AdwCleaner shows you all detected PUPs and adware. DO NOT check anything found, and click Next.
  • If any preinstalled software was detected on your device, a message notifies you that your action is requested. DO NOT check anything, and click Cancel to continue.
  • Click the Log Files tab.
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the removal.
  • Please post the contents of the file in your next reply.
Note: Click Skip Basic Repair if you are asked to.



In your next reply, please post:
  1. The Malwarebytes report
  2. The AdwCleaner[S0*].txt
 
Needless to say that if you know what those items on the Desktop are, you let them there.
 
When the AdwCleaner scan finishes, I get 5 detections , which when unchecked, nothing changes, the Quarantine button not becoming the Next button. Any idea why that is? I attached a photo showing what I mean.
 

Attachments

  • image_2024-07-19_230507453.png
    image_2024-07-19_230507453.png
    47.7 KB · Views: 4
Hi, SonnyChill.

Select them all and select Quarantine.
 
1. AdwCleaner (Clean mode)

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • Once the scan completes, AdwCleaner shows you what it found on your computer. Check the boxes next to any items you want to quarantine and disable, then click Next.
  • Now, AdwCleaner will show you any preinstalled software it found on your device. Again, check the boxes next to any items you want to quarantine and disable. If nothing found, you won't see this message. If you don't want to remove any preinstalled software, click Cancel and continue.[/*]
  • Click Continue, then click Restart now, and you’re done.
  • Once your computer has restarted:
    • Click the Log Files tab.
    • Click Skip Basic Repair to finish the cleaning process
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Malwarebytes (Clean mode)

Run Malwarebytes as you did before, but this time, when the threats are found:
  • Make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.


In your next reply please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
 
1. ESET Online Scan

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

2. Fresh FRST logs

Please, make another scan with FRST tool, as you did before, and attach the 2 logs, Addition and FRST, in your next reply.



In your next reply, please post:
  1. The eset.txt
  2. The FRST logs, Addition and FRST
 
Hi.

Everything seems much better now.

Please do the following to run another FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
2024-07-19 22024-07-19 17:35 - 2020-10-29 11:50 - 000000000 ____H C:\ProgramData\DP45977C.lfl
1:53 - 2021-12-19 02:14 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
 
Try the following fix, but this time in Safe mode.
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.
As soon as in Safe mode, run the following FRST fix:

Code:
Start::
1:53 - 2021-12-19 02:14 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

Restart in normal mode and post the new fixlog.txt.
 
Status
Not open for further replies.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top