Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by notepad.exe on task manager.


  • This topic is locked This topic is locked
5 replies to this topic

#1 ken1421991

ken1421991

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 09 July 2017 - 08:48 PM

Hello guys,

 

My computer keep facing a problem. When I close my task manager, the CPU usage keep going to 100% then when I open the task manager to check its has a notepad.exe using alot of cpu usage then when I try to end process it will disappear. If I keep open the task manager and remain there the notepad.exe wont pop up however once I closed the task manager, the problem come back again.  I posted a picture regarding this problem. 

 

and here is my logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by dobleepe (administrator) on DObleepE-PC (10-07-2017 11:03:42)
Running from D:\Download
Loaded Profiles: dobleepe (Available Profiles: dobleepe)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe
() D:\Program Files\kuwo\kuwomusic\8.2.0.0_BCS33\bin\tasktk.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Frameworkx86\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Golden Frog, GmbH.) D:\Program Files\VyprVPN\VyprVPNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Valve Corporation) G:\Program Files\Steam\Steam.exe
(Valve Corporation) G:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Valve Corporation) G:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(深圳市迅雷网络技术有限公司) D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
(ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
(ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
(ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
(ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
(ShenZhen Xunlei Networking Technologies,LTD) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLUEOPS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [tasktk] => D:\Program Files\kuwo\kuwomusic\8.2.0.0_BCS33\bin\tasktk.exe [254312 2016-09-03] ()
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\...\RunOnce: [QEMcsNwjfm] => C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe [1048064 2017-06-30] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 61.9.226.1 61.9.226.33
Tcpip\..\Interfaces\{066BECDD-5624-4DA3-9A51-1799F2E74613}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{1FFAA677-58D0-4178-AA1D-D8164F313B69}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{663588DB-BFA5-462C-98D8-8A2D5741DFF2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{663588DB-BFA5-462C-98D8-8A2D5741DFF2}: [DhcpNameServer] 61.9.226.1 61.9.226.33
Tcpip\..\Interfaces\{AE140A88-4681-4D10-BA29-F3CA9527759F}: [DhcpNameServer] 10.143.147.147 10.143.147.148
Tcpip\..\Interfaces\{ECDD0482-4114-46C0-A297-E87460D2D354}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ECDD0482-4114-46C0-A297-E87460D2D354}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{FAAD066E-2A6D-472A-AAA5-0CDA8685FD6E}: [DhcpNameServer] 10.3.35.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=79081068_2_oem_dg&ch=33
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-04-07] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-04-07] (Oracle Corporation)
BHO-x32: VideoUrlSniffer Class -> {00000ADA-7E0D-47C1-986C-F017D09C4304} -> C:\Users\Public\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.4.157.(116).dll [2014-09-01] (深圳市迅雷网络技术有限公司)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-04-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-07-07] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-04-07] (Oracle Corporation)
BHO-x32: 捃濘狟婥盓厥郪璃 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll [2013-11-14] (深圳市迅雷网络技术有限公司)
Toolbar: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: l68vqfkf.default
FF ProfilePath: C:\Users\dobleepe\AppData\Roaming\Mozilla\Firefox\Profiles\l68vqfkf.default [2017-07-08]
FF Extension: (Thunder Extension) - C:\Users\dobleepe\AppData\Roaming\Mozilla\Firefox\Profiles\l68vqfkf.default\Extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [2016-11-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-19] ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-04-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-04-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-20] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @gamania.com/beanfun -> C:\Program Files (x86)\beanfun!\beanfun! Plugin\npBFWebStart.dll [2012-08-06] ( )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-04-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-04-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @xfplay.com/xfplay -> D:\Program Files\xfplay\npxfweb.dll [2014-04-17] (http://www.xfplay.com)
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npKKDapCtrl.dll [2015-05-28] (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll [2013-07-06] (ShenZhen Thunder Networking Technologies, LTD)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2016-05-21] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [2007-03-10] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-3380425550-2880331113-4268548110-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2016-05-21] ( )
FF Plugin HKU\S-1-5-21-3380425550-2880331113-4268548110-1000: gf2.gameflier.com/WebLauncher -> C:\GF2_WebLaunch\npWebLauncher.dll [2016-10-02] (Gameflier)
StartMenuInternet: FIREFOX.EXE - D:\Program Files\Firefox\firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default [2017-07-10]
CHR Extension: (Google Slides) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-14]
CHR Extension: (Google Docs) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-14]
CHR Extension: (Google Drive) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-14]
CHR Extension: (YouTube) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-14]
CHR Extension: (beanfun!擴充元件) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgakmbkklpmijhckpolanjijghgfpeoa [2016-10-22]
CHR Extension: (Tampermonkey) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-19]
CHR Extension: (Adobe Acrobat) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Google Sheets) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Grammarly for Chrome) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1536520 2017-06-24] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 clr_optimization_v4.0.30319; C:\Windows\Microsoft.NET\Frameworkx86\v4.0.30319\mscorsvw.exe [14268928 2016-08-07] (Microsoft Corporation) [File not signed]
S3 Disc Soft Lite Bus Service; D:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
S3 NGS; C:\Windows\NGService.exe [2466888 2017-07-02] (NEXON Korea Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [8015032 2017-02-16] (INCA Internet Co., Ltd.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-08] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files\Origin\OriginClientService.exe [2122248 2017-03-04] (Electronic Arts)
S2 Origin Web Helper Service; D:\Program Files\Origin\OriginWebHelperService.exe [2184208 2017-03-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-04-01] ()
R2 SEVPNCLIENT; D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2016-03-28] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
R2 VyprVPN; D:\Program Files\VyprVPN\VyprVPNService.exe [234496 2016-03-03] (Golden Frog, GmbH.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2016-05-21] (ShenZhen Xunlei Networking Technologies,LTD)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-03-14] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-03-14] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180480 2015-10-08] (Intel Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0014.sys [38432 2016-03-28] (SoftEther Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-02-24] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3591384 2014-10-13] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [3591384 2014-10-13] (Realtek Semiconductor Corporation                           )
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-08-15] (Anchorfree Inc.)
S3 tapvyprvpn; C:\Windows\System32\DRIVERS\tapvyprvpn.sys [44896 2016-03-03] (The OpenVPN Project)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-10 11:03 - 2017-07-10 11:03 - 00000000 ____D C:\FRST
2017-07-06 04:45 - 2017-07-06 16:55 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\obs-studio
2017-07-06 04:44 - 2017-07-06 04:44 - 00000855 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-07-06 04:36 - 2017-07-06 04:42 - 00004743 _____ C:\Users\dobleepe\AppData\Roaming\net.telestream.gameshow.xml
2017-07-06 04:36 - 2017-07-06 04:42 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\Vara Software
2017-07-06 04:36 - 2017-07-06 04:37 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\WirecastCache
2017-07-06 04:36 - 2017-07-06 04:36 - 00000101 _____ C:\Users\dobleepe\AppData\Roaming\net.telestream.gameshow.app_user_guid.xml
2017-07-06 04:36 - 2017-07-06 04:36 - 00000000 ____D C:\Users\Public\Documents\Gameshow
2017-07-06 04:36 - 2017-07-06 04:36 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\Wirecast
2017-07-06 04:36 - 2017-07-06 04:36 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\Gameshow
2017-07-06 04:36 - 2017-07-06 04:36 - 00000000 ____D C:\Users\dobleepe\AppData\Local\Telestream
2017-07-06 04:36 - 2017-07-06 04:36 - 00000000 ____D C:\ProgramData\Telestream
2017-07-06 04:18 - 2017-07-06 04:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-07-06 03:56 - 2017-07-06 03:56 - 00000000 ____D C:\Users\dobleepe\AppData\Local\Chromium
2017-07-05 14:31 - 2017-07-05 14:31 - 00000757 _____ C:\Users\Public\Desktop\Secret World Legends.lnk
2017-07-05 14:31 - 2017-07-05 14:31 - 00000000 ____D C:\Users\dobleepe\AppData\Local\Funcom
2017-07-05 14:31 - 2017-07-05 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
2017-07-04 23:10 - 2017-07-04 23:31 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\Awesomium
2017-07-04 22:56 - 2017-07-04 23:00 - 00000000 ____D C:\Program Files (x86)\PCFixKit
2017-07-04 22:56 - 2017-07-04 22:56 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\PCFixKit
2017-07-04 22:15 - 2005-01-03 16:13 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2017-07-04 22:15 - 2003-07-19 06:47 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2017-07-04 21:48 - 2017-07-04 21:50 - 00000000 ____D C:\Users\dobleepe\AppData\Local\IIIQF
2017-07-04 21:48 - 2017-07-04 21:48 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\Solvusoft
2017-07-04 21:48 - 2017-07-04 21:48 - 00000000 ____D C:\ProgramData\Solvusoft
2017-07-04 21:38 - 2017-07-04 23:01 - 00000000 ____D C:\AdwCleaner
2017-07-04 21:37 - 2017-07-04 21:37 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2017-07-04 20:01 - 2017-07-04 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PLAYNC
2017-07-04 19:56 - 2017-07-04 19:56 - 00000000 ____D C:\ProgramData\PLAYNC
2017-07-04 18:06 - 2017-07-04 18:08 - 00000000 ____D C:\Users\dobleepe\Downloads\LINEAGE2_TW
2017-07-04 09:45 - 2017-07-04 09:45 - 00000951 _____ C:\Users\dobleepe\Desktop\NC Launcher.lnk
2017-07-04 09:45 - 2017-07-04 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NC Launcher
2017-07-03 18:36 - 2017-07-03 18:36 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\discordsdk
2017-07-03 18:35 - 2017-07-03 18:35 - 00000000 ____D C:\Users\dobleepe\AppData\Local\UnrealEngine
2017-07-03 18:35 - 2017-07-03 18:35 - 00000000 ____D C:\Users\dobleepe\AppData\Local\Lawbreakers
2017-07-03 18:35 - 2017-07-02 22:38 - 02466888 _____ (NEXON Korea Corporation) C:\Windows\NGService.exe
2017-07-02 16:09 - 2017-07-02 16:09 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\NVIDIA
2017-06-30 22:16 - 2017-06-30 22:16 - 00000000 ____D C:\Users\dobleepe\AppData\Local\aBItJJepLe
2017-06-29 18:34 - 2017-06-08 11:05 - 40201664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 35350136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 35281344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 28593272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 17424984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 14276216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-06-29 18:34 - 2017-06-08 11:05 - 11056272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 11027968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 10551072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 08808488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 03437504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 03020920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438253.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 01606776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438253.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 01056192 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00993728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00964032 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00914880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00688784 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00507688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00426128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00406552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-06-29 18:34 - 2017-06-08 11:05 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-06-27 19:14 - 2017-06-27 19:14 - 00000717 _____ C:\Users\dobleepe\Desktop\stp-se4dx11 - Shortcut.lnk
2017-06-27 19:12 - 2017-06-27 19:13 - 00000000 ____D C:\Users\dobleepe\AppData\Local\SniperElite4
2017-06-27 19:11 - 2017-06-27 19:11 - 00000000 ____D C:\ProgramData\Sniper Elite 4
2017-06-27 10:37 - 2017-06-27 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 4
2017-06-26 14:29 - 2017-06-26 14:29 - 00000048 _____ C:\Users\dobleepe\Desktop\Tm Report.txt
2017-06-24 13:41 - 2017-06-24 13:46 - 00000000 ____D C:\Users\dobleepe\Documents\Argo
2017-06-24 13:41 - 2017-06-24 13:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2017-06-19 19:53 - 2017-06-19 19:53 - 00293851 _____ C:\Users\dobleepe\Desktop\Resume Form Soo Ting Wei (Ken).pdf
2017-06-19 19:52 - 2017-07-05 15:17 - 00057754 _____ C:\Users\dobleepe\Desktop\Cover Letter Soo Ting Wei (Ken).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-10 11:03 - 2016-08-17 22:07 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-10 00:51 - 2016-03-14 19:50 - 00000046 _____ C:\Users\dobleepe\AppData\Roaming\CoreAVC.ini
2017-07-09 19:23 - 2016-03-17 22:25 - 00866036 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-09 19:23 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\inf
2017-07-09 05:36 - 2016-03-14 12:27 - 00000000 ____D C:\Program Files\Microsoft Office
2017-07-08 00:11 - 2016-11-24 05:04 - 00000000 ____D C:\Users\dobleepe\AppData\LocalLow\Mozilla
2017-07-07 21:25 - 2016-03-14 11:44 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-07 17:22 - 2016-03-14 12:47 - 00000000 ____D C:\Users\dobleepe\AppData\Local\CrashDumps
2017-07-07 04:17 - 2017-03-10 16:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-07 04:17 - 2016-05-31 14:59 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-07-07 04:17 - 2009-07-14 12:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-06 04:36 - 2017-04-06 13:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-07-04 22:45 - 2009-07-14 14:15 - 00025136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-04 22:45 - 2009-07-14 14:15 - 00025136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-04 22:37 - 2009-07-14 14:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-04 21:39 - 2016-03-14 11:59 - 00001290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-04 20:46 - 2016-08-07 02:07 - 00000000 ____D C:\Users\Public\WebGameRes
2017-07-03 18:35 - 2016-08-07 18:13 - 00000000 ____D C:\Users\dobleepe\AppData\Local\NVIDIA Corporation
2017-07-02 21:45 - 2017-04-21 16:43 - 00000029 _____ C:\Users\dobleepe\Desktop\apple case id.txt
2017-07-02 16:54 - 2016-03-14 11:41 - 00118912 _____ C:\Users\dobleepe\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-02 16:06 - 2016-03-14 12:13 - 00000000 ____D C:\Users\dobleepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2017-06-28 04:30 - 2016-03-14 11:59 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-25 00:14 - 2009-07-14 14:27 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-24 15:32 - 2016-08-30 06:53 - 00000593 _____ C:\Users\dobleepe\Desktop\Textbook SP 5.txt
2017-06-21 16:54 - 2017-03-10 14:26 - 00003180 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-21 16:54 - 2017-03-10 14:26 - 00002168 _____ C:\Users\dobleepe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-21 16:54 - 2017-03-10 14:26 - 00000000 ___RD C:\Users\dobleepe\OneDrive
2017-06-20 10:10 - 2017-05-13 00:33 - 00000000 ____D C:\Users\dobleepe\Desktop\Business Intelligent
2017-06-19 23:39 - 2016-07-04 11:37 - 00000734 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-06-19 18:41 - 2017-03-05 18:46 - 00000166 _____ C:\Users\dobleepe\Desktop\rental.txt
2017-06-19 17:49 - 2016-04-07 03:29 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-19 17:49 - 2016-04-07 03:29 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-19 17:49 - 2016-04-07 03:29 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-19 17:49 - 2016-04-07 03:29 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-19 17:49 - 2016-04-07 03:29 - 00000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2016-03-24 19:18 - 2016-03-24 19:18 - 0000624 _____ () C:\Users\dobleepe\AppData\Roaming\All CPU MeterV3_Settings.ini
2016-03-14 19:50 - 2017-07-10 00:51 - 0000046 _____ () C:\Users\dobleepe\AppData\Roaming\CoreAVC.ini
2016-03-14 12:20 - 2016-03-14 12:20 - 0000281 _____ () C:\Users\dobleepe\AppData\Roaming\GPU MeterV2_Settings.ini
2017-07-06 04:36 - 2017-07-06 04:36 - 0000101 _____ () C:\Users\dobleepe\AppData\Roaming\net.telestream.gameshow.app_user_guid.xml
2017-07-06 04:36 - 2017-07-06 04:42 - 0004743 _____ () C:\Users\dobleepe\AppData\Roaming\net.telestream.gameshow.xml
2016-09-28 01:47 - 2016-10-20 23:48 - 0000367 _____ () C:\Users\dobleepe\AppData\Roaming\Weather Meter_Settings.ini
2016-03-14 11:47 - 2016-03-14 11:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-08-11 06:01 - 2016-08-11 06:01 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
2016-03-03 19:20 - 2015-07-30 05:38 - 0681097 _____ (SQLite Development Team) C:\Users\dobleepe\AppData\Local\Temp\sqlite3.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-02 00:55
 
==================== End of FRST.txt ============================
 
Here is my Addition log.
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by dobleepe (10-07-2017 11:03:57)
Running from D:\Download
Windows 7 Ultimate Service Pack 1 (X64) (2016-03-14 02:09:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3380425550-2880331113-4268548110-500 - Administrator - Disabled)
dobleepe (S-1-5-21-3380425550-2880331113-4268548110-1000 - Administrator - Enabled) => C:\Users\dobleepe
Guest (S-1-5-21-3380425550-2880331113-4268548110-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3380425550-2880331113-4268548110-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Checker 2.1.6.0 (HKLM-x32\...\{2579BD20-98A3-44E4-BFDD-F75F02F4F5AD}_is1) (Version: 2.1.6.0 - Greedy Intelligence Ltd.)
8GadgetPack (HKLM-x32\...\{5D6CB70E-6FA7-4E5E-8A12-06612313E671}) (Version: 18.0.0 - Helmut Buhler)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{AA3B06B1-E89A-43C6-A26B-7109DB4BEE7B}) (Version: 12.0.7.148 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.53 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
ASUS USB-N10 Wireless LAN Driver (HKLM-x32\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.0.0.9 - ASUS)
ASUS USB-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.6 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
beanfun! Plugin (HKLM-x32\...\{F010C024-ED3C-4A31-8045-4FBFC3875513}) (Version: 1.0.12 - beanfun!)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Gamania Game Manager (HKLM-x32\...\{A01DC586-ECF7-4911-823B-A5AF920EA36C}) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mozilla Firefox 54.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-GB)) (Version: 54.0.1 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
NC Launcher (HKLM-x32\...\NCLauncherS_plaync) (Version:  - NCSOFT)
NVIDIA Graphics Driver 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.3.15631 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Secret World Legends (HKLM-x32\...\Secret World Legends_is1) (Version: 1.0.0 - Funcom)
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
SimTheme Park (HKLM-x32\...\Theme Park World) (Version:  - )
Sniper Elite 4 (HKLM\...\Sniper Elite 4_is1) (Version: 1.0 - )
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.19.9599 - SoftEther VPN Project)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Theme Park World Fix (HKLM-x32\...\{42082D6A-7C60-4CD9-B6FC-81E6F1FA96EF}) (Version: 1.0.0 - Adam Hearn)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-5) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0-2) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1-2) (Version: 1.0.42.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1-2) (Version: 1.0.5.1 - LunarG, Inc.)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.7.10.6417 - Golden Frog, GmbH.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
影音先锋 9.9.2 P2P 云3D版 (HKLM-x32\...\yyxfplayer_is1) (Version:  - 零与壹软件)
捃濘7 (HKLM-x32\...\thunder_is1) (Version:  - 捃濘厙釐撮扲衄癹鼠侗)
新天堂II 經典伺服器 (HKLM-x32\...\{C2198261-3ED2-4907-82C2-CCFF136B0F35}) (Version: 2.00.0000 - NC TAIWAN CO., LTD .)
絶對武力Online2 (HKLM-x32\...\Counter-Strike Online 2) (Version:  - )
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)
迅雷看看播放器 (HKLM-x32\...\迅雷看看播放器) (Version: 4.9.17.2314 - 迅雷网络技术有限公司)
酷我音乐 (HKLM-x32\...\KwMusic7) (Version: 8.2.0.0 - 酷我科技)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\dobleepe\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} =>  -> No File
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.88.(389).dll [2016-06-01] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ContextMenuHandlers01: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ContextMenuHandlers01: [AXmp] -> {8F556DA3-987D-47b0-AA88-EB8D52FE1B99} =>  -> No File
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRar\rarext.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ContextMenuHandlers04: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ContextMenuHandlers05: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-06-08] (NVIDIA Corporation)
ContextMenuHandlers06: [.RBCShellExternal] -> {30C5E658-70B6-4570-A780-D362A5BE2049} => C:\Users\Public\Video Legend\RBC\Addins\RBCShellExternal64.dll [2016-06-08] (Shenzhen Video Legend Network Technology Co.,Ltd.)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRar\rarext.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FF9D50F-A4D8-4496-9A68-B7D09210EF02} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-07] (Microsoft Corporation)
Task: {21052472-E53B-4B8C-97D2-94C56735892C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {2319D2BF-1988-4E5B-A58D-D5A8042930C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {3362555A-D9E7-4649-A07E-C8C65EC12A4E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {4455E864-43FC-49B5-905B-2145A8CF60C2} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Task: {4C575747-9B45-4BB6-99B3-1D4FBFD0EB77} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Task: {5EDB1676-0DE1-4702-83B5-7C50FBE303B0} - System32\Tasks\{000EEFD1-92E0-4B5B-9699-9A32A650353D} => D:\Program Files\SimTheme Park\TP.exe
Task: {781644D8-787D-4D35-B915-9651A1D4F020} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
Task: {783E7B4C-4D76-4753-9073-ED1914CA80E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {7870D0C5-ABEC-4B98-9E77-5A462EBCFF3D} - System32\Tasks\{091DE3F2-6809-4568-AD28-6F46CF5B086B} => D:\Program Files\SimTheme Park\TP.exe
Task: {8393EFDC-E2BF-441B-A463-67A62B35FC75} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {8945E0FF-BFBF-4637-9676-52FE34F7BE98} - System32\Tasks\{7070CE25-F111-49DB-8E81-DBC4F093A940} => D:\Program Files\SimTheme Park\TP.exe
Task: {8F65F496-A09D-4E5F-BB72-2BA671E4F0C2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Task: {945A9E52-B6A4-4D0A-B9FA-A18F8136173F} - System32\Tasks\{F30DD117-CB83-4F00-B0BD-329D3D0BE509} => D:\Program Files\SimTheme Park\TP.exe
Task: {95638E50-A358-4DA3-A092-8B9505F4540E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Task: {95D02573-BD38-4652-8AFB-95D479184356} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-07] (Microsoft Corporation)
Task: {9B75F12C-653F-408C-8AED-BCAB96F03590} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Task: {B25A9E4C-74BF-48A5-92E1-49646DC75CA7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-19] (Adobe Systems Incorporated)
Task: {BE9521C6-4918-4505-A986-C680D9EF6575} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {CB091405-E2FF-4364-925E-FD8D4125ABF3} - System32\Tasks\{A633EC62-80F7-4F3E-A5D1-4460DCDE0E79} => D:\Program Files\SimTheme Park\TP.exe
Task: {DF0DC632-C5B7-4700-AB45-6F8F2BADC10F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-02] (NVIDIA Corporation)
Task: {E3E06C1A-5E3C-4ACC-8D51-C47EE26CB5D5} - System32\Tasks\Google Pinyin Daemon => C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2016-03-14] (Google Inc.)
Task: {E999A5FC-46D6-4805-9BA1-5E768434E820} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-14] (Google Inc.)
Task: {F4F0D876-BDF6-4A16-80C9-883CD5929363} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-07-07] (Microsoft Corporation)
Task: {FC6FC138-8248-43EF-88C5-7DCF33BBE931} - System32\Tasks\{6AA9F52B-3632-46F3-87EE-E48CF8B2F11F} => D:\Program Files\SimTheme Park\TP.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\dobleepe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> D:\Program Files\Firefox\firefox.exe (Mozilla Corporation)
 
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> D:\Program Files\Firefox\firefox.exe (Mozilla Corporation) -> hxxp://sina.lt/eXSE
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-10 16:14 - 2017-07-07 04:15 - 08932040 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-06-30 22:16 - 2017-06-30 22:16 - 01048064 _____ () C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe
2016-09-03 11:02 - 2016-09-03 11:02 - 00254312 _____ () D:\Program Files\kuwo\kuwomusic\8.2.0.0_BCS33\bin\tasktk.exe
2016-03-14 12:09 - 2016-03-14 12:09 - 00921416 _____ () C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exe
2016-04-01 03:22 - 2016-04-01 03:22 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-03-14 12:09 - 2013-06-07 03:46 - 00012520 _____ () C:\Users\dobleepe\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll
2016-03-14 12:09 - 2013-06-07 03:46 - 00015080 _____ () C:\Users\dobleepe\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll
2016-03-14 12:09 - 2013-06-07 03:46 - 00014056 _____ () C:\Users\dobleepe\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll
2017-06-28 04:30 - 2017-06-23 12:51 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 04:30 - 2017-06-23 12:51 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-03-03 09:15 - 2016-03-03 09:15 - 00104960 _____ () D:\Program Files\VyprVPN\GoldenFrogWFP.dll
2016-05-21 13:36 - 2016-05-21 13:36 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2016-05-21 13:36 - 2016-05-21 13:36 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2015-10-16 05:14 - 2015-10-16 05:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-03-23 00:28 - 2017-05-17 11:24 - 00678176 _____ () G:\Program Files\Steam\SDL2.dll
2016-03-23 00:28 - 2016-09-01 10:32 - 04969248 _____ () G:\Program Files\Steam\v8.dll
2016-03-23 00:28 - 2016-09-01 10:32 - 01563936 _____ () G:\Program Files\Steam\icui18n.dll
2016-03-23 00:28 - 2016-09-01 10:32 - 01195296 _____ () G:\Program Files\Steam\icuuc.dll
2016-03-23 00:28 - 2017-06-08 15:12 - 02485536 _____ () G:\Program Files\Steam\video.dll
2016-03-23 00:28 - 2016-01-27 17:19 - 02549760 _____ () G:\Program Files\Steam\libavcodec-56.dll
2016-03-23 00:28 - 2016-01-27 17:19 - 00442880 _____ () G:\Program Files\Steam\libavutil-54.dll
2016-03-23 00:28 - 2016-01-27 17:19 - 00491008 _____ () G:\Program Files\Steam\libavformat-56.dll
2016-03-23 00:28 - 2016-01-27 17:19 - 00332800 _____ () G:\Program Files\Steam\libavresample-2.dll
2016-03-23 00:28 - 2016-01-27 17:19 - 00485888 _____ () G:\Program Files\Steam\libswscale-3.dll
2016-03-23 00:28 - 2017-06-08 15:12 - 00877856 _____ () G:\Program Files\Steam\bin\chromehtml.DLL
2016-03-23 00:28 - 2016-07-05 07:47 - 00266560 _____ () G:\Program Files\Steam\openvr_api.dll
2017-03-01 16:34 - 2017-05-09 05:15 - 69516064 _____ () G:\Program Files\Steam\bin\cef\cef.win7\libcef.dll
2017-06-19 18:24 - 2017-05-17 11:24 - 00678176 _____ () G:\Program Files\Steam\bin\cef\cef.win7\SDL2.dll
2016-03-23 00:28 - 2017-06-08 15:12 - 00385312 _____ () G:\Program Files\Steam\steam.dll
2016-03-23 00:28 - 2015-09-25 09:22 - 00119208 _____ () G:\Program Files\Steam\winh264.dll
2016-03-14 12:11 - 2013-04-27 15:00 - 00056272 _____ () D:\Program Files\Thunder Network\Xmp\Program\XLBugHandler.dll
2016-03-14 12:11 - 2013-04-27 15:00 - 00162304 _____ () D:\Program Files\Thunder Network\Xmp\Program\libpng13.dll
2016-03-14 12:11 - 2013-04-27 15:00 - 00062464 _____ () D:\Program Files\Thunder Network\Xmp\Program\zlib1.dll
2016-03-14 12:11 - 2013-04-27 15:00 - 00684032 _____ () D:\Program Files\Thunder Network\Xmp\Program\libexpat.dll
2016-03-14 12:11 - 2013-04-27 15:00 - 00021504 _____ () D:\Program Files\Thunder Network\Xmp\Program\minizip.dll
2016-11-03 21:50 - 2015-10-28 16:49 - 01325568 _____ () C:\Users\Public\Thunder Network\APlayer\codecs\vsfilter.dll
2016-11-03 21:50 - 2015-09-29 12:02 - 00427008 _____ () C:\Users\Public\Thunder Network\APlayer\codecs\audioswitcher.dll
2016-11-03 21:50 - 2016-04-13 14:15 - 00642048 _____ () C:\Users\Public\Thunder Network\APlayer\codecs\mp4splitter.dll
2016-11-03 21:50 - 2009-07-30 20:44 - 00319488 _____ () C:\Users\Public\Thunder Network\APlayer\codecs\coreaac.ax
2016-11-03 21:50 - 2014-10-13 11:54 - 00223616 _____ () C:\Users\Public\Thunder Network\APlayer\codecs\aplayerdlna.dll
2016-03-14 12:11 - 2013-04-27 15:00 - 00056272 _____ () C:\Users\Public\Thunder Network\XMP4\Core\Program\XLBugHandler.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\...\sharepoint.com -> hxxps://imailsunwayedu.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:04 - 2017-04-09 21:14 - 00001784 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1                   anchorfree.net
127.0.0.1                   rss2search.com
127.0.0.1                   techbrowsing.com
127.0.0.1                   box.anchorfree.net
127.0.0.1                   www.mefeedia.com
127.0.0.3                   www.anchorfree.net
127.0.0.2                   mefeedia.com
127.0.0.1                   anchorfree.us
127.0.0.1                   a433.com
127.0.0.1                   rpt.anchorfree.net
127.0.0.1                   delivery.anchorfree.us/land.php
127.0.0.1                   hsselite.com
127.0.0.1                   www.hsselite.com
0.0.0.0 anchorfree.net
0.0.0.0 rss2search.com
0.0.0.0 techbrowsing.com
0.0.0.0 box.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 www.anchorfree.net
0.0.0.0 www.mefeedia.com
0.0.0.0 anchorfree.us
0.0.0.0 a433.com
0.0.0.0 anchorfree.net
0.0.0.0 rpt.anchorfree.net
0.0.0.0 delivery.anchorfree.us/land.php
0.0.0.0 hsselite.com
0.0.0.0 www.hsselite.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dobleepe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dobleepe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sidebar78.lnk => C:\Windows\pss\Sidebar78.lnk.Startup
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: Steam => "G:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: tasktk => D:\Program Files\kuwo\kuwomusic\8.0.3.1_UG6\bin\tasktk.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{57A09A15-D13B-4469-8B36-9FDA9E88A2D6}] => (Allow) D:\Program Files\BitComet\BitComet.exe
FirewallRules: [{FCB1AFE1-A406-4D55-81A7-355CEA1A6B95}] => (Allow) D:\Program Files\BitComet\BitComet.exe
FirewallRules: [{09BD164D-8BBE-436B-A25D-267045EB8945}] => (Allow) LPort=12812
FirewallRules: [{4C6A25CF-8CEB-40BA-A498-81D53A57D7BA}] => (Allow) LPort=12812
FirewallRules: [{3AC94489-2704-4ACC-8A99-1F76EEE219E7}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{E654FCE5-ADD3-46A9-906A-770CADB906C5}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{ADB4701C-5F25-4F9E-B301-38A489C62557}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{816E51B6-A9FE-49EB-8823-803161545B57}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{FE337B2E-7AFE-4238-B302-3759D508C37F}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{20FEA14D-0970-4CEF-9804-0DD2BDA62BD5}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{1D01E726-C901-48CE-B17F-F8458EF6EBAB}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{7A791622-73D2-481B-8F33-806239838600}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{5C294557-5234-4DE3-8759-EA3B690F2849}] => (Allow) D:\Program Files\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{D6239AB1-FD01-4DAA-B660-FD738B68BC7D}] => (Allow) D:\Program Files\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{E31EDCB8-6690-4B2E-809E-27D24B18F219}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{0FE9A877-F82E-4C48-A66A-81D774070D02}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{EDC6F6D9-D96A-4537-9036-E40A2220ABC6}] => (Allow) G:\Program Files\Steam\Steam.exe
FirewallRules: [{C1300701-FBE6-463F-AD64-1AA7BC33EED5}] => (Allow) G:\Program Files\Steam\Steam.exe
FirewallRules: [{71D698A3-D45B-48C7-8E7C-C9DDBBF904F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6959BA4A-B5E1-4262-9F0B-63670AE95D76}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B10262D8-8634-4DB0-A08B-950540235195}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E3461348-AA61-43A1-8875-6B9E7C3E0F15}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0C181712-140A-4C71-8F91-C08CD38AA01B}] => (Allow) G:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C9B4E32F-CFC6-4FC1-BA34-36D50C40144B}] => (Allow) G:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{32DC9556-ACC1-4DE7-BFED-3858831EA262}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{43C7A9AA-031A-42D8-9466-97A893AE1F68}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{687B6AF0-8655-47D8-A4E9-7D1513D4B366}] => (Allow) D:\Program Files\BitComet\BitComet.exe
FirewallRules: [{53E45068-CD69-4477-A62C-B434C1711BF8}] => (Allow) D:\Program Files\BitComet\BitComet.exe
FirewallRules: [{6D931F15-B705-4B2C-9A20-5CEA2F3AE3A3}] => (Allow) LPort=12812
FirewallRules: [{C7394501-4B38-489E-9F35-F7E53873B493}] => (Allow) LPort=12812
FirewallRules: [{DEF57228-01C3-437F-8905-9C89F68CB82E}] => (Allow) D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{A4A6DAEC-E7C4-484C-9CA1-1C4A807B1E46}] => (Allow) D:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{339346C7-167E-4B64-A908-BBB8A99FD5B3}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{D84F9148-FB32-4A63-988E-8234EA79CA0E}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{EC402113-54D9-42AE-8CED-EA1F006ED363}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{D870D913-60B7-4863-9D96-E14670DE5472}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{5A207CDA-950A-4B89-A88A-9D7895072B13}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{67DCDD71-A137-4DB1-9208-66F7FCFEE045}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D472AE94-71A5-49B9-B4FD-2AF62CA9C0F8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CA35BD74-32D2-4175-9961-4760D560DF94}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DF080D91-87F3-43CB-9B46-6B12B6F6F117}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{6B3FBEA0-61B2-492E-8BE2-9CF906676F8B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{0BA1DBF0-87AB-4699-A3F8-E7BC20C956D0}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{F2902CB0-107A-4890-9B22-15F6F1E70BDC}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{36B2493A-23FD-4EDF-9EAB-CD622FF09EBC}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{F56F00E3-65D7-4222-B5F6-1BC897362F01}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{FD1F7829-54F4-4133-A35C-9E910826672B}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{7CCDC32B-EB3B-4C96-A349-9CEE952CCE41}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{3099EBFD-E4B3-42A1-B0C7-474832FBB5EA}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{94DE506A-3192-4CBB-8DB9-69295FCF960D}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{7E65A6BE-077B-4367-8C0F-41A6CC28B53A}] => (Allow) D:\Program Files\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{41E69DE9-0F26-4D34-A438-824AE09857C0}] => (Allow) D:\Program Files\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{59976D09-CE0B-45A2-8DE8-E6D632746BE7}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{47BF9294-8462-498E-8AD9-1B7677EEBCCB}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{044287F0-5540-460E-8E9C-9C3A1B3ECE2B}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\speed_viewer_i.exe
FirewallRules: [{5FD75B1D-5C09-47EE-84B0-C5CE01753B3E}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\lsp_check.exe
FirewallRules: [{36EC61C8-F031-4CE1-8C55-46AEB46A3D5F}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\speed_viewer_i.exe
FirewallRules: [{3B5060C6-7752-4345-8096-04F00A3FAB3C}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer\lsp_check.exe
FirewallRules: [{F7C7654F-4047-4F0A-9D23-64892C8A05DB}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{B4EBE200-5BA4-4E34-AFDB-F8F3C50C20D0}] => (Allow) LPort=33674
FirewallRules: [{4FA1F39B-30DC-4EE7-8F70-49F08E7A2905}] => (Allow) LPort=33673
FirewallRules: [{F9C24074-C3E3-4124-93D0-C51D2698118E}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
FirewallRules: [{EC989033-E919-442E-A2FF-4D6DE041D736}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
FirewallRules: [{9F4CC635-3706-4420-BCAD-0F3AB5A5B9E5}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
FirewallRules: [{8D7FD329-910F-4226-8F3E-B25F62C4B02D}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\lsp_check.exe
FirewallRules: [{1AB287FA-9513-494B-83D9-E28434046EB5}] => (Allow) C:\Program Files (x86)\Thunder Network\Thunder\NetMon\lsp_check.exe
FirewallRules: [{6E144337-0C1F-493D-A3AB-8D799246559F}] => (Allow) D:\Program Files\kuwo\kuwomusic\8.2.0.0_BCS33\bin\KwMusic.exe
FirewallRules: [{DED88C86-2C75-4D14-B7BD-AD9973841D6A}] => (Allow) D:\Program Files\kuwo\kuwomusic\8.2.0.0_BCS33\bin\KwMusic.exe
FirewallRules: [{512C50C8-D5BF-4409-A864-1681A4822ED1}] => (Allow) D:\Program Files\kuwo\kuwomusic\8.2.0.0_BCS33\bin\KwService.exe
FirewallRules: [{6781666E-FB68-4DEA-80B3-A8673D6B645E}] => (Allow) D:\Program Files\kuwo\kuwomusic\8.2.0.0_BCS33\bin\KwService.exe
FirewallRules: [{9621E283-37F1-4CE8-B042-5453F7C8B1E1}] => (Allow) C:\Users\Public\Video Legend\RBC\Program\KKPSAP.exe
FirewallRules: [{CFC23472-21AB-41B6-A13E-551DC5B82C56}] => (Allow) C:\Users\Public\Video Legend\RBC\Program\KKPSAP.exe
FirewallRules: [{0BED336E-1584-4A5D-A9CB-5D8BA97B8D98}] => (Allow) C:\Users\Public\Video Legend\RBC\Program\KKTip.exe
FirewallRules: [{3C473969-E1ED-4356-8110-C0620DB789E3}] => (Allow) C:\Users\Public\Video Legend\RBC\Program\XLBugReport.exe
FirewallRules: [{F0021986-209D-4D36-AFE4-C993611B02B0}] => (Allow) C:\Program Files (x86)\Video Legend\KKP\Program\XLBugReport.exe
FirewallRules: [{5D07935F-1181-4FFC-9845-07A4FF70658F}] => (Allow) C:\Program Files (x86)\Video Legend\KKP\Program\KKP.exe
FirewallRules: [{14EFF2FB-86FF-450B-BD52-119E7973DA96}] => (Allow) C:\Users\Public\Video Legend\RBC\Program\XLBugReport.exe
FirewallRules: [{97A02937-656E-4653-81F0-13ADC9DBF05D}] => (Allow) C:\Users\Public\Video Legend\RBC\Program\KKTip.exe
FirewallRules: [{1A9B12C4-7A71-4AB5-961F-F871D5C62EF1}] => (Allow) C:\Program Files (x86)\Video Legend\KKP\Program\KKP.exe
FirewallRules: [{B60D4486-C4E2-4394-A597-DE7895E1F1AE}] => (Allow) C:\Program Files (x86)\Video Legend\KKP\Program\XLBugReport.exe
FirewallRules: [{E6408CDA-C4A7-4B5C-A0B0-2B4EEA563E60}] => (Allow) D:\Program Files\xfplay\xfp2p.exe
FirewallRules: [{65171812-DC49-4720-8999-9354BDC032C1}] => (Allow) D:\Program Files\xfplay\xfp2p.exe
FirewallRules: [{D370650F-EEBC-418B-987A-8E9D90E41383}] => (Allow) D:\Program Files\xfplay\xfplay.exe
FirewallRules: [{C2F4AB81-B18B-4506-9451-46F96C610D92}] => (Allow) D:\Program Files\xfplay\xfp2p.exe
FirewallRules: [{4ED86116-8063-4C08-870F-24E9FE7C78C4}] => (Allow) D:\Program Files\xfplay\xfplay.exe
FirewallRules: [{5662512A-702C-44BE-9ABF-94EECD14D5A3}] => (Allow) D:\Program Files\xfplay\xfplay.exe
FirewallRules: [{06F31E5D-D74A-4502-951E-D531D112C01E}] => (Allow) D:\Program Files\xfplay\xfgx9.92.exe
FirewallRules: [{5C8B802B-967A-46A6-8C22-9179F1CF4016}] => (Allow) D:\Program Files\Firefox\firefox.exe
FirewallRules: [{16484630-1D9E-4490-BD1A-2CE95E0227E3}] => (Allow) D:\Program Files\Firefox\firefox.exe
FirewallRules: [{113DE1F7-393C-4661-8F49-213FEE643859}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.223_1111\ThunderPlatform.exe
FirewallRules: [{F0356945-95D9-4641-9C1F-0C173E9EC484}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.223_1111\ThunderPlatform.exe
FirewallRules: [{E7DAADE7-BAC7-40FA-B372-1FC370D58CA2}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.223_1111\XLBugReport.exe
FirewallRules: [{0348F70A-6015-43DA-A643-C63F87521211}] => (Allow) C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.223_1111\XLBugReport.exe
FirewallRules: [{89C23AB1-1EF5-4EB7-9D5C-D0B894305657}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{9B35F735-A039-4B63-A76D-B38F544D0568}] => (Allow) c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.223_1111\thunderplatform.exe
FirewallRules: [{6757DC1B-3FE4-4D01-A1F2-2657364B8661}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{1B55DE83-1759-41EE-99A1-A2A05111302E}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XMP.exe
FirewallRules: [{9289E8CC-EE4B-4BE4-8E63-B3D7A3072856}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{7C486D2D-7C5C-4CA4-B8F9-EF00BA30D951}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLLiveUD.exe
FirewallRules: [{8434B070-95A3-463E-BD73-96B00AAFA967}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{71B1D7FB-E276-4219-9E5B-ACE60DD10DFF}] => (Allow) D:\Program Files\Thunder Network\Xmp\Program\XLBugReport.exe
FirewallRules: [{8F3238D6-9497-4582-B6A0-588AC9EF5BF7}] => (Allow) D:\Program Files\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{B5E78510-0EDE-4243-B5AD-82D9FBD29A58}] => (Allow) D:\Program Files\Thunder Network\Xmp\TP\ThunderPlatform.exe
FirewallRules: [{82AC32F9-7383-43D2-B62A-3997B845B65C}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{12217816-1B59-4930-948C-D46F0B5AF8EE}] => (Allow) C:\Users\Public\Thunder Network\XMP4\Core\Program\XLLiveUD.exe
FirewallRules: [{552495EF-9406-4417-A59E-4352A872770B}] => (Allow) G:\Program Files\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{0258A883-EF26-4CC1-AF7E-92AB7F42E679}] => (Allow) G:\Program Files\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{E4A284F0-F0B3-4FCE-906F-C31B842445BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D208DD82-00AE-4A01-867F-1D782AB8721D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD6644F1-07E7-4239-BC75-5A1191084857}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A334B63B-1E1F-4394-893D-51E7B0B24141}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4D90D5A5-B4B4-44CC-9C26-6C9B7E5FF1E4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{CE8FC9BF-DF75-4202-BC1C-E4942564D8B5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{5F0D156B-3AD0-4929-8CF9-66F21EB70081}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{87D4EB93-6FA6-497A-8C65-B86171017494}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{683F59F6-084F-4DF5-A0D8-A54C4B4960AE}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1ECEF980-A9E2-41E0-96F1-507C36717319}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06E2870F-C48F-425C-A445-7BF5F966213D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA12BAA6-2837-460A-AEA1-EE71F7DB804D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2337B501-C721-460A-B1E1-F40D2E726753}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9D8560A2-E8AF-4EB6-9EB2-1FB6ED988446}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C978760D-249D-43F6-997E-DE3E0173211C}] => (Allow) C:\ProgramData\beanfun!\NGM\NGM.exe
FirewallRules: [{435F50DC-A507-404C-B5BB-1873BC8595CF}] => (Allow) C:\ProgramData\beanfun!\NGM\NGM.exe
FirewallRules: [{FD511F4F-C5B8-4C7F-A8D7-B3D911E1CD20}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{002D4754-1C9A-41C8-A146-6EB318AFE2BA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{016EA2CA-B1CE-4905-8823-A3EAB3B5BA6D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA2F3A88-BA9E-4D7F-B1FD-A7A679184A9B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{52897716-3847-4B08-BC09-4552ED2565C0}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F5ECD088-7812-4B97-8F10-7F55E62CBDF4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E9D3795-E5CF-4E11-A296-D9B41BB5B99A}] => (Allow) G:\Program Files\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{D0F18CC4-36F6-4522-B5A6-48B505258BDB}] => (Allow) G:\Program Files\Steam\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{1AD6C3E8-BBC6-4208-9B67-38AC749803F1}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CB23E436-D4B8-4C7F-9714-A0887582B96F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29D47672-6A7C-411D-AD91-B6AF02497308}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BA4BCA13-06B6-47E9-90D6-ADE05AB9D9E8}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{653D2318-E61B-4EC0-B636-C5108D804B1D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F02DD4B5-DD1B-49A1-9251-9B9DA83C6597}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CC504881-B5DF-4AEC-84FD-2C1A737BC4D2}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{85D984FD-9C35-4770-8F64-A6B297C0FA48}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0317811A-0A39-48CA-8DC4-B8640DB57708}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DF589EF5-1DC2-412E-B475-7F83BC812FD4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8D96F4D0-EE2C-4249-9BB8-9BBAD4FBC077}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{052294EC-295F-48C7-89DE-ADC6918DB49C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{57DBF4F7-9725-466F-813F-91EDD09B549E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{531E0270-8879-41D5-A247-43623FF0748A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8217DDFD-6EFA-45FA-A62D-B65CF410429B}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.88.exe
FirewallRules: [{D23F7D9F-4CA6-4E52-B4E4-D1E7CAD24888}] => (Allow) C:\Users\Public\Thunder Network\KanKan\Pusher\XmpTipWnd.1.0.0.88.exe
FirewallRules: [{1B8635E4-23E7-4B0A-AAAA-AC90E35A838F}] => (Allow) C:\Users\Public\Thunder Network\Kankan\Pusher\TP\DownloadSDKServer.exe
FirewallRules: [{66C3C4F9-C080-4383-B857-7B6E295A7264}] => (Allow) C:\Users\Public\Thunder Network\Kankan\Pusher\TP\DownloadSDKServer.exe
FirewallRules: [{42EFAA33-D95F-47AF-8C4A-4B4019D0F998}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73FA8FC0-C10B-4D51-A294-5B1B05581BEE}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7E38C23-204C-4900-A076-08B4727F4436}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{59993BEA-D0DF-42FB-8DCA-D9220BE91153}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{477FA91B-BD42-4F5A-AE62-F67DE3F01849}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E1D0281-22F7-4E1D-A115-D14DC6023D20}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CAEA6382-65BD-4D15-8BDD-6050B74A3FD4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1672EFE-3219-4C3D-B8EE-112F83EF806C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F0CC135-E24B-486B-8B3E-101E97128EE3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E186DBB6-5A35-4784-ACAA-69384C24242E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B9E78B3-5A26-452A-9A7F-56B003FEDA7D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{67D7928F-1353-48F1-8D3E-09E0E009BFFA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2F0CF331-86C5-4B0F-8E38-B858600A98B9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{78B08F41-7067-42A3-967D-22C775A4FB5F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C27BD31B-B67B-42C7-9F2C-73C71FF2F410}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B529E4F2-1985-45CE-AB4F-5DE299E4E7B4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B3FE481-3E79-4F16-812F-6FACC2329D19}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{675B49D3-3429-425E-8E6B-5A7027B1427F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CBBE1447-55C9-4FCF-9715-F83947F5667D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{56D8EB71-F15F-4773-81EF-E8A38250C1C3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8ACDA559-EB47-4D27-AF1D-0142BDB6B582}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E465632A-5D8D-469B-BDB3-68570EBCED79}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A51E45D7-1B82-4F6F-AECD-A12D0E9B3A94}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{95754AB7-B328-4C95-BFC8-8C51ABCC4ACA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A83B522B-FB91-4F7B-AD44-47DFA96B0955}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE60F1F7-EB25-4ABB-AE04-5C321B2CFF0A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB6B20F0-0221-4652-A974-11EF40C6291D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DB57B0F1-CAC3-40D1-A7E1-AD3B286DB073}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{45A9860C-FEFA-4A48-805A-2A474CB55FAD}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C88F8EE-5844-44A5-B1FA-152EA8900872}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{15E86AA9-5C61-4115-879C-FD1BDEF42B60}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CEEBEA98-86DC-4C3C-9A42-768D7CD56BD0}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{074419D0-F6F3-4DD8-BDE9-1E91173450DD}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE67BB0C-1530-47ED-8D20-DCC4D82FDB98}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{40B50145-C31B-43C2-8FD7-91C97C3DC903}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EE68C16D-AAB9-4F4F-B0AC-B28F257C337D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BBC9FFBC-9025-474D-B126-732EF5DCE80B}] => (Allow) G:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{07CE4BE5-9109-4DA8-8A49-4A1B30D24D91}] => (Allow) G:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4FB18CB9-1C6A-4B61-B84D-4CBBCCFA9C83}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{44B38084-80F4-4F70-934D-C0E557A5CEB1}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AA59397D-FF5C-4FA4-BC49-95231EBF123F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{18F1607E-01F6-4F4F-B57A-161789F697C9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{90E63203-82E4-44EC-BCB9-ACB5FDEB8A49}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD4F2F87-2748-47D5-80BC-BE728ECD47B7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C87A64B4-03FA-4D84-A2EE-60A0F67FFE96}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{08302F5E-C58A-4516-AD8E-C72D4228F32F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8A6726B6-5B09-41A1-99C0-D39974C3F728}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1DCAD6E-FA98-4641-B2AB-6010C77E1BA7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{297109F2-ED32-4477-9EC2-417F2E7DAC93}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A1B6B0C-E857-4423-A953-213308EB78DD}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0CFA206-F7CF-4F7F-A8E1-2E28C969418B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2277B11E-887D-48CE-89B7-31401F751041}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{87EB36BA-ED29-44A6-92A2-3A82B114722D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C0216D02-A0F5-4CD7-B4B5-9DDF995133EF}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F4F6266-1697-43E0-8E8E-A2F0963C8177}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8C04B5E9-2AD9-4F98-8EF0-DE6BBCD311A6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CEF7DFA9-3A2A-4F38-843C-7A28C5A49FE9}] => (Allow) D:\Program Files\Counter-Strike Online 2\Bin\CounterStrikeOnline2.exe
FirewallRules: [{E91D4B68-8EB8-44EB-875E-F05BE99EF74F}] => (Allow) D:\Program Files\Counter-Strike Online 2\Bin\CounterStrikeOnline2.exe
FirewallRules: [{3237F7C9-EB38-4185-AED0-BA16AC47E439}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B72E4C21-FDC3-46DB-888F-2BD4D8DC8980}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{82811B06-FA83-40A4-9111-FC1636CFCC43}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E43E3419-71DD-4EB5-AD24-33143D05E06F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{668A6298-C9AC-4DF6-A10B-54DBAAF5D766}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1B4E9AD2-E9F8-4FA3-9305-91EA9A91B346}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DD3B1C9B-BC2F-4F83-B3F1-EDCF36BFFF1A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{469DE00D-45A6-47EA-8022-911E53AFDC58}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ECA95E20-87AC-42D6-B81A-2E28DAD26D3A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AA1EC125-BD95-43DA-ADCB-FBF068D1236A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E767D42-721A-44C7-BE69-7BB2AE2B3B71}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C6C1BD4D-5C09-4102-80D7-82F9CFF0054B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27FBD6FC-20AD-47EA-A261-6476D8AB2C04}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{12085B49-979E-4DBC-A2DF-013BAC06EBD3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F98DB08D-1590-4E7E-8C36-F918C2FF8C87}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C10D3135-F5CE-4872-97AC-F4C145B721A4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{030776CB-F7B1-4309-BEA2-80DD943244A3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B0A45C17-5994-4EB7-ABE5-9B813EBA12A5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A346F08E-67DA-4B26-A31A-0B2AD6831786}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E38A392A-3AB7-4563-A390-E88498FF2996}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{712145CC-7290-4103-BEEC-E521C75550E6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{857F54AC-17E1-43FA-B22E-8AD6B7A95D6D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9AA3D9FB-D6C9-4175-A50C-6FDCB4A14EAE}] => (Allow) D:\Program Files\Counter-Strike Online 2\Bin\CounterStrikeOnline2.exe
FirewallRules: [{E286BD0A-768D-4278-A41B-1FB99320F879}] => (Allow) D:\Program Files\Counter-Strike Online 2\Bin\CounterStrikeOnline2.exe
FirewallRules: [{018DBFEA-AC4E-45D6-8982-CF100F081DC5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BBF9AAFF-FC1F-4A41-A791-D5028770A70F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9307CD39-0F9A-4CF0-8E45-DE0D2B3D58DF}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CD3CE915-1717-4D8F-A853-94FCC8881711}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8B4521C-4DA6-4B80-B573-C4588A3837C6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{349ED5C6-E25C-4D25-A07D-0C4D840D006D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{02DD1BBE-38E0-478A-8702-642F00BFF630}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E904618-8061-429C-8C07-D6A56B047D21}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FBBA10D-EEFD-4D41-BCC2-431F2D5BEFCB}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{126BF40A-611A-43C4-9B0A-2726A77033AE}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A257BF2F-7A2D-48BE-9B2D-F47CFC3578C4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1A7A8EEB-A81F-4053-8D4F-D3D9B9BE870D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD572148-C7DC-4F3B-8660-121BDDDA2A38}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0122C2B-059C-412E-9DA3-072774405579}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7862EC62-79E4-438D-ABF9-BC096645C8C8}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F9056980-4599-4D2B-8A4F-6E63C8AFEC84}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2CF909F2-66D9-4589-8EA8-ACF0B98E71A6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7AFBED6-3413-40D3-9A23-84CE62690188}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53D10445-1F93-45CD-8366-26B20B59E773}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{117165D6-2588-4328-B79D-9FE28AE61587}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0274688-3CD9-441E-AB3C-16EF6E13FD87}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{77B88927-0F78-483E-B33D-E352FA90204C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B89DCD81-EB7B-493C-9BCE-DC30DEF2E1F2}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FECC2531-B865-4C13-8A9F-344035DD1E78}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30B52E54-4131-4C04-96A8-85BAD0A27250}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{819B4E97-FEE5-49FC-A7C1-7C1183EF9892}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BEABD62E-B173-4122-9127-4B07C84FE8D5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E1B2A5DE-2902-4941-90CF-F058A95669C5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7E9946C-8522-4BD8-9A46-6CB8671B16B4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0EBDDAE0-2653-4BEE-8B67-E53A4F14531D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D0AA5AEB-D2CA-430B-A745-D345A8A61058}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F6BC021C-47AC-401A-9EDE-F2725E46A0D5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0CD3787C-79FD-4D56-8CF4-BC24EF5B9D1B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{935B1CDC-C1C7-4034-9128-AF91F1280D9B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0F793021-60E2-44B7-AFA1-CD289880A655}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99CE43C6-3294-41A7-A2D9-CC369ED0B095}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D3EA566E-0978-4D9E-A58B-031FB5EB8CDC}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CB3DBB75-766F-45B0-B0F8-AA7AD542A14B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE5E4EC1-12D4-4890-9238-68C94A4053B2}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E55002D-FDC7-4CAE-B383-82317623B9BC}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A6B28D9E-86AE-4741-98F0-40302CBAF0F1}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E775218-7449-4103-A563-343D3D6504F6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35024B51-46D3-4478-9A27-466CA0A207DA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{89A75450-D4FB-433E-B3AB-B742D0389073}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C1FAAAA-B484-4B00-9964-82A8BBF4AAF3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{864F220E-4DDB-477B-89FE-439B8B4FE4DD}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0091CDEC-4E23-433D-A3FD-4C9E74937729}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D655F3FD-86CF-4517-9503-A8A6CF3EB18B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8EC2EC11-F5CD-4ED6-8D19-48098AD6168D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F9365575-5779-4EB9-9905-B9DFCF118926}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C71A1E35-E597-4CB2-AE00-8C32C30E6855}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DA753B01-415A-4FD8-AB3F-C3453FFE14CA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1BA3D913-211B-417C-B6DE-C1E665BB7318}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A2581784-2396-476D-B383-755EB7DFAEA4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{404385CE-52E7-41E0-83F4-5A0002B1A9C9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A43CC94D-99E6-435A-BBE8-A31DF5702B8E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2C89E14D-D3E8-4F7D-8B94-F9B9BFB4DFCA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6FE3A216-D73C-4C13-A5C2-6A31F0F1CCBC}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C9C404E-8DC9-447A-BCB7-85F9082BED00}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D266AAE-9342-4FD2-BB09-DEA11E09A0C7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3CD1BBA3-13F3-401D-8C0F-14B9FB10FF10}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8591891A-6257-4F4C-AFAE-F247C114DA8D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{11DCE99B-8125-4427-919E-A46F79523227}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C61072C5-098F-49F0-A9B0-4950A3847F38}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3390A026-375C-44FC-BFCA-012714F8F5E9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{06D22011-2C21-4587-9472-8115D298D38C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C2601BC-D182-49D4-9776-8059C2607BF4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{957CDE80-3928-4AC1-934C-883A34D2D80C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{52164F2B-182D-49CE-A544-336969509775}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB7B3BEB-0042-4D9D-9339-F71A019796D3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C5617D3-CA91-4808-B06C-DDF645B948DC}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2F2239CA-235B-481D-9712-48E206851029}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7B8E5DFF-949F-4739-B0E7-2AD467639FE2}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{99EE2AA6-5937-4816-9702-AA39D04D2145}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33ECB630-350F-4A01-9415-08E7FA591A11}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{24BB37A8-B0E0-4DD4-BEEE-B32676C643DC}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AA091642-D3F0-456A-B069-54CB254C96FA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D2938951-D818-40B1-ABED-90DAA5FD084F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C44DE30-537C-4288-9328-81DCDB2571D6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{65CE4F63-8D7E-4D51-A374-53812ED21A35}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A012F2E0-4975-4046-A8DC-43DD00BBF454}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ABA0439E-C22D-4676-A8F0-045186625694}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F45E520C-7D4B-4078-AC28-A940E4162B51}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F905AFC-FC80-4874-9312-D547292BD518}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5A6AAA97-CFD0-4303-B1DF-E4B5B9DAFFB8}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A68B166-442A-4889-A6A3-AFD9C8FDC6DA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A6AD8E8D-188F-4F50-ADEF-2B38437F2B19}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B52DD0A-C59E-4FCF-9F94-4BEB84C50853}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5C73EDF5-7B23-4120-A15C-431A2FC82959}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB23F360-CFCB-47AA-8BB0-E8B64AEAD939}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6382F8E6-28AC-4468-8681-1F02CB2B3DA6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AFC6A113-3A37-41EF-A0E6-0508AF3145B4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C404E3A-060B-40C0-87C0-57F0A488821C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CD64F7BA-AD45-4A81-8AFD-AB800CAD6EEF}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7C735C59-AD94-4E10-908F-B440F2B9651E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9F736000-D9E0-4D96-8CC2-CB7AEBCE6D86}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE95F315-5661-4F6B-A41B-DFC40F6F205B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A3E4D712-65B4-423E-867D-C01F015F4B19}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7936A898-291D-4B2B-9547-011F2FC442C3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{37CB0576-ED3D-4B40-B6A9-997F66B15F90}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6907DA13-0613-4179-8B71-770EF531666C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{392D9917-B816-491B-86DE-946542995742}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68F148B9-8918-4F4B-BFBD-E1968F06E0F8}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2C6798C5-DB45-46CE-BB25-63221F03095A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5DF7ABBD-65F7-432A-98DB-BFC434BA393F}] => (Allow) LPort=1542
FirewallRules: [{5B1D240A-445F-49C5-8093-8DDECF8F2413}] => (Allow) LPort=1542
FirewallRules: [{4A073A75-0B06-4E64-A03C-D423CFBDD439}] => (Allow) LPort=53
FirewallRules: [{DA904EE0-FFA0-442E-A162-BDA7D9E24331}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{962E2D75-0987-4B6F-8D99-604543CAA85D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4FF65E7F-67B6-4CD9-8A7B-372064171C91}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6A51E31A-1EA9-4191-82E5-953845DC8C85}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{886AEA45-2D73-4BD9-8729-FA6C759FC8E4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B8ADFF77-5796-4315-A9CC-FBE7FDE466BA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BD50D29B-8CF8-454A-A7FC-3A10FBEED216}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{48729344-D4D0-423C-BCAB-FA5F716448C1}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2639B558-7CC1-404F-9974-B89A7D13BDE6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E5E659CB-AEB3-4146-A92F-9B631B21FCD9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{125F979F-8F8E-47C8-9459-AC0DEA2DE2B9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{83FEE13A-6EF6-4345-B8AD-560A566D243F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E7A456C8-D624-4DC0-A520-62C9760FFC51}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75C2D651-CEC0-46A2-B460-117E3D02478D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A12819D2-76F0-43CC-B68A-E626B7E90B6E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6923C9FA-764F-43EB-BE8B-A677F5A661F7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{373BCBA7-05D2-41C1-B0EF-BEA751EC910E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E8131FE6-FA64-48B5-8D7B-5C0272832923}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1E5F0D06-E8E3-4F5F-AF4C-482DD127015B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{133749D2-BD74-4A4A-982D-F8FD2C265A02}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{16198A0F-740F-4AAB-A3F2-D6B91B1FEF99}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{26A4C401-953E-4C1B-BBB3-C882E4EA0B5E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9D10BD01-1691-46E5-85DC-F9841623C150}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{47BC601A-8938-4479-A9CE-818E129CA942}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{563BB120-AD9A-4370-9E96-E6BB27A91FD4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6DB51CD2-6099-4502-BF0F-FD53391F005A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{76CC154F-0F58-4300-AAAA-A37343A57766}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2BD116B3-A4AE-4725-B23A-2A3B89B7B107}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8BD3E15F-8C64-42DC-B418-58664E62B364}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C3993AE6-3617-40F2-AF2D-D3F0A2E333F0}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{41F7068B-D9F1-43F4-A950-76A92DE6D4BD}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7E32D0DC-976C-4121-ABD7-69CFAD4A3FDD}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0989BA94-FF3E-4D01-9598-589ADB307626}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{498D689D-8208-4361-B34C-C5F6ED594F75}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C0D1885-1083-4375-BADB-7837CF02E2E4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{859AA064-7974-4C54-9BFD-D08B1D9F1CB8}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{228936EC-F854-407D-95CD-E74EBE52FE88}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A39E7DC0-D9C4-4915-9B78-52009250AD51}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{42AF89C2-C4A5-4141-A7A9-D851F65AB384}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{24EC906E-CE40-4E83-8543-590651653DCA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10A5B7E2-D5D8-4A0B-A693-183537FAAAC5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2E49DCBA-5C1D-4D72-A9DC-3CE24CBE75D7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FEC1486B-65A8-43FD-95C3-5495FD4A1A68}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FA7085AA-C2D8-467C-8D46-897D3DB80E85}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5DCEDE14-B2B6-4D06-844B-A5183791D6F9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{14FEFF87-F365-40D9-8AFA-EA524F48C754}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE27349C-C503-4682-A472-99FE0D1C2F8F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E531DCF8-CCEE-4CBD-A039-AB3AB24C8E69}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7069F44-F88B-4223-A00C-B33A1DA16431}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AE1BA232-1272-477D-9BED-504A80C2C063}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6755BCE2-B2E6-442C-BDC7-66FB4A1AC2C9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E34762D6-643D-4B9F-81C1-817771B979D3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{669D7E5B-9EE0-44A8-BFC8-EC5149CF246C}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E7025E6-3439-4085-ADAF-C96E5D91680E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C3C96C38-63E8-4B54-B7A2-C7AB94CFA609}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F69C1508-4D0A-49D7-A19E-5AB2C29A839A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B99BA9FE-92A4-4671-8F98-DC53A3376964}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BC566CD5-E6C8-4E33-9DB2-200674BA5674}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3C93BDEC-F414-4FCF-AE63-040D8A6EB564}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D3749990-733A-47C1-B915-0DA91FEC595D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A8E8F819-DDA7-41F6-87D4-0E1D9B031159}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9016A2F2-58B2-4FD8-A31A-7AFF9D214505}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AD1531E9-7E43-4CCD-8D97-D52A6664D14D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D8733577-29AB-4C30-983B-B2780E5CEEB7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B365438-81F9-406A-8D37-3EED74E9B745}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{489F6263-AE7D-4B25-9A0B-445352A00E4F}] => (Allow) G:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{A0C8628B-C245-40ED-8AA4-D1D7135E52D5}] => (Allow) G:\Program Files\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{FA5234CA-2D16-44B9-8B55-77498957F96E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8EDD2CF6-1780-46D4-AC6A-C4BE41717149}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32511321-2F3C-4DFE-AAF8-CB713217DB01}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B48B7802-DCE8-4F62-878A-C27A71A283A6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4241E332-C10F-455C-9B06-A3847E56A71D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B6CDCCF-33AA-4E49-9095-12BD4912A6AB}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B8ECCD0C-7137-4BCB-9752-A9B71A074EB7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{84B06D4B-933E-4E65-95FE-2869A8C92C1B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E17E0BA-AD13-46DE-9CA5-F712F22E7FB1}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DB4426E4-CD66-4782-B7F3-EE2B708884C7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A452B04E-662B-4514-B8CF-E72248E0AB97}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7A25C3F-0D77-476D-9B5C-AE313F02FA40}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5253B719-D4AA-4545-8FF6-E896FF405B3B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F0801707-1BFA-4E8C-90C7-E787A27E54B3}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{10EA4E6F-07B4-469E-A476-633A03CE120D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{65D87B18-FF5C-435A-99B0-A50BEA42BDD8}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BB0AD4C4-EC05-4204-801C-DB90B0CC710A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B29291B1-1B45-4542-84C1-60C5B652C711}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D9B99879-977F-49C1-B0A9-E79F47110E83}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0BEF6A4A-6E37-4C4C-9DA8-134035B9111F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ABA53EA0-6E0C-4A64-84DD-28439C0C7236}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33D25A43-3BF7-4F83-B0B2-97280C67432E}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09429E6F-6661-4181-8E5C-1167866D5970}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{678CEB99-4227-41AF-8357-22A475B7DFC7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2408A05E-3AE2-4F58-9C9C-4C046D69B3C7}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{300A81CA-7744-4673-A15B-8EDDD9A3CC2F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27247281-837A-41C1-A9A1-D8A6792A1704}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AAADCD2E-4AA9-45FB-8385-42EBEC8B0A9D}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9F106C1-A978-410D-9204-E4FC45F67F2B}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{38FCDD4E-3A23-4153-BA25-34E40DE1ADD9}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8AE843F3-7236-430A-BBCD-F9A4162B9C03}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{484D0ECB-4FF9-45EF-A5DF-91DA37E827EA}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{71844A2F-B0D7-401C-9A16-C3320E393541}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53E2BA26-80FB-4B86-91E0-342A99FBCBFD}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{35B8BC76-4A19-445C-A923-9A230F98D272}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FDC52804-240A-4376-8653-1A1FB9A1B7F1}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{24E904CC-004F-482D-AB38-9AF0CC30A801}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CE9BA81F-B059-46D1-95E5-ABB7081B0BAC}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3089090D-CB0D-4AB9-AE44-351F22B10FFE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C80B65A6-0BF3-4AE0-8F85-7EDE0A312E23}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5DCED952-CA97-4B48-AB2C-F6E71BBFC443}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75B2A2F3-B597-4EF9-A2E2-8759706492DC}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53DE452B-8755-4D57-84AE-3D5B10C41435}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{27D36130-0A21-45A0-8CDE-4255BF8DCF49}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7A9443EC-A209-43D1-977E-4E75E206D1FF}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73B23ABA-0B6B-42C1-A06E-02CDA7DDEE27}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D3A00134-8471-45A0-8B8A-182B17AE5609}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{24DEC199-232B-46F0-A678-445642FD9B17}] => (Allow) G:\Program Files\Steam\steamapps\common\LawBreakers\ShooterGame\Binaries\Win64\LawBreakers.exe
FirewallRules: [{861829D9-556B-45B4-9FEB-14AB181B64B2}] => (Allow) G:\Program Files\Steam\steamapps\common\LawBreakers\ShooterGame\Binaries\Win64\LawBreakers.exe
FirewallRules: [{B8ACA57B-0E47-48AA-A2C7-889215825C8F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB154990-7468-46E7-99A0-618106424CCF}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6C099407-9D54-45C2-9A72-9ADACB6749D4}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DD832366-C8DC-4B36-A83F-ADA823E7E1DB}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DBE45E9B-A6E4-4D4D-983E-C6F595543F6E}] => (Allow) G:\Program Files\Secret World Legends\ClientPatcher.exe
FirewallRules: [{B4B6CB5A-0CBE-499F-AF1F-3FCBFF467D89}] => (Allow) G:\Program Files\Secret World Legends\ClientPatcher.exe
FirewallRules: [{AAB17ADB-5BE0-40D3-9001-CD689C3D6178}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4BB24673-59E9-46FC-9C44-C8DE55D5DA06}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E773AD1C-FD4E-4103-AEFA-45DC1F812FC5}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{000C52A7-A448-4C97-911F-D271D9748ACE}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{678B465C-8587-4DD3-A0C4-51716F0411C0}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BE6BCD5F-E9A2-4486-8E9B-A0B0B7CBBCD1}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A6ACADC-E227-4626-A7BD-DB885B4B83AB}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FEED5C43-9A37-4373-87D2-726EFC21F7F6}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{11533881-EEA5-4A8B-8C34-B8C70998C5E0}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{72E5A046-4157-4B1C-AE9F-623AE298903F}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: TAP-VyprVPN Adapter V9
Description: TAP-VyprVPN Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-VyprVPN Provider V9
Service: tapvyprvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/09/2017 01:43:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\thunder network\Xmp\Program\codecs\lavfilters\lavvideo.dll.Manifest".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/09/2017 01:43:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\thunder network\Xmp\Program\codecs\lavfilters\lavsplitter.dll.Manifest".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/09/2017 01:43:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\thunder network\Xmp\Program\codecs\lavfilters\lavaudio.dll.Manifest".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/09/2017 01:42:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\kuwo\kuwomusic\8.2.0.0_bcs33\bin\lidx.dll".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/07/2017 07:13:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\thunder network\Xmp\Program\codecs\lavfilters\lavvideo.dll.Manifest".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/07/2017 07:13:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\thunder network\Xmp\Program\codecs\lavfilters\lavsplitter.dll.Manifest".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/07/2017 07:13:05 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\thunder network\Xmp\Program\codecs\lavfilters\lavaudio.dll.Manifest".
Dependent Assembly LAVFilters.Dependencies,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/07/2017 07:12:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "d:\program files\kuwo\kuwomusic\8.2.0.0_bcs33\bin\lidx.dll".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/07/2017 05:22:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecretWorldLegendsDX11.exe, version: 1.0.0.0, time stamp: 0x595d6c8c
Faulting module name: Awesomium.dll, version: 1.6.0.4, time stamp: 0x50784c0d
Exception code: 0xc0000005
Fault offset: 0x00853ba3
Faulting process id: 0x1e70
Faulting application start time: 0x01d2f6e14243e554
Faulting application path: G:\Program Files\Secret World Legends\SecretWorldLegendsDX11.exe
Faulting module path: G:\Program Files\Secret World Legends\Awesomium.dll
Report Id: 3e16ff74-62e9-11e7-bb41-00ac03f4da62
 
Error: (07/07/2017 05:22:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecretWorldLegendsDX11.exe, version: 1.0.0.0, time stamp: 0x595d6c8c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x66152d60
Faulting process id: 0x1e70
Faulting application start time: 0x01d2f6e14243e554
Faulting application path: G:\Program Files\Secret World Legends\SecretWorldLegendsDX11.exe
Faulting module path: unknown
Report Id: 3cfa44d4-62e9-11e7-bb41-00ac03f4da62
 
 
System errors:
=============
Error: (07/10/2017 11:03:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 10000 milliseconds: Run the configured recovery program.
 
Error: (07/10/2017 11:03:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (07/10/2017 11:03:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/10/2017 11:03:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (07/10/2017 11:03:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (07/10/2017 11:03:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (07/10/2017 11:03:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 10000 milliseconds: Run the configured recovery program.
 
Error: (07/10/2017 11:03:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
Error: (07/10/2017 11:03:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/10/2017 11:03:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error: 
A generic command executable returned a result that indicates failure.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-23 15:50:16.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Tom Clancy's The Division\BlackBoneDrv7.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-23 15:50:16.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Tom Clancy's The Division\BlackBoneDrv7.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 51%
Total physical RAM: 8152.24 MB
Available physical RAM: 3941.83 MB
Total Virtual: 16302.66 MB
Available Virtual: 11688.74 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:58.5 GB) (Free:11.29 GB) NTFS
Drive d: () (Fixed) (Total:312.5 GB) (Free:16.45 GB) NTFS
Drive e: (SSD) (Fixed) (Total:53.19 GB) (Free:12.53 GB) NTFS
Drive f: (Animation and movie) (Fixed) (Total:312.5 GB) (Free:180.03 GB) NTFS
Drive g: () (Fixed) (Total:306.51 GB) (Free:55.59 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5163B324)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=53.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 5163B32A)
Partition 1: (Not Active) - (Size=312.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=312.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=306.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Thanks in Advance and hope this problem will be solved :)

 

Attached Files

  • Attached File  suck.jpg   107.21KB   0 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 AM

Posted 10 July 2017 - 08:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\...\RunOnce: [QEMcsNwjfm] => C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe [1048064 2017-06-30] ()
SearchScopes: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=79081068_2_oem_dg&ch=33
Toolbar: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} =>  -> No File
ContextMenuHandlers01: [AXmp] -> {8F556DA3-987D-47b0-AA88-EB8D52FE1B99} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
C:\Users\dobleepe\AppData\Local\aBItJJepLe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.

Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
===

Please let me know what problem persists with this computer.

#3 ken1421991

ken1421991
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 10 July 2017 - 09:40 AM

Hi Nasdaq,

 

Thanks for your help.

 

here is my fixlog 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by dobleepe (11-07-2017 00:04:54) Run:1
Running from D:\Download
Loaded Profiles: dobleepe (Available Profiles: dobleepe)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\...\RunOnce: [QEMcsNwjfm] => C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe [1048064 2017-06-30] ()
SearchScopes: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=79081068_2_oem_dg&ch=33
Toolbar: HKU\S-1-5-21-3380425550-2880331113-4268548110-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
ShellIconOverlayIdentifiers: [.XLKKDesktopIcon] -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} =>  -> No File
ContextMenuHandlers01: [AXmp] -> {8F556DA3-987D-47b0-AA88-EB8D52FE1B99} =>  -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
C:\Users\dobleepe\AppData\Local\aBItJJepLe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\dobleepe\AppData\Local\aBItJJepLe\svchost.exe => No running process found
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\QEMcsNwjfm => value removed successfully
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} => key removed successfully
HKLM\Software\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} => key not found. 
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\kuwo => key removed successfully
HKLM\Software\Classes\CLSID\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming => key removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\dobleepe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3380425550-2880331113-4268548110-1000\SOFTWARE\Google\Chrome\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.XLKKDesktopIcon => key removed successfully
HKLM\Software\Classes\CLSID\{4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AXmp => key removed successfully
HKLM\Software\Classes\CLSID\{8F556DA3-987D-47b0-AA88-EB8D52FE1B99} => key not found. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
"C:\Users\dobleepe\AppData\Local\aBItJJepLe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 108070865 B
Java, Flash, Steam htmlcache => 440337292 B
Windows/system/drivers => 139483500 B
Edge => 0 B
Chrome => 529723586 B
Firefox => 297713629 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile32 => 83391 B
LocalService => 132244 B
NetworkService => 299232 B
dobleepe => 487934200 B
 
RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:05:13 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 AM

Posted 10 July 2017 - 09:57 AM

Has the problem been solved?

#5 ken1421991

ken1421991
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 11 July 2017 - 01:33 AM

Yeah I think so, I will monitor this few days and thanks for your help. :)



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:36 AM

Posted 11 July 2017 - 06:52 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users