Inactive MBR Hurri Virus

Status
Not open for further replies.
D

Domecq

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Oraa Main (administrator) on ORAAMAIN-PC (20-07-2017 20:45:22)
Running from C:\Users\Oraa Main\Downloads
Loaded Profiles: Oraa Main & UpdatusUser (Available Profiles: Oraa Main & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Spotify Ltd) C:\Users\Oraa Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-14] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-20] (AVAST Software)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Run: [Spotify Web Helper] => C:\Users\Oraa Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-07-02] (Spotify Ltd)
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Policies\Explorer: []
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {34d787e1-e283-11e6-ab79-b8975a186060} - G:\autorun.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {34d787e4-e283-11e6-ab79-b8975a186060} - H:\noautorun.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {525fad60-d54d-11e5-b94e-806e6f6e6963} - F:\CheckID.exe
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\MountPoints2: {8574603c-69aa-11e6-91ad-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 02 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 03 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 04 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 05 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 06 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Winsock: Catalog9 07 C:\Windows\SysWOW64\networkdlllsp.dll [427376 2014-01-23] (Network Tunnel Lab)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{49A0BF80-93D8-48DD-9B12-B23136C35A1D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{49A0BF80-93D8-48DD-9B12-B23136C35A1D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{840B53B5-C425-4DDA-B8B8-1FE647B8F542}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{95DED50E-4D75-4C9B-9D5E-18BB92ACA6C1}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ph.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ph.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dph%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtCzzyCtDyCtDzy0F0CzztN0D0Tzu0StCyBtCyBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0Fzy0F0F0ByBzztGtDzytB0EtGtA0CtCyEtGyByCtDtDtGyDzytDyEyC0CtCtDyDtCtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0FtDtDyDyEzyzztGtByBzz0EtGyEzztAtAtG0ByCtCtBtGyB0D0E0Ezzzzzz0DyDtB0B0B2QtN0A0LzuyE%26cr%3D2070195457%26a%3Dwbf_fremkfs_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-07-11] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-07-11] (AVAST Software)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: SkypePlugin -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: SkypePlugin64 -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\npGatewayNpapi-x64.dll [2016-10-20] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1911061356-2502327290-2235871531-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-01-20] (Ubisoft)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWux37qvI8e-Un6jIjTHpWM1b137Tu_NpZOOD4b5D3sO7wYHW9t_MWPXphvIadgGnsCoPtlF3wCiUZlDAMBKIe2EeU-8BfcUgitgjFcLqDd4o1HfV5qFbhbFblmYDko8nO3OYR1iv11OBhLAP1ENS2rFsNqQ,,
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Slides) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (Skype Calling) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-11-09]
CHR Extension: (YouTube) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-20]
CHR Extension: (Avast Online Security) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-06-01]
CHR Extension: (Grammarly for Chrome) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR Extension: (Chrome Media Router) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-06-14]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-19]
CHR Extension: (Google Docs) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-19]
CHR Extension: (Google Drive) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-19]
CHR Extension: (YouTube) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-19]
CHR Extension: (Google Search) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-19]
CHR Extension: (The Godfather: Five Families) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edfkoljdeffeedleidebkmmamepgbnbl [2016-02-19]
CHR Extension: (Google Sheets) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-19]
CHR Extension: (Google Docs Offline) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-06]
CHR Extension: (AdBlock) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-06]
CHR Extension: (Avast Online Security) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-06]
CHR Extension: (Pixlr Express) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2016-02-19]
CHR Extension: (SparkChess) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2017-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-06]
CHR Extension: (Marc Ecko) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-02-19]
CHR Extension: (Gmail) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-19]
CHR Extension: (Chrome Media Router) - C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-06]
CHR Profile: C:\Users\Oraa Main\AppData\Local\Google\Chrome\User Data\System Profile [2016-06-14]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.UX7SOILC5ZT7HX43B77YMG6XMQ - D:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-20] (AVAST Software s.r.o.)
S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-20] (AVAST Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3758336 2015-11-29] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 GarenaPlatform; "G:\Program Files (x86)\Garena\Garena\2.0.1706.1617\gxxsvc.exe" run [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-20] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-20] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-20] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-20] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-07-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-07-11] (AVAST Software)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [15408 2008-06-17] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\SysWOW64\drivers\BS_I2cIo.sys [17024 2008-06-17] (BIOSTAR Group) [File not signed]
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-01-25] (Disc Soft Ltd)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-18] ()
S3 SDGame; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 SDGame; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 20:45 - 2017-07-20 20:45 - 00024164 _____ C:\Users\Oraa Main\Downloads\FRST.txt
2017-07-20 20:45 - 2017-07-20 20:45 - 00000000 ____D C:\FRST
2017-07-20 20:44 - 2017-07-20 20:44 - 02382336 _____ (Farbar) C:\Users\Oraa Main\Downloads\FRST64.exe
2017-07-20 20:36 - 2017-07-20 20:40 - 00399678 _____ C:\TDSSKiller.3.1.0.15_20.07.2017_20.36.38_log.txt
2017-07-20 20:36 - 2017-07-20 20:36 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-20 20:34 - 2017-07-20 20:35 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Oraa Main\Downloads\tdsskiller.exe
2017-07-20 20:11 - 2017-07-20 20:14 - 00153228 _____ C:\Windows\ntbtlog.txt
2017-07-20 19:42 - 2017-07-20 19:42 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-20 19:35 - 2017-07-20 19:35 - 00000000 ____D C:\Users\Oraa Main\AppData\LocalLow\uTorrent
2017-07-20 19:20 - 2017-07-20 19:20 - 14031892 _____ C:\Users\Oraa Main\Desktop\1.psd
2017-07-16 18:46 - 2017-07-16 18:46 - 01627193 _____ C:\Users\Oraa Main\Downloads\video-1500201040.mp4
2017-07-16 18:15 - 2017-07-16 18:15 - 02994772 _____ C:\Users\Oraa Main\Downloads\video-1500198940.mp4
2017-07-16 18:00 - 2017-07-16 18:00 - 01213260 _____ C:\Users\Oraa Main\Downloads\video-1500199094.mp4
2017-07-16 16:08 - 2017-07-16 16:08 - 00516120 _____ C:\Users\Oraa Main\Downloads\video-1500189960.mp4
2017-07-16 14:14 - 2017-07-16 14:14 - 02883102 _____ C:\Users\Oraa Main\Downloads\20090648_128790224389316_5081138115817504768_n.mp4
2017-07-16 14:13 - 2017-07-16 14:14 - 04084073 _____ C:\Users\Oraa Main\Downloads\20078598_104651650144249_5710071381224325120_n (1).mp4
2017-07-14 20:14 - 2017-07-14 20:14 - 00000000 ____D C:\Users\Oraa Main\Desktop\Ragnarok Online Blacksmith Complete Guide _ GuideScroll_files
2017-07-14 20:13 - 2017-07-14 20:14 - 00074062 _____ C:\Users\Oraa Main\Desktop\Ragnarok Online Blacksmith Complete Guide _ GuideScroll.html
2017-07-06 18:51 - 2017-07-06 18:52 - 00000018 _____ C:\Users\Oraa Main\Desktop\Ragna PW.txt
2017-07-03 21:05 - 2017-07-03 21:05 - 03240718 _____ C:\Users\Oraa Main\Downloads\video-1499086801.mp4
2017-06-29 17:27 - 2017-06-29 17:27 - 00000000 ____D C:\Program Files (x86)\Gravity
2017-06-29 17:13 - 2017-06-29 17:13 - 00275284 _____ C:\Users\Oraa Main\Downloads\control_panel_for_mirai_v1_2_(en_de_it)_R3.zip
2017-06-29 17:13 - 2017-06-29 17:13 - 00035934 _____ C:\Users\Oraa Main\Downloads\mirai_v1_2_2.zip
2017-06-23 15:41 - 2017-06-23 15:41 - 00001290 _____ C:\Users\Oraa Main\Desktop\Setup - Shortcut.lnk
2017-06-23 15:32 - 2017-06-23 15:32 - 00000663 _____ C:\Users\Public\Desktop\RagnarokOnline.lnk
2017-06-23 15:32 - 2017-06-23 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gravity
2017-06-23 12:34 - 2017-06-23 12:38 - 58097315 _____ C:\Users\Oraa Main\Downloads\Z ft. Fetty Wap - Nobodys Better (Muffin Remix).flac
2017-06-23 03:10 - 2017-06-23 04:01 - 00001908 _____ C:\Windows\diagwrn.xml
2017-06-23 03:10 - 2017-06-23 04:01 - 00001908 _____ C:\Windows\diagerr.xml
2017-06-23 02:09 - 2017-06-23 02:09 - 00016050 _____ C:\Users\Oraa Main\Downloads\RO_Extreme_20170614_PH.exe.torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 20:37 - 2017-03-15 21:49 - 00000284 _____ C:\Windows\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job
2017-07-20 20:34 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-20 20:34 - 2009-07-14 12:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-20 20:27 - 2016-02-17 17:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-20 20:27 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 20:23 - 2017-03-18 19:46 - 00004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-20 19:49 - 2016-09-13 22:49 - 00000986 _____ C:\Windows\Tasks\Yahoo! Powered ranal.job
2017-07-20 19:43 - 2016-03-25 08:52 - 00003898 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458867159
2017-07-20 19:43 - 2016-02-19 02:08 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-20 19:43 - 2016-02-17 07:15 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\uTorrent
2017-07-20 19:42 - 2017-03-18 19:46 - 00343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-20 19:42 - 2017-03-18 19:46 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-20 19:42 - 2016-02-19 02:08 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150055098671303
2017-07-20 17:49 - 2016-09-13 22:49 - 00000000 ____D C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}
2017-07-19 06:21 - 2017-04-27 02:20 - 00000000 ____D C:\Users\Oraa Main\Desktop\Aeon
2017-07-18 17:55 - 2016-02-17 17:06 - 00000000 ____D C:\Users\UpdatusUser
2017-07-16 16:26 - 2016-07-19 00:34 - 00066728 _____ C:\Users\Oraa Main\Documents\starburn.txt
2017-07-13 22:00 - 2016-11-04 14:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 14:52 - 2016-02-19 02:08 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.149975595783106
2017-07-11 14:52 - 2016-02-19 02:08 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-07-11 14:52 - 2016-02-19 02:08 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-07-11 14:51 - 2016-03-25 08:52 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-07-11 14:51 - 2016-02-19 02:08 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-07-04 17:56 - 2016-06-29 03:44 - 00000000 ____D C:\Users\Oraa Main\AppData\Local\Spotify
2017-07-04 17:55 - 2016-07-18 17:06 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\Spotify
2017-07-04 00:41 - 2016-08-28 16:05 - 00000000 ____D C:\Users\Oraa Main\Desktop\AUTOCAD
2017-07-01 01:08 - 2009-07-14 13:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-01 00:32 - 2016-11-20 00:07 - 00000000 ____D C:\ProgramData\Skype
2017-06-30 19:25 - 2016-02-23 22:13 - 00000000 ____D C:\Users\Oraa Main\AppData\Local\ElevatedDiagnostics
2017-06-29 22:46 - 2017-02-02 03:08 - 00001883 _____ C:\Users\UpdatusUser\Desktop\Play MyRO!.lnk
2017-06-29 22:46 - 2017-02-02 03:08 - 00001883 _____ C:\Users\Oraa Main\Desktop\Play MyRO!.lnk
2017-06-29 22:42 - 2015-04-18 11:21 - 00000000 ____D C:\Users\Oraa Main\Desktop\UltraRO v3
2017-06-29 17:14 - 2017-04-29 08:59 - 00000000 ____D C:\Users\Oraa Main\Desktop\Games
2017-06-29 04:25 - 2016-02-19 01:41 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 13:47 - 2017-05-15 00:43 - 00135168 ___SH C:\Users\Oraa Main\Thumbs.db
2017-06-23 15:32 - 2016-02-17 16:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-23 12:41 - 2016-03-08 16:13 - 00000000 ____D C:\Users\Oraa Main\AppData\Roaming\vlc
2017-06-21 18:05 - 2016-02-17 17:34 - 00001200 _____ C:\Users\Oraa Main\Desktop\Steam - Shortcut.lnk

==================== Files in the root of some directories =======

2017-02-28 17:23 - 2017-02-28 17:25 - 0000132 _____ () C:\Users\Oraa Main\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-04-02 22:00 - 2017-04-28 15:06 - 0000132 _____ () C:\Users\Oraa Main\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-03 12:42 - 2016-04-03 12:42 - 0000046 _____ () C:\Users\Oraa Main\AppData\Roaming\Camdata.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0000408 _____ () C:\Users\Oraa Main\AppData\Roaming\CamLayout.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0000408 _____ () C:\Users\Oraa Main\AppData\Roaming\CamShapes.ini
2016-04-03 12:42 - 2016-04-03 12:42 - 0004510 _____ () C:\Users\Oraa Main\AppData\Roaming\CamStudio.cfg
2016-11-18 17:03 - 2017-01-13 00:37 - 0000392 _____ () C:\Users\Oraa Main\AppData\Roaming\WB.CFG
2016-04-03 07:53 - 2016-04-03 07:53 - 0000038 ___SH () C:\Users\Oraa Main\AppData\Local\1754111884ee9ab5277ca00.95260103
2016-07-18 23:40 - 2016-08-15 02:46 - 0006144 _____ () C:\Users\Oraa Main\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-03 12:18 - 2016-04-03 12:18 - 0004912 _____ () C:\ProgramData\lbogtyso.zat
2016-04-03 12:18 - 2016-04-03 12:18 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Windows\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job


Some files in TEMP:
====================
2017-05-30 06:39 - 2017-05-24 14:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-Common.dll
2017-05-30 06:39 - 2017-05-24 14:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-InstallerUtils.dll
2017-05-30 06:39 - 2017-05-24 14:54 - 0187416 _____ (BlueStack Systems) C:\Users\Oraa Main\AppData\Local\Temp\HD-LibraryHandler.dll
2017-05-30 06:39 - 2017-05-24 14:53 - 0246808 _____ (BlueStack Systems) C:\Users\Oraa Main\AppData\Local\Temp\HD-Logger-Native.dll
2017-05-30 06:39 - 2017-05-24 14:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\Oraa Main\AppData\Local\Temp\HD-Uninstaller.exe
2017-03-16 15:33 - 2017-03-16 15:33 - 14456872 _____ (Microsoft Corporation) C:\Users\Oraa Main\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-15 06:02

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Oraa Main (20-07-2017 20:46:35)
Running from C:\Users\Oraa Main\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-02-17 08:17:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1911061356-2502327290-2235871531-500 - Administrator - Disabled)
Guest (S-1-5-21-1911061356-2502327290-2235871531-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1911061356-2502327290-2235871531-1003 - Limited - Enabled)
Oraa Main (S-1-5-21-1911061356-2502327290-2235871531-1000 - Administrator - Enabled) => C:\Users\Oraa Main
UpdatusUser (S-1-5-21-1911061356-2502327290-2235871531-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
AC2 server emulator 0.44 by Dormine (HKLM-x32\...\{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1) (Version: - bjamikel)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A8F56DFF-EBF5-C75D-39D4-7331C53296CD}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD Civil 3D 2014 (HKLM-x32\...\AutoCAD Civil 3D 2014_is1) (Version: 1.0.0.0 - AUTODESK)
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD Civil 3D 2014 - English (HKLM\...\{5783F2D7-D000-0409-2102-0060B0CE6BBA}) (Version: 10.3.525.0 - Autodesk) Hidden
Autodesk AutoCAD Civil 3D 2014 (HKLM\...\{5783F2D7-D000-0409-0102-0060B0CE6BBA}) (Version: 10.3.525.0 - Autodesk) Hidden
Autodesk AutoCAD Civil 3D 2014 (HKLM\...\Autodesk AutoCAD Civil 3D 2014) (Version: 10.3.525.0 - Autodesk)
Autodesk AutoCAD Civil 3D 2014 32 Bit Object Enabler on Autodesk® Storm and Sanitary Analysis 2014 - Language Neutral (HKLM-x32\...\{2437987A-9C24-4FD8-A873-19F8D206A2B2}) (Version: 525.0 - Autodesk, Inc.)
Autodesk AutoCAD Civil 3D 2014 64 Bit Object Enabler on Autodesk 360 - Language Neutral (HKLM\...\{F413C191-1BFA-494B-BC0A-4543E7EE3D90}) (Version: 525.0 - Autodesk, Inc.)
Autodesk AutoCAD Civil 3D 2014 Language Pack - English (HKLM\...\{5783F2D7-D000-0409-1102-0060B0CE6BBA}) (Version: 10.3.525.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap Language Pack-English (HKLM\...\{31ABA3F2-0010-1033-0102-111D43815377}) (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk® Storm and Sanitary Analysis 2014 (HKLM-x32\...\{6BBA09C8-6B20-4115-B917-C09D8337AE09}) (Version: 8.1.46 - Autodesk, Inc.)
Autodesk® Storm and Sanitary Analysis 2014 x64 Plug-in (HKLM\...\{F49CAD53-8F0F-441A-B974-CA5C3D7D03C1}) (Version: 8.1.46 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
BIOS Update (HKLM-x32\...\{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CABAL Online (PH) (HKLM-x32\...\{DC1A38D4-8917-4CD0-BF30-BA591B198D01}) (Version: 1.0.0 - Playpark) Hidden
CABAL Online (PH) (HKLM-x32\...\CABAL Online (PH) 1.0.0) (Version: 1.0.0 - Playpark)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version: - Cheat Engine)
Chromium (HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Chromium) (Version: 51.0.2683.0 - Chromium)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Dragon Nest SEA (HKLM-x32\...\{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}) (Version: 1.170.0000 - Shanda Games International)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
K-Lite Codec Pack 12.2.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
Last MU Season 6 Episode 3 (HKLM-x32\...\Last MU Season 6 Episode 3) (Version: Season 6 Episode 3 - www.last-mu.net)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MyRO Lite Installer (Renewal) (HKLM-x32\...\MyRO Lite Installer (Renewal)) (Version: - )
NVIDIA 3D Vision Controller Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.90 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.90 - NVIDIA Corporation)
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
PDF Report Writer (novaPDF 6.4 printer) (HKLM\...\PDF Report Writer_is1) (Version: - Softland)
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
RagnarokOnline (HKLM-x32\...\{CEAD2132-9705-422C-9FAB-FD4360FBB8DA}) (Version: 14.20.0000 - Gravity)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype Web Plugin (HKLM-x32\...\{AC7406B6-BB3B-4CD1-AEBA-0527B9CB16FE}) (Version: 7.27.0.105 - Skype Technologies S.A.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
SpecialForce2 (HKLM-x32\...\SpecialForce2) (Version: 1.0 - DragonflyGame)
Spotify (HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Super Mario Bros. 2 (HKLM-x32\...\Super Mario Bros. 2_is1) (Version: - GameFabrique)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Viber (HKLM-x32\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Filmora(Build 7.3.2) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000_Classes\CLSID\{58743271-597A-401B-AF4A-1450179151C0}\InprocServer32 -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\Autodesk AutoCAD Civil 3D 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\Autodesk AutoCAD Civil 3D 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\Autodesk AutoCAD Civil 3D 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000_Classes\CLSID\{D0FC4B60-C60D-4908-8365-0C64C03E0291}\localserver32 -> C:\Users\Oraa Main\AppData\Local\SkypePlugin\7.27.0.105\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1911061356-2502327290-2235871531-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\Autodesk AutoCAD Civil 3D 2014\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ContextMenuHandlers01: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-02-08] (Autodesk)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-07-29] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-12-29] (NVIDIA Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-20] (AVAST Software)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2F375073-37C6-4CBA-B119-81C7080500CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19] (Google Inc.)
Task: {5FE2A544-7695-466A-AF12-E378B7F1F873} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-19] (Google Inc.)
Task: {66EC34B5-FD92-4EE5-BB31-3936905FDD56} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {6B47418E-E078-4EC5-85D8-E0B04DDB0FF9} - System32\Tasks\{EB1D083E-62B8-4AD0-9E58-A966EC3379BD} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.9.0.103&LastError=404
Task: {9D05FA52-9319-4DDA-8643-2B7D8386C4DE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-20] (AVAST Software)
Task: {C7595E0F-E102-4A96-9696-764F7FA7B574} - System32\Tasks\{2BF90957-CB02-488D-94DD-9363EAA8AD12} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.9.0.103&LastError=404
Task: {C95F496C-A2BE-4D2F-99CC-B9960F0B17F4} - System32\Tasks\SafeZone scheduled Autoupdate 1458867159 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {CF4F60D6-FF8D-4FB0-BE77-68B304D1B50B} - System32\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1} => C:\Users\Oraa Main\AppData\Local\{BFFC8947-9AAE-E431-F198-C3E32D4A3EDD}\helperupdate.exe [2017-03-15] () <==== ATTENTION
Task: {D3EAFF80-761D-47EB-AE76-01B97A302C84} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {DA9730DF-ED92-4847-BEB7-15516DC6D93C} - System32\Tasks\Yahoo! Powered ranal => C:\Windows\system32\wscript.exe "C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\sali.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b41383230364434332d323236322d453738352d413441342d3739433733454536463230397d5c6e6566616e61" "433a5c50726f6772616d446174615c7b41383230364434332d323236322d453738352d413441 (the data entry has 78 more characters). <==== ATTENTION
Task: {E075475E-24AB-4E4F-A329-FE6EFD617BD3} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] ()
Task: {ED6340C4-354F-4597-9056-88D9F109AFAE} - System32\Tasks\gxx speed launcher => G:\Program Files (x86)\Garena\Garena\Garena.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Yahoo! Powered ranal.job => Wscript.exe C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\sali.txt <==== ATTENTION
Task: C:\Windows\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job => C:\users\ORAAMA~1\appdata\local\{BFFC8~1\HELPER~1.EXE <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Oraa Main\Desktop\Jepoy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Oraa Main\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d1973cf2c31a69a4\Google Chrome.lnk -> D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2017-06-29 04:25 - 2017-06-23 11:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-29 04:25 - 2017-06-23 11:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-07-20 19:42 - 2017-07-20 19:42 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-20 19:42 - 2017-07-20 19:42 - 01065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-11 14:52 - 2017-07-11 14:52 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-20 19:42 - 2017-07-20 19:42 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-20 19:42 - 2017-07-20 19:42 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-20 19:42 - 2017-07-20 19:42 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-20 19:42 - 2017-07-20 19:42 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D5FBE8F9 [127]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2017-01-25 11:29 - 00001496 _____ C:\Windows\system32\Drivers\etc\hosts

128.199.121.125 akisaadp.com
128.199.121.125 onhax.net
127.0.0.2 www.onhax.net
128.199.121.125 do2dear.net
127.0.0.2 platform.wondershare.com
128.199.121.125 www.fullstuff.net
128.199.121.125 www.masterkreatif.com
128.199.121.125 keyscity.net
128.199.121.125 piratecity.net
127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Oraa Main\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: PingzapperSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Chromium => "c:\users\oraa main\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NetLimiter => E:\NetLimiter 3\NLClientApp.exe /tray
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "D:\Users\Oraa\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Oraa Main\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Viber => "C:\Users\Oraa Main\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8499CCF0-6B5E-4C3B-8295-0D5DEB205EFE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4CB135CC-50B1-4095-A11B-70889081B2A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1D71B1C9-7887-4FF0-B43E-6C098D44417E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\Steam.exe
FirewallRules: [{C3B0C794-88C4-4C28-B165-FA3C57BED778}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\Steam.exe
FirewallRules: [{1FCFC085-957C-423F-A191-6BDBA77BC184}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{96CDCDC1-190A-4CB2-A616-E56587AE7CDD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{C64E8BB9-F464-4680-B571-7BB1B4B4CE40}] => (Allow) C:\Users\Oraa Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{043E1132-E49A-46D2-9DC7-E513AD779A90}] => (Allow) C:\Users\Oraa Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE587132-A55B-4F45-84C0-F1EBABE9F836}] => (Allow) C:\Users\Oraa Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC4DC7DC-C1DD-479D-B818-DB6D04EA5B9D}] => (Allow) C:\Users\Oraa Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A883F36D-6B26-4457-853B-5730AF79651B}] => (Allow) C:\Users\Oraa Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D40090F4-E038-4C78-B6BC-2BA509AE7D92}] => (Allow) C:\Users\Oraa Main\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5931D002-C103-4006-8BE6-70BC5335034B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB641A7C-16E1-43D9-A22A-D4B5EBD54628}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD3F890B-E276-475F-B99B-C8EC726B3A5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00BE5F3D-5450-457D-AA4F-2CB757B7F7F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7BFB29E1-25E8-4BF3-9F50-32FA18AB3D80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADECF310-1FE3-4FD4-943A-305EB128E7A5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1E7E2934-32A3-439E-A1B3-ECA7847A75FD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C802E6DB-7937-432A-933D-A1EA41544FC8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4CA6DAD3-EB6A-4D8A-A8F1-3201A72A0F72}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{09E59BDD-7FE4-4FB5-A6B3-E8735EA295A2}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{87E0F66C-F367-4516-83B7-65DF297AB4E8}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [TCP Query User{0600BECD-FF71-434E-8E75-CFEFAC26A515}E:\games\cabal\launcher\launcher.exe] => (Allow) E:\games\cabal\launcher\launcher.exe
FirewallRules: [UDP Query User{814200A2-A4F0-47B5-98F7-1DA947BC943C}E:\games\cabal\launcher\launcher.exe] => (Allow) E:\games\cabal\launcher\launcher.exe
FirewallRules: [TCP Query User{12EAEED0-3C85-4D4D-B179-06CF22349D68}D:\users\oraa\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\oraa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EFD44118-39E8-4C6E-976F-109611309411}D:\users\oraa\appdata\roaming\spotify\spotify.exe] => (Allow) D:\users\oraa\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{D5F14991-593E-44D8-93E4-BB1BB284E7AC}C:\users\oraa main\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\oraa main\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2546693B-C9FB-4D61-96A9-C62B65E8C5D0}C:\users\oraa main\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\oraa main\appdata\roaming\spotify\spotify.exe
FirewallRules: [{83E986DD-51B3-46F9-86DF-667006D8D993}] => (Block) %ProgramFiles%\Wondershare\Filmora\Filmora.exe
FirewallRules: [TCP Query User{96ACB006-1BD5-4578-9407-848465063FCC}D:\users\oraa\appdata\roaming\spotify\spotify.exe] => (Block) D:\users\oraa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{48C48ED0-BEF2-48DD-855F-691CAE9EAD33}D:\users\oraa\appdata\roaming\spotify\spotify.exe] => (Block) D:\users\oraa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4189D5CA-CCF9-41D3-B54D-B5DE7133D02C}] => (Allow) LPort=50248
FirewallRules: [{4472B0D5-F46C-4A3D-AFD0-4922B0211027}] => (Allow) C:\Users\Oraa Main\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{9D63FC0A-38D3-4F5E-BDA3-D3DD9A46AAC5}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{9DEBB9E9-335A-40AB-8807-17655E5050C6}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{C35E1C2C-C978-4333-9C91-FFB10F1A0D36}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{9D052E6C-0B44-4A1C-9CAC-0D9B7018B7B3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{9BB7791D-270A-4CAE-87C1-ECA247CA8748}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7053E276-8A39-4FDF-82C2-2D11158D90DC}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4E56213C-E701-48A0-8B08-472153F73E74}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B59A3999-D83A-4094-9CC6-6A34D51AB41C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{03D90587-6DB9-46CA-936E-F4CFC63B6161}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F24402AF-B440-4CD1-A7B8-44199FF03813}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB65C2FF-4477-4103-B647-5F80ACBA8AE3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E4761625-51FB-4752-A338-7F13BE85B7FD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B5AFC872-C724-4870-B79D-DEEFFE3C27E6}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC0ED98F-53CF-495A-8FF5-6E0926852DB9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7CB0227E-74E5-4F8E-81C3-7135151DE4C2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE77D5B5-8633-483A-8358-6B0DD11E5948}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{7ED2472D-6CCC-4224-A08E-EBFD93560509}C:\users\oraa main\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\oraa main\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{F4EC5ADA-EED6-4527-BDB2-9F1E9E899F68}C:\users\oraa main\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\oraa main\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6ED95CA0-B619-4C7C-9E3B-7885358EE0C4}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0DFA7CA2-759A-48F5-96BF-678088BDBBDF}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{343B09BF-0099-4DC0-ADD1-7EC539A53485}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2FD6E1D2-82C4-4A72-BAF8-6580F13FE963}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0818ACE6-C421-4256-A10A-91D1B0C5A235}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1713B7A3-2586-4981-AE73-F87531D40933}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{731DFA1A-E750-46A2-8A76-E8302C55482D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C10A4C3-427C-4237-A9D4-E0352300AF52}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{81EE2B97-0F69-45FB-AE0A-4B015B9F0426}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E72C98F-3E5D-404D-9604-16941B9932E1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D95A3CD-A348-4E82-B1F0-51694467B332}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA47EAED-37D7-4C54-8E0B-F10323FA7696}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E284563-7C49-411F-9EC6-A694DDB2F0E5}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{287EF5D9-C657-497E-A02B-DF5D5F7E9A35}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F3D73470-63BE-45AD-ADD8-038E9A39A166}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E82E34A1-152F-4B67-91CD-EA59D5CA94A8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2EB4BF5D-0389-4922-8537-8F84F823A64C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A597C01-4D2A-4686-8A18-5E928DDC5BC3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{46466907-B038-4F26-BD3F-9AD4D6D68B04}] => (Allow) C:\Program Files\PlayPark\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{9CEC175F-2570-4E4E-B374-7270517260B4}] => (Allow) C:\Program Files\PlayPark\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{8E6EAE10-D791-40DD-9826-FCA69C40D83E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7938167B-2D95-444B-99AE-8CCF6821B9A3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2795140C-6A85-4FB6-880B-FE67BF6B1B4A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{229EA248-5676-4932-9D06-B9314BC06C0D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E021211B-97D4-4999-B427-5C4451E520A9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD37D18D-F9E0-44B3-8AA8-57D9D031FB7E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C73B9BA5-5437-4D83-970E-F8F6BCD42EB2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D01E61C4-9960-4278-A03D-8906D1DC9E73}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{E5A05496-4AD0-4F40-AD9D-848742A5F276}C:\users\oraa main\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\oraa main\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{73411A90-45CC-483A-BDCC-8F110BADB344}C:\users\oraa main\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\oraa main\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{3E311B02-25A6-4877-939E-95EE93CE12AF}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DFBF8467-5249-434A-A7D1-6347B59FD761}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8DA53B0B-3CEB-4911-888D-0E72A6E542A9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3D15879D-477F-4C6F-90E5-F68E896D5993}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44D1B684-1E76-4099-B944-CA4C3A54DE99}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{777367A1-5EFF-4CB7-BB76-CAB0428724A3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{98C4C0D3-E330-4188-ACA8-63A48BFF3733}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B07828AC-B0A3-4D1B-8A01-BA7CE9526322}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{99128274-982A-4B92-9B65-FFEE956A6321}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC988C70-205F-40EC-AC92-DD823A771795}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7477E20B-C3BE-4AE1-86D5-FB900BB69ABB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{189A695B-1AFC-4149-914C-8FA411B12EBD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5364D1A6-7897-4489-9631-F55BFDBCE7BA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0D438095-23DF-40F6-B276-06A016AB408F}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68586CAE-5173-4325-9DCE-36D483A340D6}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{804B2F08-1BD0-4C42-9EB8-4ADFDFB67EF9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D127D4FA-54FC-4590-A920-4555DBE4B2AF}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{54EC0F62-BBE5-4FF6-B82A-0C55404EC811}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0CD18CAA-020A-4090-8B0F-5D8C675B1CFE}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B217A3C0-4A1C-4E85-995E-53466B91BEA0}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8CEEA041-FC81-4969-8621-C279C2EF0D0F}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{87341CB3-84D2-4577-B697-2AB5AE2051B8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C35B8BFB-72E6-4593-8EAE-CB705E1F4DC3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C2DB234D-000C-4784-8B8D-C3E5C93899EB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{444DDBB4-73CF-4846-BD41-8B3394AC09F5}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FC29DE2A-0739-44C3-89D1-BC5A29DB3C1A}] => (Allow) C:\Program Files\PlayPark\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{655A38B6-0E2B-4857-A8E0-BB5DE0AD7A43}] => (Allow) C:\Program Files\PlayPark\SpecialForce2\Binaries\Win32\sf2.exe
FirewallRules: [{015816A5-D616-4129-A33E-5AE7693B5630}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{66D4B9E9-7825-4E49-941E-88D130AC9822}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A1CC7703-F596-46A8-BCF8-B5438D19270A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{66FAFC70-D52D-44AD-A3E9-A9241E9B6B0F}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AA88C16D-1094-4839-B7AE-B4C3FE5AB34D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
 
FirewallRules: [{E8F1042C-36D7-45B9-ABBE-838D023D01C9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{20AD49D7-B4F6-40AF-BB4D-31A368D84DE3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CBE4599F-5687-4256-AC4A-B6DF74A104F2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EC0790C5-7A4C-4B9D-A084-DC65067FC80C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E4EAD33-3B88-4C6E-8026-04D3F1F004CA}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0CDBA82-B50E-40FC-966C-69F1A5BA23A3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F54F5FC-905F-43E8-8B72-C647D0543B18}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A9895232-163E-4B7C-9083-F68854C1C0D2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2884CD97-9BEF-41DA-A932-95BAF9208CD4}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9AD6517F-8BF3-4BE1-9E48-A0AF9BD8764C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90280E3F-7F7E-481D-89DF-DDE36AE8301E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7820994D-5CA2-4034-8E7B-9719F008AEA3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{429D944F-21BB-41F5-937A-1FDAE318AAB1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8D2A2C8D-34F5-4A0B-BD46-0F2CE8A0F423}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE78DD51-594F-403F-BB80-596C16C92D95}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6AC897D7-A658-4920-B540-C1C9B5EFFBF5}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{20D3B223-3ADD-47B9-B4EA-57EEB886E2FE}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9458E7E6-F149-42C6-8534-00C3B9D7F0D5}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DCAB973-7AF8-4D2B-B87E-A2343C54E4F8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F1ED018-D8FE-4FAA-939C-1FD454E00854}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C13FC62C-BB06-4245-AA5A-8CC6BB3D2F11}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2A298B7C-98EB-405D-A59A-4780BEDEA400}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EF610E15-D9F3-469F-AA11-31D46ED780BD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E8C31DC-29BD-416A-B02C-5B7F6E938056}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4B426BCA-57DD-415C-BA96-49A7D5B92835}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{85CF0647-7AFA-4027-8E0C-BDFDBB914EAC}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89290119-B38A-4DA3-BAA7-636D9F8A0B93}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{86616383-B1E0-441E-83DB-2FE730D8E8D3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F274B96B-C369-4B50-971C-8D2C3B2C2B72}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CFA3308C-7D29-49AF-ABF1-D8F956CDC262}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73DF7DA5-E804-4516-9569-C78A05B626DA}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{85EB8677-2610-4733-A472-2FF9DD2BFBD1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3717304A-CCCE-4EDD-B63C-459116D6AD2E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3E4EBAE5-A150-4B51-8465-63623EBAE41B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D740A5C-4A90-4B5E-8753-42AD36C71013}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B2519A8-B0BE-484B-85C3-222D452AB32F}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{649EB9CE-0787-4133-8A64-87B13F11C879}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99609D52-C8F0-40BA-988E-492463B01293}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE3500FB-E4C4-446B-812B-14E249D964B4}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{47505E38-34EA-4AF1-A6C0-96DCB0353D33}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D42EDEA5-3508-4427-80C2-A75ED6BDA540}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{83828593-847E-439C-AB89-DDECB5460C6C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9DD703F6-675A-4854-9614-81A903D3AD81}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A75526E6-F1E1-4580-AA01-2D33C52CE840}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75EA0245-910C-4656-8E69-57E66068CDC3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7EBCE59C-A32A-46D5-B871-6AAEF84A024C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{114F4EDF-4170-4906-AAF2-87F81A7FEB3B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{805990B3-0200-4DEB-A75F-187BBA59F26F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{713949C6-7D89-4450-94D6-15C388D5C940}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [TCP Query User{3DE84130-8223-4720-9BF1-8942C9ED9F0F}F:\ubisoft\assassin's creed ii\assassin's creed ii\server.exe] => (Allow) F:\ubisoft\assassin's creed ii\assassin's creed ii\server.exe
FirewallRules: [UDP Query User{2CB55B20-B296-4380-927E-D52F02942ED9}F:\ubisoft\assassin's creed ii\assassin's creed ii\server.exe] => (Allow) F:\ubisoft\assassin's creed ii\assassin's creed ii\server.exe
FirewallRules: [{2F78C47E-E727-4A8A-9873-ADCBF518EBE1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5A1A7AE-FEBD-4491-897C-9C7319D1FB65}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FBD3C305-561E-48A1-A940-8B0C0A38C353}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F9DAB36F-5843-47E7-971C-EC78D2690C11}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{2C85E064-0BF0-4C90-9757-2C093BB3BB7F}C:\pisonet\program files\ea games\command and conquer generals\game.dat] => (Block) C:\pisonet\program files\ea games\command and conquer generals\game.dat
FirewallRules: [UDP Query User{0C169144-67A1-4177-BC81-46F7EEFD444A}C:\pisonet\program files\ea games\command and conquer generals\game.dat] => (Block) C:\pisonet\program files\ea games\command and conquer generals\game.dat
FirewallRules: [{6338EC3C-A939-45FD-96C0-5C145E6E8F2C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2D98D61-4952-4038-8C13-0C297A3F488B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{78C90F8F-DBB4-4E31-AEED-A9E9B8BA4409}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7985721E-7894-4480-AE5A-818C906CEBFE}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2EDD8846-5995-4F9F-97A0-A2E3DE381BD6}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE133C2E-D7A6-409E-9BF1-3C69FC0F6B5E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E5B416D1-2ED3-488D-A30F-ABFDF101F795}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F05ECDA2-1290-42F6-9BA8-EDA20B0437AE}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{297BA616-F904-4858-AFF9-7033391B1439}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0AA0C921-68F2-4FCB-8068-BE1CC1C7FEA1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{18688464-AD20-4FA7-8D9A-E29E64E9063E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{347ED674-02CC-46B6-B5A8-B7BFDE44BFC3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C969905-9086-44CB-AA07-343763F820B0}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68A5520B-4B92-4E0C-A974-4F8704A56E61}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4EA07113-39DD-4778-A6FE-E14459BF76CB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8197CCB-AEA8-4E33-9CFF-3A1BD848A7AB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{534C3986-DEA3-4502-B173-023F24F69CC0}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DDDC5AEC-B971-437E-A901-699C37A80A71}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EA293E6D-061A-4D80-9259-A0865810F41B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4C100D1D-46DD-4844-8B91-1F65961A63B1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B433B7A3-BFF1-4102-9FA0-2FEFB45C0A46}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE80FCD7-26B6-40AA-AB03-25B0EBC7CA0E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E05AC8A8-A9A0-449B-B0B2-DEE22C598D99}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{172C5784-0529-4565-83A6-1E2E2EBD226C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EE936CCF-DD23-4C41-B511-23D47000F439}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A73D67BB-6F02-487E-B54A-7CD8D7AF2526}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7BE69FD4-6E72-4E42-A93B-B2A00A909CFA}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C3EE9FA-BFA4-402A-BF76-06104F9F0C32}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A93E301-A37A-47D8-A113-59ED48222E45}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5058D427-731D-46F3-8DA0-EE01B0BD3798}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B91E407-04BC-4CC3-AFFD-9D9FDC4E9789}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE246F1F-297E-4F3A-A753-EAD50148147D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F56D36DD-90F3-4B61-91A0-C7764C435613}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B7380BE-C6E4-4FDD-9ABE-A7F99CADCF01}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EDBE81CD-6A79-4B3E-BEB2-1044C51E57E7}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4F5DDCEA-ABCA-4AE3-AF89-F96D1618604F}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1151A74D-AF30-405D-8ADF-6271219161D6}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E33D49DF-570E-4409-9197-3A90A3DD042F}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4B916BB2-E484-4623-A29C-253B3DBF8D9A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E386B71E-C978-4036-B0CC-004D27B0CA8D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{134C1170-D06F-4687-81D4-316EC35CE4F0}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C9E015C7-307D-4F71-B0FC-55DB4AC96615}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{92EDA4D6-BE17-4586-8C19-BEA04B68E070}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B5CA192-BC7B-43AD-A468-03E6762799FD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D139894-B131-4A3F-95DD-E2F156CA6F95}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17F8AC64-E5CC-4289-864E-EC1907C01086}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{16CED904-D68F-41FC-BF46-D28FB1B3A170}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5479DDAB-2E1D-4F35-BB1A-BED77CE2EB6B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3040A709-2F5D-4F87-8867-90F00A342EE5}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5BDE590E-AEDB-47D0-B8AF-292FF136CE4D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A75A609F-757C-47C2-8B76-34E528BCE045}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D900BD8E-F242-4A9F-854E-521DE2EC00F4}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{54DDC366-9710-4060-AA16-D019291D41E5}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C5A6C71F-A5F5-445D-B014-7B5D950B2378}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B95F57DE-C678-4F50-8CEC-657D99ADE770}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4225572E-CA44-4C49-A3F6-3917E91013FB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8334DBFC-9C56-49FB-BD96-9076A39589A3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AFA067E-3509-474A-986F-883992E53E23}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3861287-0324-4D4B-B302-191F40915AFD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{05AD7227-891C-4406-9309-262FF26077F6}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A624BB89-A2AE-4269-BD09-42C69EE1980B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{58EA085E-EDB9-4E44-B761-B04D9717E327}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1455200B-3D2B-40BF-A4EB-B639F9EB6B7C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EAB0F100-4619-460C-B89B-08D2440F780C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B333F550-5178-462C-A3E0-703546A8E57C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{992B4706-DE7F-4241-9DCF-3E4A42B362EA}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B017B83C-8351-4773-8CBB-C4FAF6F7D5D8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F26A277A-1E5F-4ECC-BA5D-36C80A654AE1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15283F66-B278-450E-99E5-61992BAF0884}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ECDBB612-A38B-4EAA-A5E9-154F6924CB71}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0713130E-C2F7-4BC3-BEA5-3F09852D6876}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3DE5B460-AFD9-44F0-8B5B-67967AB67FAD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F6D66DC5-5F44-486E-97DA-C11C79F9FAEB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BE74F5E5-747E-45EC-906A-CD8FF07FE312}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0D237BBC-891C-4F0D-9B6F-3BD73291D028}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A04481AE-92D3-4DB4-A81E-021BB9F72C13}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{645CE61C-4745-4325-9069-994BA4C8209F}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0BC4CB9B-BB5D-4087-8135-E012FFA96C7A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB981200-4673-413D-A6CF-D75EE79C3ADC}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17ECE858-D86B-479A-A6E2-BC4D4F1A3F28}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C2B68B54-FE8E-4A90-AAD6-92B25C6719FE}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F558731-8405-4376-8984-C5CBE162DCFB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DAD21A34-8E75-4FF0-8A92-7BC9577729AD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0A890191-6046-4649-9B05-54E600FBB530}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4053ED42-0AC6-4754-9B82-68E1C2AEC5C2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EDE63159-F173-4D34-93E6-75C51CA6F0F8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{48BF7AED-5E7E-4C20-BA9C-30FAE85A2984}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{19D6C5B1-5E33-4A8D-9EA1-220840495921}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8FDF14E1-6E88-4F11-98F7-5B74E993183A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A20F2CD4-0E2C-4F70-8543-087171CD91B8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32250D64-5A5A-4C9D-BB83-E72C3C6037B5}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26DA00A2-984D-4665-A2E2-451722334EF6}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{71EAFA62-5875-43CC-B3D1-DD46390F2F8C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{64FDEE8A-7244-493D-899F-65398BAEDDCD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{138130CF-BA1D-4E2C-8490-8F8560F306F1}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F03B3EF4-C16F-44F8-A3B3-03FFCE99F2FF}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{17D7CBFF-93F6-446F-8243-A80842C84656}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{71EB6ED2-8F1A-451A-A714-8A2847FF3A80}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2D398572-93AD-476B-8A9B-076300D53644}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E3787DB-F1AD-4268-9149-17A84441B79E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14E57B9C-5192-4E80-B5BD-6B81AA4C7584}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{391C54FE-C46B-4E6B-BA35-A478E6961D0B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5A1EBEE3-49E3-490C-8927-C5C66F6B70D7}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A26A7BDC-61FE-45BB-B9D3-E6E714053F97}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B8B53C6D-C444-4529-8BAC-A1FE8B25C0AC}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2EA09490-A3BA-4735-8A33-D894D11946A2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{591A1F22-BC6D-46CD-8C8C-DB16A1669F3A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FCA32172-22D2-49D4-8641-639DD36228C7}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E163C08-297B-4077-9BBB-3129631765B8}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6268A798-4530-4253-BF41-54C229432A23}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AC95D644-7BE6-4571-991D-F30C0F06B47A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DE9A568-DB50-4D51-A138-758696A27B7A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8D78B2DA-4930-43F5-ACAF-0DFC0D7C59AF}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DC42FAC0-F294-4D8E-A675-026F41610E43}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E9816E7-9CFB-4189-8451-D5CA872EF417}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2CF8A8B0-DBC6-4682-B1FB-0EC6E5454002}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27F9E9B8-9A5D-4C4D-B887-8FB790421AA9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{457E9A1F-8320-4266-9E84-30E13AD2D463}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1AE449FB-5017-4504-8BA9-8C8B3536742E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{77C2F426-77FA-4EBC-9AAE-5E178B648A58}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{098A99E2-E63E-4CCB-A8F4-8CDF97E222D0}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4DFE218D-7663-416D-BF90-BEF78623C00A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{174835CC-A9D0-4717-AB4D-E75A82A9F0B3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE539858-79C0-4576-B373-46D6E2CD14DA}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0732120D-6E34-4576-A5AC-E4219D491C0C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{85BB234D-2B87-4A1F-BBCD-2967511BDB70}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72D7D872-E718-4D8F-BA9E-6D21B105319E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6D1375C0-C92C-4385-AEC9-54EE7F149ABC}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D77C4CFC-FA23-4DF2-81E8-55C10387939A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3CF2B749-CD70-44A0-97C5-4853059CA693}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E05E5318-1CD6-4EA8-902C-A78266CBF27B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C7A5E601-4BA3-453D-8A6F-B94F6DB54277}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{070BAF67-C882-412A-8A4E-19113F2F38FA}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B71B7A9-330F-4CF3-B0A5-712796B1CBF0}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CC2ECC8-8BBA-4DBA-AD54-BB28BECB7717}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8A28F344-F661-4B5B-A633-E0E624588A54}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A670011F-5945-40FA-BAEE-D6CB6FEFF904}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D00C13C5-8B70-421A-AB44-FAB858E3A61D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5355A020-A97C-47F0-9F4C-2ACC2530A96B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D3F79A5-7174-4003-86BA-E963D0FD4F03}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAE41DB2-9140-458C-A9A2-D8B9D36A16A7}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F68C37A0-6C09-48FC-ADB0-3BF3561DC1D3}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BC9B61B7-73D3-46C7-91EC-E941D27C744A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3EF0ED8C-7364-4BA3-B9BC-DBAF30115369}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CDF05B76-1D3F-4EA5-89FF-8A82DCBBBB5D}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E9E19DE9-A5F4-40F9-BE41-6141B7F43F9E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E089F465-9763-4BC3-83F6-B162AA9B40C0}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C8EAB702-E65A-4E50-821B-E6266C7CBB96}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26AD692D-5A20-4D3E-932A-5C7DE08D0551}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C8B565C0-0457-428D-AE74-5FB8CA95A2F4}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9E649BA9-AE25-41FA-80E2-F1407ED94E7E}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F2A3A918-634B-430A-AEBB-BC6DAC382B18}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8E5944E1-E59F-49B6-BB26-19E36385F82C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9EB14F71-ACBE-4BB6-9CD8-544A5F9FF531}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F6A00311-B6CE-45CC-A85C-2555E474DCC2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE3A6154-4471-45FB-8867-3C0C4C8545EB}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1D74BF84-D651-4E69-8680-F38F53B3C864}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0926772-E4BC-4638-8680-8A57C81430C7}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0C5848C0-75A0-4A76-95DC-0AA700F73272}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1198A0A-6FF9-40DE-8A8F-49207875923C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1423D2F0-C1D9-4AED-8F7D-D9B4E31C7E37}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{87C254EA-8509-48B6-9F30-45FD95B6C934}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5FA5074F-311B-4D93-BB9C-56FAEA8AB65B}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3D4C9582-213D-4E63-BBCB-C292B89F5E03}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D5C9A853-DF7D-4892-9C3D-2CF0B4AC3F47}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E91057C4-38E2-4D9A-816E-DC14EC0CCB21}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F7F77360-E1B2-498C-9EF5-45C3F06203FC}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DEA12893-71BA-4034-B45A-92E31B170628}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D9B6F6DD-5A96-48A4-9940-A83EDFBA39A7}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{98DF744A-46A7-4AE6-B847-84C5F2A0ACAD}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AB73E0FD-8593-4D29-9D92-15069F39E729}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{518B3D92-50D1-4031-AEFB-5E66A59D23E2}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72483DF2-5900-40E7-B45A-1D80036E3696}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{55B65F25-2685-4A98-A755-E281F96F4DAE}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{98C9F0A7-C712-4C39-A404-5A0F31968DBE}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{46E66B62-70BB-4AB4-8159-B75FBFE6E538}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D40F7791-02A0-46D3-ABBB-53D56EF47D9C}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D74600D5-3075-49B4-8E46-F74455CE9C86}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F04B6B3-2E0A-47A6-B7DC-5100E74C0949}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{422D9B45-88DC-42BF-A24F-5E5D864E1CD9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{509D40A0-004A-49D9-A282-B1BD2DA8919A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B7729F8-08FA-443B-A9AF-C82B65E1C261}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{233559FC-7B09-4B10-B751-44E2CC293BF5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8897B60-41AD-4FA9-9AB9-C5E8A30DA92A}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35869F53-8B79-495A-9D40-885AC026DFB9}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1C723CB-D6A2-4974-BBB2-1A78D6627F95}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{14489A9D-93CF-4171-9A7F-E20E6D9141EA}] => (Allow) E:\OLD HARD DRIVE\Program Files\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{002C9423-7CD0-4DEF-B917-05438C431542}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
FirewallRules: [{BD94C63D-2154-4EEF-B220-D74CC9AA201A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2017 08:27:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 08:16:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 08:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 07:47:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 07:43:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/20/2017 07:32:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 07:30:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 07:28:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 05:04:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/20/2017 04:46:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (07/20/2017 08:35:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (07/20/2017 08:35:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (07/20/2017 08:35:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (07/20/2017 08:35:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (07/20/2017 08:35:41 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (07/20/2017 08:35:41 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

Error: (07/20/2017 08:27:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (07/20/2017 08:27:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (07/20/2017 08:27:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (07/20/2017 08:27:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535


CodeIntegrity:
===================================
Date: 2017-05-25 08:21:11.817
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nldrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-05-25 08:21:11.791
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\nldrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-02 04:10:18.223
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 04:10:18.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 04:10:18.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 04:10:18.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 04:10:17.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 04:10:17.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 04:10:17.759
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.

Date: 2017-02-02 04:10:17.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 56%
Total physical RAM: 4087.29 MB
Available physical RAM: 1787.7 MB
Total Virtual: 8172.76 MB
Available Virtual: 5690.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.97 GB) (Free:2.3 GB) NTFS
Drive d: () (Fixed) (Total:97.56 GB) (Free:28.64 GB) NTFS
Drive e: () (Fixed) (Total:540.89 GB) (Free:95.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 16E1E009)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Hi Broni,

First of all, thanks a lot for replying to my post. After doing all the things that you've instructed me, here are all the logs that I've got.

RK LOG
RogueKiller V12.11.7.0 (x64) [Jul 17 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Oraa Main [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 07/22/2017 22:43:27 (Duration : 00:41:28)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 26 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\MYGAME -> Not selected
[PUP.DownloadAssistant] (X64) HKEY_USERS\RK_Oraa_ON_D_8458\Software\DVDVideoSoft -> Not selected
[PUP.DownloadAssistant] (X86) HKEY_USERS\RK_Oraa_ON_D_8458\Software\DVDVideoSoft -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\csastats -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\ProductSetup -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\csastats -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1911061356-2502327290-2235871531-1000\Software\ProductSetup -> Not selected
[PUP.Gen0|VT.not-a-virus:HEUR:AdWare.Win32.Seserch.gen] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B4E6\ControlSet001\Services\SPS (C:\WINDOWS\SysWOW64\SearchProtectService.exe) -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\RK_Oraa_ON_D_8458\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_Oraa_ON_D_8458\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\RK_Oraa_ON_D_8458\Software\Microsoft\Internet Explorer\Main | Search Page : http://hi.ru/search/?q={searchTerms} -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\RK_Oraa_ON_D_8458\Software\Microsoft\Internet Explorer\Main | Search Page : http://hi.ru/search/?q={searchTerms} -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{840B53B5-C425-4DDA-B8B8-1FE647B8F542} | DhcpNameServer : 172.20.10.1 ([X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{95DED50E-4D75-4C9B-9D5E-18BB92ACA6C1} | DhcpNameServer : 172.20.10.1 ([X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{840B53B5-C425-4DDA-B8B8-1FE647B8F542} | DhcpNameServer : 172.20.10.1 ([]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{95DED50E-4D75-4C9B-9D5E-18BB92ACA6C1} | DhcpNameServer : 172.20.10.1 ([]) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B4E6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{E9CD86BA-F3D9-4EE0-A2E9-686613F55B35}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B4E6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{7DFE9524-36C4-4BE4-A1F8-FF7CBE0620E0}C:\windows\kmsemulator.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\kmsemulator.exe|Name=KMSEmulator|Desc=KMSEmulator|Defer=User| [x] -> Not selected
[Suspicious.Path|VT.W32.HfsAdware.1073] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B4E6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {74442F39-7867-4B5D-9522-EAA5546EE8F3} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Oraa\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[Suspicious.Path|VT.W32.HfsAdware.1073] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_B4E6\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EDB8C9E8-A8F9-40FC-B2A3-A83A3A9836BF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Oraa\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_8EB8\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_8EB8\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_8EB8\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Flexfix\Lightlight.dll [x] -> Not selected
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_8EB8\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Flexfix\Lightlight.dll [x] -> Not selected

¤¤¤ Tasks : 5 ¤¤¤
[Suspicious.Path|VT.Unknown] %WINDIR%\Tasks\Yahoo! Powered ranal.job -- C:\Windows\system32\wscript.exe ("C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\sali.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b41383230364434332d323236322d453738352d413441342d3739433733454536463230397d5c6e6566616e61" "433a5c50726f6772616d446174615c7b41383230364434332d323236322d453738352d413441342d3739433733454536463230397d5c6e69746973656e" "//B" "//E:jscript" "--IsErIk" ) -> Not selected
[Suspicious.Path|VT.Heur.Corrupt.PE] %WINDIR%\Tasks\{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1}.job -- C:\users\ORAAMA~1\appdata\local\{BFFC8~1\HELPER~1.EXE (/Check) -> Deleted
[Suspicious.Path|VT.Heur.Corrupt.PE] \{07C0AE5F-9662-4FB0-99F4-62AF5A7F1BA1} -- C:\users\ORAAMA~1\appdata\local\{BFFC8~1\HELPER~1.EXE (/Check) -> Deleted
[Hj.Shortcut] \{2BF90957-CB02-488D-94DD-9363EAA8AD12} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://www.skype.com/go/downloading?source=lightinstaller&ver=7.9.0.103&LastError=404) -> Deleted
[Hj.Shortcut] \{EB1D083E-62B8-4AD0-9E58-A966EC3379BD} -- "c:\program files (x86)\google\chrome\application\chrome.exe" (http://www.skype.com/go/downloading?source=lightinstaller&ver=7.9.0.103&LastError=404) -> Deleted

¤¤¤ Files : 9 ¤¤¤
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> Removed at reboot [91]
[PUP.ByteFence|PUP.Gen1][File] C:\ProgramData\ByteFence\RTOP\hosts_backup -> Removed at reboot [5]
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence\RTOP -> Removed at reboot [91]
[Tr.Gen0][File] C:\Users\Oraa Main\AppData\Roaming\uTorrent\updates\3.4.5_41801\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Oraa Main\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Oraa Main\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Oraa Main\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Oraa Main\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Oraa Main\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted
[PUP.Gen1][Folder] C:\Users\Oraa Main\AppData\Local\PackageAware -> Deleted
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence -> Deleted
[PUP.ByteFence|PUP.Gen1][File] C:\ProgramData\ByteFence\RTOP\hosts_backup -> Deleted
[PUP.ByteFence|PUP.Gen1][Folder] C:\ProgramData\ByteFence\RTOP -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://feed.snapdo.com/?p=mKO_AwFzX...fV5qFbhbFblmYDko8nO3OYR1iv11OBhLAP1ENS2rFsNqQ,,] -> Not selected
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [chrome://newtab/] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00UD2A0 ATA Device +++++
--- User ---
[MBR] cc0d5dc1f1458a42c43080feaa32ba6c
[BSP] 4a09df3765bc7fd367e40107f6df27b6 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99899 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204800000 | Size: 300000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 819200000 | Size: 553868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD5000AAKX-003CA0 ATA Device +++++
--- User ---
[MBR] 14e9770d9be0fa3bf2ef626a305b1df9
[BSP] 333bb70d3bc7793f1fda66c4d175d665 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

------------------------------------------------------------------------------------------------------------------------------------------------------------------

MALWAREBYTES LOG
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/22/17
Scan Time: 11:50 PM
Log File: Malwarebytestext.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2416
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: OraaMain-PC\Oraa Main

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381981
Threats Detected: 90
Threats Quarantined: 90
Time Elapsed: 6 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 13
PUP.Optional.WinYahoo, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Chromium, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [91], [182757],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [91], [182757],1.0.2416
PUP.Optional.WinYahoo, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarantined, [91], [182757],1.0.2416
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [548], [260991],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DA9730DF-ED92-4847-BEB7-15516DC6D93C}, Quarantined, [91], [308967],1.0.2416
PUP.Optional.InstallCore, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\csastats, Quarantined, [3], [260986],1.0.2416
PUP.Optional.SearchManager, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [548], [183362],1.0.2416
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Quarantined, [658], [389038],1.0.2416
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Quarantined, [658], [389038],1.0.2416
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [548], [260991],1.0.2416
PUP.Optional.ProductSetup, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\PRODUCTSETUP, Quarantined, [15155], [242047],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered ranal, Quarantined, [91], [308968],1.0.2416

Registry Value: 5
PUP.Optional.WinYahoo, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [91], [182757],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DA9730DF-ED92-4847-BEB7-15516DC6D93C}|PATH, Quarantined, [91], [308967],1.0.2416
PUP.Optional.ProductSetup, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [15155], [242047],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [91], [182758],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarantined, [91], [182758],1.0.2416

Registry Data: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-1911061356-2502327290-2235871531-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [91], [293459],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [91], [293461],1.0.2416
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [91], [293461],1.0.2416

Data Stream: 0
(No malicious items detected)

Folder: 5
PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{A8206D43-2262-E785-A4A4-79C73EE6F209}, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\USERS\ORAA MAIN\APPDATA\LOCAL\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\USERS\ORAA MAIN\APPDATA\LOCAL\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}, Quarantined, [91], [302717],1.0.2416

File: 64
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarantined, [91], [254335],1.0.2416
PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{A8206D43-2262-E785-A4A4-79C73EE6F209}\LENE, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\aowLC, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\EpgXI, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\hdat1, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\hdat2, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\nefana, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{A8206D43-2262-E785-A4A4-79C73EE6F209}\sali.txt, Quarantined, [1231], [343986],1.0.2416
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.6\STANDALONEPHASE1.DAT, Quarantined, [599], [393793],1.0.2416
PUP.Optional.OpenCandy, C:\USERS\ORAA MAIN\DOWNLOADS\CHEATENGINE66.EXE, Quarantined, [546], [101648],1.0.2416
PUP.Optional.Avanquest, C:\USERS\ORAA MAIN\DOWNLOADS\SMARTDRIVERUPDATER.EXE, Quarantined, [2662], [354830],1.0.2416
PUP.Optional.InstallCore, C:\USERS\ORAA MAIN\DOWNLOADS\SUPER_MARIO_BROS_2.EXE, Quarantined, [3], [301065],1.0.2416
Adware.InstallMonster, C:\USERS\ORAA MAIN\DOWNLOADS\SONY-VEGAS-PRO-13-CRACK-DOWNLOAD-BY-A2ZCRACK.ZIP, Quarantined, [147], [417100],1.0.2416
PUP.Optional.WinYahoo, C:\USERS\ORAA MAIN\APPDATA\LOCAL\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\NANO, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\chromium-min.jpg, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\control panel-min-min.JPG, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\down.png, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\ff menu.JPG, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\ff search engine-min.png, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\HowToRemove.html, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\hp-min ff.png, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\hp-min ie.png, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\search engine.gif, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\setup pages.gif, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\sp-min.png, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\start-min.jpg, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\HowToRemove\up.png, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\bapi_ff.dat, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\bapi_ie.dat, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\codi, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\install.log, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\lali, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\leti.dat, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\reto.cfg, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\sosi, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\Sqlite3.dll, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\uninst.dat, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{BFA189FD-9B09-E545-F691-C0ADD2F93C35}\uninst.exe, Quarantined, [91], [246924],1.0.2416
PUP.Optional.WinYahoo, C:\USERS\ORAA MAIN\APPDATA\LOCAL\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\chromium-min.jpg, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\control panel-min-min.JPG, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\down.png, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\ff menu.JPG, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\ff search engine-min.png, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\hp-min ff.png, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\hp-min ie.png, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\search engine.gif, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\setup pages.gif, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\sp-min.png, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\start-min.jpg, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\HowToRemove\up.png, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\bapi16.dat, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\bapi17.dat, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\install.log, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\leti.dat, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\melo, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\nano, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\reto.cfg, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\sosi, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\Sqlite3.dll, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\uninst.dat, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\Users\Oraa Main\AppData\Local\{C162F73E-E5CA-9B86-8852-BE6EAC3A42F6}\uninst.exe, Quarantined, [91], [302717],1.0.2416
PUP.Optional.WinYahoo, C:\WINDOWS\TASKS\Yahoo! Powered ranal.job, Quarantined, [91], [308966],1.0.2416
PUP.Optional.WinYahoo, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Powered ranal, Quarantined, [91], [308969],1.0.2416

Physical Sector: 0
(No malicious items detected)


(end)

============================================================================================

ADWCLEANER LOG
# AdwCleaner 7.0.0.0 - Logfile created on Sat Jul 22 16:20:14 2017
# Updated on 2017/17/07 by Malwarebytes
# Database: 07-16-2017.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\freemake shared


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MYGAME
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

SearchProvider found: AOL - aol.com
SearchProvider found: Softonic EN - microsoft-powerpoint.en.softonic.com
SearchProvider found: Ask - ask.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

============================================================================================

JRT LOG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by Oraa Main (Administrator) on Sun 07/23/2017 at 0:26:31.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 74

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Oraa Main\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01KOMSNJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XDQJ1L5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O37HL3L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IEL8RQH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X31MNBR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54SA2M0B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69LPPO14 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84LKPOMI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8E7KHDBL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JKF4KNP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WR5L4Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARY3SWCW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNPGE6W3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAO605F1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFROYZD1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXN2OQUT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KK53I1WZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHIJ0SM0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRLQJAAZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEKF0NPT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH19A4FN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBPAIY5S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVSAQ697 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXJRHDZ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1XLXAJL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNGD4YR3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X208MWM0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTLQPG48 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVRTQE9H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCC8AIBO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTYRC9T4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Oraa Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV0UHDF8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01KOMSNJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XDQJ1L5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O37HL3L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IEL8RQH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3X31MNBR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54SA2M0B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69LPPO14 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84LKPOMI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8E7KHDBL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JKF4KNP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WR5L4Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARY3SWCW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNPGE6W3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAO605F1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GFROYZD1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXN2OQUT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KK53I1WZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LHIJ0SM0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRLQJAAZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PEKF0NPT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH19A4FN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBPAIY5S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVSAQ697 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXJRHDZ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1XLXAJL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNGD4YR3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X208MWM0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XTLQPG48 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVRTQE9H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCC8AIBO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTYRC9T4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV0UHDF8 (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/23/2017 at 0:31:58.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
However, I still got this notification from AVAST, even after doing all the things that you've instructed me and the action that the AV suggested me to do.

hurri.PNG
 

Attachments

  • AdwCleaner[S0].txt
    1.9 KB · Views: 0
  • JRT.txt
    12.4 KB · Views: 0
  • Malwarebytestext.txt
    14 KB · Views: 0
  • rk_9FBD.tmp.txt
    18.9 KB · Views: 0
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni

Latest posts

Back