Tech Support banner

Malware wont go away...

Jump to Latest Follow

Status
Not open for further replies.
1 - 20 of 27 Posts
Panosmad

·
Registered
Joined
·
13 Posts
Discussion Starter #1
I opened and .exe file by mistake and suddenly my pc opened some windows..after I closed them I did a restart to my pc and do a cleanup with malwarebytes..but it doesn't do anything it just finds more and more malware scan after scan...After this I installed Rkill and run and then I did a malwarebytes clean again but the only thing I have now is an Rkill report sheet and a messy pc..please help me😭
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#2
  • If you have a 32 bit system Download FRST to your Desktop.
  • If you have a 64 bit systemDownload FRST64 to your Desktop.
  • If you don't know whether your system is 32 bit or 64 bit, download both. Only one of them will run. That's the one to use.
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#5
Frst must have run because you've attached the Addition.txt log. If that was produced then the FRST.txt log must have been produced as well, and I need to see it, so if you can't post it, then please attach it to your next post.

EDIT ... looks like we cross posted.

Looking over your logs now. This will take some time, and it's 11.30pm where I am, so it will probably be tomorrow morning (my time GMT) before I finish analysing them.
 
Panosmad

·
Registered
Joined
·
13 Posts
Discussion Starter #6
it did run but i cant upload it.I have a link in my previous reply on google drive.
the thing i see when i try to upload it is this:
329453


---fine i will wait untill tommorow,thank you!
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#7
I've spotted something in your logs that may (or may not) indicate that you have rootkit infection on your machine, so to find out whether that is the case or not, I'd like you to do the following ....

  • Download FRST64 to a USB flash drive.

    Do not use the copy of FRST you already have, as it may have been corrupted by your infection.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

  • Right click on Start and select Shutdown or sign out
  • Hold down your Shift key and then click on Restart
  • A Choose an Option window will open ... click on Troubleshoot
  • A Troubleshoot window will open ... click on Advanced options
  • A Advanced options window will open ... click on Command Prompt
  • Your computer will reboot into Recovery Environment.
  • Click on your account, and when prompted enter your password.
  • Once the Command window is open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.
 
Panosmad

·
Registered
Joined
·
13 Posts
Discussion Starter #8
I have a problem,
I plugged in the usb stick downloaded frst64
But
When I open the usb folder it is here and then when I go to cmd after all the steps you show me and try to type e:/frst64.exe it says that it is not recognized as an internal,external command,operable program or batch file.
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#9
You've got to replace the e:/ with the drive letter for your USB, which if you followed the instructions as I've written them you should have determined in the previous section of my last post.

So if your USB drive was for example ... F:/

Then at the command prompt you should have typed .... F:/frst64.exe
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#10 (Edited)
Question .... your logs show remnants of an Avast install, but there is no indication of a complete install being present.

Did you previously use Avast as your AV, and/or do you still have Avast installed as your AV ?

I've finished my initial analysis of your FRST logs now, and there's a number of things that need to be investigated further, and that need attention, but we'll deal with them once I've seen the result of the FRST scan run from Recovery.
 
Panosmad

·
Registered
Joined
·
13 Posts
Discussion Starter #11
I had avast before.Now I'm using windows defender only.

I just tried again to do the steps but I might doing something wrong..

First, in the usb drive I see this:
329468
so that means frst64 is installed.
The drives letter now is "I" as I see.(I saved that in mind)

After I go to cmd and opening notepad I see all the drives,I will say that some of them dont know what exactly are but the thing is that my drive who has the frst64 is named "e"
329469

[G drive is topic drive,i dont know how this translates with more sense.
[C drive is system things,same I dont know how this translates]
So I clicked the x button and went back to cmd.
Then I typed down this:
329470

But nothing happens...
I even did it with the "I" letter I had in mind from before but it says in greek it cant find the current disk drive..

😂
 
Panosmad

·
Registered
Joined
·
13 Posts
Discussion Starter #12
OH GOD
I figured that maybe it was wrong because the name was frst64(1).
And I didn't think it before....
I redownload it.
I just scanned it...
 

Attachments

Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#13
Little things make a big difference when you're booted in Recovery. Glad to see you got the scan to run.

At first glance it does not look like you have a Rootkit present, which is good news, but I'll need to go through the log to make sure there's nothing I've missed, or that is present in this log but not in the one created when booted normally.

I'll get back to you as soon as I've finished.
 
Panosmad

·
Registered
Joined
·
13 Posts
Discussion Starter #14
Okay,just in case it means something:
I downloaded frst64 from the infected pc but right into the usb drive.
(Forgot to mention that)
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#15 (Edited)
OK, lets get started with cleaning your machine. This is just the first stage, where we'll remove some things, and gain more information of a few files and folders I can't find definitive information on.

First ..... please Uninstall the following programs ...

µTorrent
ScrSnap

Next .... please uninstall the following Chrome Extensions ...
CHR Extension: (Chrome Web Store Payments) - C:\Users\Panos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\Panos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-17]
CHR Extension: (d8yI+Hf7rX) - C:\Users\Panos\AppData\Local\Google\Chrome\User Data\Guest Profile\Extensions\lgfbanndjicplpokcjjmngphpibploih [2020-08-03]
CHR Extension: (d8yI+Hf7rX) - C:\Users\Panos\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lgfbanndjicplpokcjjmngphpibploih [2020-08-03]
Click to expand...


www.timeatlas.com

How to Remove Chrome Extensions (Fully) • Productivity Portfolio

Learn how to remove Chrome extensions. Includes reference to Google's Clean Up tool and Microsoft Edge.
www.timeatlas.com www.timeatlas.com


Reboot your computer when they've both been uninstalled to complete the process.

Next ....

  • With your computer booted normally, start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the whole content of the code box below into it (you'll need to scroll down to select it all) don't include the word Code: at the beginning ....
Code: 
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
Hosts:
cmd: ipconfig /flushdns
EmptyTemp:
VirusTotal: C:\Users\Panos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProccessRunt.exe;C:\Program Files (x86)\AMD Wraith\Wraith Prism\Wraith Prism HID.exe;C:\WINDOWS\cPdVutYhOn.exe;C:\WINDOWS\UIAsEdHPgl.exe;C:\WINDOWS\02F2B589B214.sys;C:\Users\Panos\IouNTrAIooe.exe;C:\Program Files (x86)\iouNoa.exe;C:\Program Files (x86)\UUEGOTboIE.exe;C:\Windows\System32\OpenSSH\sshd.exe
C:\Users\Panos\AppData\LocalLow\IGDump\qoxbqqgptclciqcnflesgkedksotqpqr
C:\Users\Panos\AppData\LocalLow\IGDump\eywgtsllzbhafcgscjvsuyvmxqxgfkfm
C:\Users\Panos\AppData\LocalLow\IGDump\wkjmskojtqsgobhvhlfchlxgnxtunmzx
C:\Users\Panos\AppData\LocalLow\IGDump\dcopzwvdtxdliwvfggporimaydaopjsw
C:\Users\Panos\AppData\LocalLow\IGDump\qiayzsdzyxvqyfllcskagyiimjoiupkv
Tcpip\..\Interfaces\{6cadec14-0c64-4280-893a-32ac6f8c8c96}: [NameServer] ,,,116.203.6.218,8.8.8.8
HKU\S-1-5-21-2399734445-400673935-4266989441-1001\...\MountPoints2: {03178d14-ee5b-11e8-9fcc-309c23acabd2} - "E:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-05-18]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
D:\Launcher\RockstarService.exe
S2 AvastWscReporter; "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
C:\Program Files\AVAST Software
S1 asrdmon; \SystemRoot\system32\drivers\asrdmon.sys [X]
C:\Windows\system32\drivers\asrdmon.sys
S1 lxtjgxft; \??\C:\WINDOWS\system32\drivers\lxtjgxft.sys [X]
C:\WINDOWS\system32\drivers\lxtjgxft.sys
Folder: C:\ProgramData\cridw
Folder: C:\Users\Panos\AppData\Local\99bef868
Folder: C:\ProgramData\q2u6s1r2x8u6s1r2x8
Folder: C:\Program Files\PZPNZ5V10V
Folder: C:\ProgramData\PULRQAIBHLGMXYZNXD6C01ES0
Folder: C:\Users\Panos\AppData\Local\ScrSnap
Folder: C:\Program Files (x86)\sqkjz
Folder: C:\Users\Panos\AppData\Roaming\yqi5rrbtp0a
Folder: C:\Users\Panos\AppData\Roaming\fbbjhwe
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File
2020-08-04 01:02 - 2020-08-04 01:02 - 000031744 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\Crypto\Cipher\_AES.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000056832 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\gevent\_gevent_c_greenlet_primitives.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000046592 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\gevent\_gevent_c_hub_local.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000113152 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\gevent\_gevent_c_hub_primitives.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000043008 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\gevent\_gevent_c_ident.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000068608 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\gevent\_gevent_c_waiter.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000197632 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\gevent\_gevent_cgreenlet.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000246272 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\gevent\libev\corecext.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000023040 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\greenlet.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000128512 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\lxml\_elementpath.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 003354624 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\lxml\etree.cp38-win32.pyd
2020-08-04 01:02 - 2020-08-04 01:02 - 000028672 _____ () [File not signed] C:\Users\Panos\AppData\Local\Temp\_MEI108362\zope\interface\_zope_interface_coptimizations.cp38-win32.pyd
FirewallRules: [{FDE14E0C-7867-4E37-98CA-C0349222F876}] => (Allow) c:\users\panos\appdata\local\temp\is-ah62m.tmp\setup.tmp => No File
FirewallRules: [{9F7B7F64-173A-4EDA-ADC6-BAC461EDAA17}] => (Allow) c:\users\panos\appdata\local\temp\is-ah62m.tmp\setup.tmp => No File
FirewallRules: [{06A4D38A-9935-4457-8111-7C2B6A9C69D5}] => (Allow) c:\users\panos\appdata\local\temp\is-jaenv.tmp\setup.tmp => No File
FirewallRules: [{DD2320F5-79E3-4740-A48A-6BD21511A507}] => (Allow) c:\users\panos\appdata\local\temp\is-jaenv.tmp\setup.tmp => No File
FirewallRules: [{43C832D4-5B33-42D7-9837-7459B07A0ABD}] => (Allow) c:\users\panos\appdata\local\temp\is-citu6.tmp\setup.tmp => No File
FirewallRules: [{A2233E82-6AEA-4AAD-8BFE-D2D6FD0B72CB}] => (Allow) c:\users\panos\appdata\local\temp\is-citu6.tmp\setup.tmp => No File
FirewallRules: [{01D8ABE2-4EB7-4521-B996-566C33EF30E3}] => (Allow) c:\users\panos\appdata\local\programs\opera\65.0.3467.62\opera.exe => No File
FirewallRules: [{338935CA-5E24-439B-B7ED-ADC1C826706F}] => (Allow) c:\users\panos\appdata\local\programs\opera\65.0.3467.62\opera.exe => No File
FirewallRules: [{C3F612C4-421C-4DD8-87F6-2174D47709CA}] => (Allow) c:\users\panos\downloads\mbsetup.exe => No File
FirewallRules: [{882C915F-77D2-4597-BC0F-037D9AF46E63}] => (Allow) c:\users\panos\downloads\mbsetup.exe => No File
FirewallRules: [{53B0D0AB-DE9B-4B36-80CF-BA1AE017BB9B}] => (Allow) c:\program files\windowsapps\microsoft.zunemusic_10.19101.10711.0_x64__8wekyb3d8bbwe\music.ui.exe => No File
FirewallRules: [{E0CB4772-176F-44F6-B119-8A6EA1A09E53}] => (Allow) c:\program files\windowsapps\microsoft.zunemusic_10.19101.10711.0_x64__8wekyb3d8bbwe\music.ui.exe => No File
FirewallRules: [{E9A8A459-DA36-4FBD-8504-F99DFA70FD2F}] => (Allow) c:\users\panos\appdata\local\programs\opera\65.0.3467.62\opera_autoupdate.exe => No File
FirewallRules: [{E4071756-9876-4A15-90AC-2093F2EE2776}] => (Allow) c:\users\panos\appdata\local\programs\opera\65.0.3467.62\opera_autoupdate.exe => No File
FirewallRules: [{DEBDE60B-7D16-4F0D-AC28-AED52D08518D}] => (Allow) c:\users\panos\appdata\local\programs\opera\assistant\browser_assistant.exe => No File
FirewallRules: [{7BD9FB58-AEB4-44EC-AB56-5752795BB8D6}] => (Allow) c:\users\panos\appdata\local\programs\opera\assistant\browser_assistant.exe => No File
FirewallRules: [{65262000-B0BA-4C1D-A3F8-5FD3989555E7}] => (Allow) c:\users\panos\appdata\roaming\utorrent\updates\3.5.5_45395\utorrentie.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C51780D0-497A-400A-BC23-C3E1D5D9EAFE}] => (Allow) c:\users\panos\appdata\roaming\utorrent\updates\3.5.5_45395\utorrentie.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8DF5B7C8-62B1-48EB-A8F5-9F5061B0FCA6}] => (Allow) c:\users\panos\appdata\local\temp\qj00ulms.aoj.exe => No File
FirewallRules: [{726A4C02-4F45-4175-9CD3-8623C323FC83}] => (Allow) c:\users\panos\appdata\local\temp\qj00ulms.aoj.exe => No File
FirewallRules: [{C4869D03-5886-4F76-9AB9-E36F43BF9D07}] => (Allow) C:\Users\Panos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5070874A-F2B0-4BAE-A3CE-230623AC3EAC}] => (Allow) C:\Users\Panos\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F1843987-1C81-4605-93FB-9B12B0AA8030}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\sabsi.exe => No File
FirewallRules: [{00694944-DCFE-4A7C-AF95-D2FF0AF185DF}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\sabsi.exe => No File
FirewallRules: [{2CA9A810-6291-49FE-A05C-0F71CE6C5012}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\carrier.exe => No File
FirewallRules: [{F1A21946-14B8-4ED8-8D26-138AFC77C409}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\carrier.exe => No File
FirewallRules: [{B865A5FF-3BC4-4C90-86E3-85B3968C1F41}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\installer.exe => No File
FirewallRules: [{2CB64D66-A63E-44B2-AB4B-D7DB5E21478D}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\installer.exe => No File
FirewallRules: [{22C61FC3-BB0E-4CDF-8E57-DE79855ED5BD}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\genericsetup.exe => No File
FirewallRules: [{354DB818-80F7-4DA1-AF59-BBD9C8B83C69}] => (Allow) c:\users\panos\appdata\local\temp\7zs006eb1ea\genericsetup.exe => No File
FirewallRules: [{AEF5972C-C77A-4F78-9242-E4B4CD0C9C2F}] => (Allow) c:\users\panos\downloads\utorrent_2.2.1.25203.exe => No File
FirewallRules: [{D45739F9-4B4B-42F1-8D41-838EA957AC0C}] => (Allow) c:\users\panos\downloads\utorrent_2.2.1.25203.exe => No File
FirewallRules: [{84B81613-2D8B-4894-9810-157E334773E3}] => (Allow) c:\users\panos\downloads\utorrent_2268705617.exe => No File
FirewallRules: [{919D3553-E2E6-4B33-ABEF-405EB386081B}] => (Allow) c:\users\panos\downloads\utorrent_2268705617.exe => No File
FirewallRules: [{CA5B565C-9FF8-4D96-A3B6-D91897B3153B}] => (Allow) c:\users\panos\appdata\local\temp\7zsc11dd9b8\installer.exe => No File
FirewallRules: [{2B6294A2-F5ED-41E6-A922-C19C4C59E580}] => (Allow) c:\users\panos\appdata\local\temp\7zsc11dd9b8\installer.exe => No File
FirewallRules: [{974A364D-172E-48EB-9ED8-1198D3E166EA}] => (Allow) c:\users\panos\appdata\local\temp\hyd143c.tmp.1575517723_permissionscopy\utorrent.exe => No File
FirewallRules: [{202BD521-7F95-4B26-941C-A4650B34E41F}] => (Allow) c:\users\panos\appdata\local\temp\hyd143c.tmp.1575517723_permissionscopy\utorrent.exe => No File
FirewallRules: [{5C7E8EC8-9A08-48C5-B96A-AEA2D240136C}] => (Allow) c:\users\panos\appdata\local\temp\hydf74d.tmp.1575517716_permissionscopy\utorrent.exe => No File
FirewallRules: [{D52A22B7-860D-46E3-A1A3-3172A0B94523}] => (Allow) c:\users\panos\appdata\local\temp\hydf74d.tmp.1575517716_permissionscopy\utorrent.exe => No File
FirewallRules: [{8D2746DC-7B62-40E9-B475-E228C87CBD84}] => (Allow) c:\users\panos\appdata\roaming\utorrent\updates\updates\3.5.5_45291\utorrentie.exe => No File
FirewallRules: [{5E028290-979C-4534-B467-5738066BF864}] => (Allow) c:\users\panos\appdata\roaming\utorrent\updates\updates\3.5.5_45291\utorrentie.exe => No File
FirewallRules: [{51BB3A5C-3891-4633-874C-BBCA0E2E9F7B}] => (Allow) c:\users\panos\appdata\roaming\utorrent\helper\helper.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{A18BA5AC-3369-48CE-8777-18FD9F72B00A}] => (Allow) c:\users\panos\appdata\roaming\utorrent\helper\helper.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F94D101A-CABB-4967-B2A7-213555E6049C}] => (Allow) c:\users\panos\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [{87FD8973-4DA4-471F-932F-F6556F78995C}] => (Allow) c:\users\panos\appdata\roaming\utorrent\updates\3.5.5_45291.exe => No File
FirewallRules: [{5B739853-92B1-4994-B612-6BC433DFF599}] => (Allow) c:\users\panos\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E720D031-7999-489D-9E5B-159F037FBF37}] => (Allow) c:\users\panos\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0A2E5547-A18A-4A35-B97F-66C96B3B26B6}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.354\7cr.exe => No File
FirewallRules: [{4D8E2EE3-FEC9-44F4-B924-9449371161E8}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.354\7cr.exe => No File
FirewallRules: [{CB182E77-9FF8-493D-9396-E9D1076295C9}] => (Allow) d:\g-menu.exe => No File
FirewallRules: [{607D81AF-EB82-4969-AC8A-5C45DB8B1D23}] => (Allow) d:\g-menu.exe => No File
FirewallRules: [{F389ABB8-177E-4D8C-8B09-939B8486B140}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.19111.85.0_x64__8wekyb3d8bbwe\yourphone.exe => No File
FirewallRules: [{1EFDA806-8446-4489-80A4-EEA6099F89C7}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.19111.85.0_x64__8wekyb3d8bbwe\yourphone.exe => No File
FirewallRules: [{8C63F756-96EE-44A2-9AA2-D7C77A461157}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.1911.3-0\msmpeng.exe => No File
FirewallRules: [{863260E8-12FA-4792-879B-80CF6014B838}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.1911.3-0\msmpeng.exe => No File
FirewallRules: [{5909BA04-5297-4F95-960C-16219F09CD76}] => (Allow) d:\ubisoft game launcher\games\assassin's creed unity\acu.exe => No File
FirewallRules: [{B17579D9-A614-4258-B4C0-FC9BC76C70C9}] => (Allow) d:\ubisoft game launcher\games\assassin's creed unity\acu.exe => No File
FirewallRules: [{06BC0C3C-02C6-4E87-8B3B-829A4BEB4078}] => (Allow) c:\windows\temp\7zs92f0.tmp\webcompanioninstaller.exe => No File
FirewallRules: [{702CB7B7-CAF9-425F-8856-FCB4B0083DF9}] => (Allow) c:\windows\temp\7zs92f0.tmp\webcompanioninstaller.exe => No File
FirewallRules: [{F550CE40-26D6-43F6-8E8E-D5FFD43836F7}] => (Allow) c:\program files (x86)\lavasoft\web companion\application\webcompanioninstaller.exe => No File
FirewallRules: [{E5D29246-2543-4E68-89FB-F8293DB8859D}] => (Allow) c:\program files (x86)\lavasoft\web companion\application\webcompanioninstaller.exe => No File
FirewallRules: [{24EC4EBF-752F-4174-B06A-1A31D1785B93}] => (Allow) c:\users\panos\appdata\local\programs\igdm\igdm.exe (ifedapo olarewaju) [File not signed]
FirewallRules: [{2ADFDE54-F328-4419-A62C-EF7AA5E3DAB1}] => (Allow) c:\users\panos\appdata\local\programs\igdm\igdm.exe (ifedapo olarewaju) [File not signed]
FirewallRules: [{35545E88-D6DA-4723-8A8A-70186750BF4D}] => (Allow) d:\need for speed - payback\needforspeedpayback.exe (Electronic Arts) [File not signed]
FirewallRules: [{D35315E8-8E49-40A8-86A9-897A94383390}] => (Allow) d:\need for speed - payback\needforspeedpayback.exe (Electronic Arts) [File not signed]
FirewallRules: [{3E1407BD-F827-40C7-A704-B36552906046}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{E45AE269-626A-43B7-BD09-1DC2896E0540}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{89C8C683-ADF7-4551-856B-31B8DA02361A}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe\hxcalendarappimm.exe => No File
FirewallRules: [{96DE08EE-9629-43B4-AD31-AEA44A80422A}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe\hxcalendarappimm.exe => No File
FirewallRules: [{A8CA19EF-6187-466F-9C18-9C40A4B08223}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{C30213CF-FA31-4C89-A95A-08294BC322AA}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20276.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{1D443FF0-E69D-492E-9636-09258B15D425}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_3.35.14003.0_x64__8wekyb3d8bbwe\gamebar.exe => No File
FirewallRules: [{E6414CCB-AFFE-4141-A3DE-DAEBED055EC1}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_3.35.14003.0_x64__8wekyb3d8bbwe\gamebar.exe => No File
FirewallRules: [{F69BB2BC-54D4-4B98-B51C-C68671D91BE8}] => (Allow) c:\users\panos\downloads\detection.exe => No File
FirewallRules: [{1333E0F5-59F4-46DA-B312-A8E8A29A2591}] => (Allow) c:\users\panos\downloads\detection.exe => No File
FirewallRules: [{26D4EA17-AB44-43E0-80A3-26A6EFBFACF9}] => (Allow) c:\users\panos\appdata\local\microsoft\onedrive\standaloneupdater\onedrivesetup.exe => No File
FirewallRules: [{A15A2251-1EA4-4E31-9C4E-9803EFA439C6}] => (Allow) c:\users\panos\appdata\local\microsoft\onedrive\standaloneupdater\onedrivesetup.exe => No File
FirewallRules: [{D05F463C-D6BB-4B7F-A218-F42F87AC77C9}] => (Allow) c:\program files (x86)\lavasoft\web companion\application\lavasoft.wcassistant.winservice.exe => No File
FirewallRules: [{1E3C3BEF-84EB-45BA-803C-3FE71D90713F}] => (Allow) c:\program files (x86)\lavasoft\web companion\application\lavasoft.wcassistant.winservice.exe => No File
FirewallRules: [{984DAC92-846F-49F8-A0A9-218902FC13A3}] => (Allow) c:\program files\daemon tools lite\dtagent.exe => No File
FirewallRules: [{647D7B6B-2D98-4874-AF85-CED1CB9DD195}] => (Allow) c:\program files\daemon tools lite\dtagent.exe => No File
FirewallRules: [{8A48B525-9008-4A1B-AF38-53A7DC359BCA}] => (Allow) c:\amd\radeon-software-adrenalin-2019-19.9.2-minimalsetup-190923_64bit\bin64\radeoninstaller.exe => No File
FirewallRules: [{AE48CD2D-34AA-42E5-B918-0D5B436615F9}] => (Allow) c:\amd\radeon-software-adrenalin-2019-19.9.2-minimalsetup-190923_64bit\bin64\radeoninstaller.exe => No File
FirewallRules: [{F36E69E6-B1C5-43B8-BC59-75B74E4F7377}] => (Allow) c:\program files\windowsapps\facebook.317180b0bb486_196.2292.59195.0_x86__8xx8rvfyw5nnt\winuapentry.exe => No File
FirewallRules: [{8C30C7D1-10EE-4B9A-96EC-0F0EDCAFC9A1}] => (Allow) c:\program files\windowsapps\facebook.317180b0bb486_196.2292.59195.0_x86__8xx8rvfyw5nnt\winuapentry.exe => No File
FirewallRules: [{1D13DCEA-CB12-461B-82A2-C1F5E867BF46}] => (Allow) c:\fraps\lolpro 9.23.1.exe => No File
FirewallRules: [{0ABFA132-E0A5-41B6-A517-F5C21C62C457}] => (Allow) c:\fraps\lolpro 9.23.1.exe => No File
FirewallRules: [{A40FBE70-C311-42E9-9389-3862ADF7F79A}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.906\.exe => No File
FirewallRules: [{F9790F54-E88B-4A20-B717-C1EB630920B9}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.906\.exe => No File
FirewallRules: [{0CB71327-669F-49BF-86E3-1B8569175346}] => (Allow) c:\program files\windowsapps\microsoft.mspaint_6.1907.18017.0_x64__8wekyb3d8bbwe\paintstudio.view.exe => No File
FirewallRules: [{31E897A2-C2EB-4E62-9246-B87BB8346E85}] => (Allow) c:\program files\windowsapps\microsoft.mspaint_6.1907.18017.0_x64__8wekyb3d8bbwe\paintstudio.view.exe => No File
FirewallRules: [{E5C63D60-F45C-44C7-94B2-1C3FD1C619BD}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{2EDF1409-0A01-4535-9CF7-65234816F148}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{9B5F645C-F94C-46BF-BDE2-15C03278082A}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.788\2j8p0lf8jd.exe => No File
FirewallRules: [{0292F48B-5167-45FC-A7E0-2010731FE1CF}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.788\2j8p0lf8jd.exe => No File
FirewallRules: [{606BE9BD-3407-466C-88DF-C21912B3C746}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{9E98BFB3-277E-44CD-8CE2-8B6CE90E3BD7}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{8B5788E2-C453-48A8-830D-447C24D6AE9A}] => (Allow) c:\program files\windowsapps\microsoft.microsoftofficehub_18.1910.1283.0_x64__8wekyb3d8bbwe\localbridge.exe => No File
FirewallRules: [{36E4D04C-07B6-487B-8C03-1AF6C21D68E8}] => (Allow) c:\program files\windowsapps\microsoft.microsoftofficehub_18.1910.1283.0_x64__8wekyb3d8bbwe\localbridge.exe => No File
FirewallRules: [{2694BA62-C476-480A-9FD4-528EC1AA11D0}] => (Allow) d:\league of legends\game\league of legends.exe => No File
FirewallRules: [{B506C5D2-6CFD-4B6F-8560-18B5D59258C4}] => (Allow) d:\league of legends\game\league of legends.exe => No File
FirewallRules: [{5E233EDE-E7D3-4FD1-AAC6-010CA1167A27}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.292\diijjo9c22jzu.exe => No File
FirewallRules: [{E5BB5DCA-C68A-4084-9D4B-EA038DFF76A6}] => (Allow) c:\users\panos\appdata\local\temp\rar$exa0.292\diijjo9c22jzu.exe => No File
FirewallRules: [{9A0C0693-3A73-4A59-B51F-BEC58D783CA0}] => (Allow) c:\program files (x86)\microleaves\online application\online application updater.exe => No File
FirewallRules: [{5C2F7F6C-A31A-46B4-81A7-B4F081D318A4}] => (Allow) c:\program files (x86)\microleaves\online application\online application updater.exe => No File
FirewallRules: [{61632B50-8C02-4AE1-AD66-2BA5D234DECB}] => (Allow) c:\program files\amd\cnext\cnext\radeonsettings.exe => No File
FirewallRules: [{E195E091-EA37-49B7-9FC4-9EE9EB8AB799}] => (Allow) c:\program files\amd\cnext\cnext\radeonsettings.exe => No File
FirewallRules: [{A55E5786-7193-4936-8F30-8474E7679F0E}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\microsoft.photos.exe => No File
FirewallRules: [{97D2A285-8F6D-40BB-86D1-2BA62A480399}] => (Allow) c:\program files\windowsapps\microsoft.windows.photos_2019.19071.17920.0_x64__8wekyb3d8bbwe\microsoft.photos.exe => No File
FirewallRules: [{9D1AEC76-06E6-499D-BA4B-28E1BA45E7C4}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{E7C61AF7-B8E6-4A0D-BD23-34925551176F}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\hxoutlook.exe => No File
FirewallRules: [{6E7C2A63-1367-40DA-B4D3-1E061047D37E}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_3.34.15002.0_x64__8wekyb3d8bbwe\gamebar.exe => No File
FirewallRules: [{11039D4B-ED2B-49C9-AE9B-128E86CB3E7B}] => (Allow) c:\program files\windowsapps\microsoft.xboxgamingoverlay_3.34.15002.0_x64__8wekyb3d8bbwe\gamebar.exe => No File
FirewallRules: [{C71D668C-078F-4939-8A17-6E461142AC91}] => (Allow) c:\program files (x86)\lavasoft\web companion\application\webcompanion.exe => No File
FirewallRules: [{3B4B8E9A-C2DB-4B84-8294-B2D08CACAD77}] => (Allow) c:\program files (x86)\lavasoft\web companion\application\webcompanion.exe => No File
FirewallRules: [{7A35C497-DDBC-4392-9DC5-7420CDD5D9D6}] => (Allow) c:\program files\daemon tools lite\discsoftbusservicelite.exe => No File
FirewallRules: [{4CE1D125-091D-4E86-A6F6-1983B5AFAE3F}] => (Allow) c:\program files\daemon tools lite\discsoftbusservicelite.exe => No File
FirewallRules: [{05654EBC-98E9-4C65-AB31-69E202C8874F}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.1910.4-0\msmpeng.exe => No File
FirewallRules: [{D497F598-B470-451B-9887-9900726EF0D1}] => (Allow) c:\programdata\microsoft\windows defender\platform\4.18.1910.4-0\msmpeng.exe => No File
FirewallRules: [{7F359831-9727-41ED-B73A-6FA2BC83EABD}] => (Allow) c:\program files\windowsapps\microsoft.skypeapp_14.54.91.0_x64__kzf8qxf38zg5c\skypeapp.exe => No File
FirewallRules: [{9D312C43-DD3A-4343-86F7-469AA8D10CB6}] => (Allow) c:\program files\windowsapps\microsoft.skypeapp_14.54.91.0_x64__kzf8qxf38zg5c\skypeapp.exe => No File
FirewallRules: [{1CD11BBF-EF2B-43D3-8DEA-EACE549C7635}] => (Allow) c:\program files\windowsapps\microsoft.zunevideo_10.19101.10711.0_x64__8wekyb3d8bbwe\video.ui.exe => No File
FirewallRules: [{5180512D-E3E6-43A6-B157-307A30E38905}] => (Allow) c:\program files\windowsapps\microsoft.zunevideo_10.19101.10711.0_x64__8wekyb3d8bbwe\video.ui.exe => No File
FirewallRules: [{2276FF93-C722-4052-A133-F90E7A37646A}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.19102.525.0_x64__8wekyb3d8bbwe\yourphone.exe => No File
FirewallRules: [{7182683C-597F-47A0-A701-0D685AA743C0}] => (Allow) c:\program files\windowsapps\microsoft.yourphone_1.19102.525.0_x64__8wekyb3d8bbwe\yourphone.exe => No File
FirewallRules: [{0A371B57-997F-499D-9A4C-1A9C09EE09B3}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{B0C7B4B2-193E-401A-BA85-4FB4BE89673B}] => (Allow) c:\program files\windowsapps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe\hxtsr.exe => No File
FirewallRules: [{64337765-7763-4D7A-88D2-5E26492B7742}] => (Allow) d:\league of legends\leagueclientux.exe => No File
FirewallRules: [{CFE985A8-9BC8-49D5-9DF5-9DDBEE9D3C1F}] => (Allow) d:\league of legends\leagueclientux.exe => No File
FirewallRules: [{A51BFBFA-A253-4FE4-85F0-03A0655D01C5}] => (Allow) d:\league of legends\leagueclient.exe => No File
FirewallRules: [{90535615-7AC2-4818-9E1B-0F8A30FCF7AE}] => (Allow) d:\league of legends\leagueclient.exe => No File
FirewallRules: [{535ED633-AF33-46A9-A7C7-F7D029258D37}] => (Allow) d:\origin\originwebhelperservice.exe => No File
FirewallRules: [{83EDC4B0-A0CE-4625-8BFD-B95414187556}] => (Allow) d:\origin\originwebhelperservice.exe => No File
FirewallRules: [{D765331A-05D7-4443-9C97-09A6CEFB795B}] => (Allow) c:\program files (x86)\microleaves\online application\version 2.6.0\online-guardian.exe => No File
FirewallRules: [{7779E30B-FFC5-4EC9-B458-AE1FC8F20CFB}] => (Allow) c:\program files (x86)\microleaves\online application\version 2.6.0\online-guardian.exe => No File
FirewallRules: [{7551FF93-C548-4C1A-BD11-AC5FA5487EC3}] => (Allow) d:\glasswire\gwctlsrv.exe => No File
FirewallRules: [{2EEFDCF2-C69B-41AA-9373-B82A2F907EEE}] => (Allow) d:\glasswire\gwctlsrv.exe => No File
FirewallRules: [{D9D73934-1F79-4BF2-A459-7A6740B87236}] => (Allow) D:\GlassWire\GWCtlSrv.exe => No File
FirewallRules: [{6BB4730A-E912-45B7-9476-9A187AEAAAA9}] => (Allow) D:\GlassWire\GWCtlSrv.exe => No File
FirewallRules: [UDP Query User{C8D5B586-4180-4578-9B3F-34CFE948796C}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe => No File
FirewallRules: [TCP Query User{E3C72677-4018-470E-8C5F-AA4740CCE011}D:\league of legends\game\league of legends.exe] => (Allow) D:\league of legends\game\league of legends.exe => No File
FirewallRules: [UDP Query User{953AB671-D374-4294-88DB-BCAF134D40C6}D:\assassin's creed - chronicles\india\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed - chronicles\india\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [TCP Query User{543453CC-C8AA-4EE7-B849-A853C2C7A14B}D:\assassin's creed - chronicles\india\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed - chronicles\india\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [UDP Query User{88AE6815-B2A1-4987-BA91-AAE12EEB53D0}D:\assassin's creed - chronicles\china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed - chronicles\china\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [TCP Query User{A288DE41-8591-4EE1-A25B-569D22B0C0EB}D:\assassin's creed - chronicles\china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed - chronicles\china\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [UDP Query User{530E8232-A82C-4D96-95B2-09D044DEACAB}D:\assassin's creed chronicles - trilogy\india\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed chronicles - trilogy\india\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [TCP Query User{1BC1E046-BAE7-41CB-824B-93224A66A19D}D:\assassin's creed chronicles - trilogy\india\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed chronicles - trilogy\india\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [UDP Query User{A076A671-B49B-4AD9-B557-BD287E1EEE17}D:\assassin's creed chronicles - trilogy\russia\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed chronicles - trilogy\russia\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [TCP Query User{CB992FAF-8317-4B61-8D1D-AE25FB080597}D:\assassin's creed chronicles - trilogy\russia\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed chronicles - trilogy\russia\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [UDP Query User{9A257749-029F-42F8-AE94-D464FD673A28}D:\assassin's creed chronicles - trilogy\china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed chronicles - trilogy\china\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [TCP Query User{04FBA9F5-1C7A-4454-9B60-418006731E87}D:\assassin's creed chronicles - trilogy\china\binaries\win32\accgame-win32-shipping.exe] => (Allow) D:\assassin's creed chronicles - trilogy\china\binaries\win32\accgame-win32-shipping.exe => No File
FirewallRules: [{90C731A3-F84B-441F-936A-B07C3392CC25}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{EE388030-FF8A-45C4-83B2-7E75FEC52817}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe => No File
FirewallRules: [{B527B352-9D97-4E8B-BE66-87795C365ADA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{06A127E3-CB5D-4CB6-94EC-42CB5733E164}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe => No File
FirewallRules: [{B6B49DA4-0EDB-4F70-B709-64522838631D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{66D7E53F-5B8D-4502-A97B-840BFEDFD7CA}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe => No File
FirewallRules: [TCP Query User{00F6017B-3A01-445C-ADD4-D97EB7F726E1}D:\warthunder\launcher.exe] => (Allow) D:\warthunder\launcher.exe => No File
FirewallRules: [UDP Query User{3D48C171-61C8-4280-AC9A-047FA49672B3}D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{C132B04E-BB3F-441C-8E00-012E706F4BF0}D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{FB807F16-4DC0-4779-A74B-96A1581B15B7}D:\teamviewer\teamviewer.exe] => (Allow) D:\teamviewer\teamviewer.exe => No File
FirewallRules: [TCP Query User{3CC47A9E-A2E6-430A-A6EA-2F62584FFE39}D:\teamviewer\teamviewer.exe] => (Allow) D:\teamviewer\teamviewer.exe => No File
FirewallRules: [UDP Query User{0C6760B3-D971-4A38-B1E4-C615F20FA4FB}D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{26526886-1D76-461F-B8F7-EECE28B3132C}D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{69971BC7-73DB-440B-81AA-F9F8733E5117}D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{2BCF2D77-ABD6-4BF4-8048-1B71346F5C3A}D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{F480E343-D2C9-4CD6-A46A-252D6E557145}D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{7958B4EE-C7A5-4C80-847B-12A1AC7691EE}D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{BB01B0C4-1D5A-4DE9-AC96-7845B5C6FC85}D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{14DF014D-4032-4EB2-92E5-85A72BD35B42}D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{018CF957-81AA-4C07-95FB-3A9849325C43}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe => No File
FirewallRules: [TCP Query User{CD8D678B-EEDF-47D0-92AD-295658FE9D79}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe => No File
FirewallRules: [UDP Query User{03AE9ED0-36DB-4B1F-B1ED-DC8525D2CD85}D:\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{2EBF1EFA-08B9-4859-AEF6-F6D3E13E800A}D:\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{96BD8523-8234-4512-8DB2-C2CA592F2FB5}D:\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{7A10D79B-B0B4-4100-93A0-B00BA11A6ED5}D:\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.191\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{51464F87-03E3-4766-9F56-00F785858D2E}D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{A0CCC4C1-BF6B-41B9-BFB5-5CCB18A89BD6}D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.190\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{711AE9EC-6C3B-468C-AF8F-452CDE0DA624}D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{4D3234C3-FEE8-4593-B544-7EB7974AB761}D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe => No File
FirewallRules: [{2FE8C231-19DE-4E64-ADCB-7E9FF99AFA14}] => (Allow) D:\dirt3_game.exe => No File
FirewallRules: [{285739A0-D911-4114-9416-6075CFC0FE60}] => (Allow) D:\dirt3_game.exe => No File
FirewallRules: [{A75D292F-194B-4294-ADF9-7E21F74D8782}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe => No File
FirewallRules: [UDP Query User{C53AE727-A3B6-424A-9228-83AA7300B9E3}D:\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{FF16ADB1-A390-4EF1-BB2E-298BE3470B03}D:\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.188\deploy\leagueclient.exe => No File
FirewallRules: [{A206DA29-0EB0-4D67-9005-62C6D2768A7F}] => (Allow) C:\Program Files (x86)\UUEGOTboIE.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{FA7FC5E6-91C8-49A9-AB19-933753C4AE25}] => (Allow) C:\Users\Panos\IouNTrAIooe.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{9169D2C9-38A4-49A0-8A3A-D9EE2A347510}D:\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{4E270234-9253-4408-9BE2-4D764E2AA079}D:\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.187\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{753F0871-7468-4A7E-8457-EA27FBFEEE07}D:\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{40CEE524-84DE-45CC-88AB-EBAC7AC462C3}D:\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.186\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{EFEFF825-BB2D-41D1-B0A2-3D5888D35641}D:\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{5C8C8E2F-99D6-4B4D-9402-60DB18B07ED1}D:\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.185\deploy\leagueclient.exe => No File
FirewallRules: [UDP Query User{A388CC35-6D1F-4365-908A-5DDBCA0C2C3D}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe => No File
FirewallRules: [TCP Query User{D0098E8D-0363-4357-AD5E-798ADAD57A2B}D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe] => (Allow) D:\league of legends\rads\projects\league_client\releases\0.0.0.184\deploy\leagueclient.exe => No File
FirewallRules: [{010BE306-9B61-4BB4-8429-56368B92C81D}] => (Allow) LPort=26789
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#16
Okay,just in case it means something:
I downloaded frst64 from the infected pc but right into the usb drive.
(Forgot to mention that)
Click to expand...
Yes, it does make a difference. I should have told you to download FRST onto a USB using a non-infected machine.

However, for the time being I don't think we need to run another scan from Recovery, lets just run the "fix" I just gave you (in the post above this one), and see where that takes us.
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#18
OK, still stuff to do ......

First ....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it (don't include Code:) ....
Code: 
C:\Users\Panos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProccessRunt.exe
C:\WINDOWS\02F2B589B214.sys
C:\ProgramData\cridw
C:\Users\Panos\AppData\Local\99bef868
C:\ProgramData\q2u6s1r2x8u6s1r2x8
C:\Program Files\PZPNZ5V10V
C:\ProgramData\PULRQAIBHLGMXYZNXD6C01ES0
C:\Program Files (x86)\sqkjz
C:\Users\Panos\AppData\Roaming\yqi5rrbtp0a
C:\Users\Panos\AppData\Roaming\fbbjhwe
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ...

Please run a scan with ADWCleaner

Download AdwCleaner and save it to your desktop. If you already have a copy (and from your log it appears you have) then please download a new clean copy and use that.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

Next ....

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
 
Gary R

·
Moderator , Security Team
Joined
·
1,049 Posts
#19
OK, still stuff to do ......

First ....

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press Ctrl+y (Ctrl and y keys at the same time)
  • A blank randomly named .txt Notepad file will open.
  • Copy and paste the following into it ... don't include Code: ....
Code: 
C:\Users\Panos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ProccessRunt.exe
C:\WINDOWS\02F2B589B214.sys
C:\ProgramData\cridw
C:\Users\Panos\AppData\Local\99bef868
C:\ProgramData\q2u6s1r2x8u6s1r2x8
C:\Program Files\PZPNZ5V10V
C:\ProgramData\PULRQAIBHLGMXYZNXD6C01ES0
C:\Program Files (x86)\sqkjz
C:\Users\Panos\AppData\Roaming\yqi5rrbtp0a
C:\Users\Panos\AppData\Roaming\fbbjhwe
  • Press Ctrl+s to save fixlist.txt
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log
Next ...

Please run a scan with ADWCleaner

Download AdwCleaner and save it to your desktop. If you already have a copy (and from your log it appears you have) then please download a new clean copy and use that.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
 
Panosmad

·
Registered
Joined
·
13 Posts
Discussion Starter #20 (Edited)
in frst it is not responding after i click fix
it takes about 10min and i closed it. i did it again and the same result..
it stops responding 2-3 secs after i click fix.
(i have chrome open does it matter?)


*an hour up and still not responding or closing even with task manager.
 
1 - 20 of 27 Posts
Status
Not open for further replies.
About this Discussion
26 Replies
2 Participants
Last post:
Gary R
Tech Support
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Recommended Communities
Community avatar for Overclocking
Overclocking
590K+ members
Community avatar for AVS Forum
AVS Forum
1M+ members
Community avatar for Volvo XC100 Forum
Volvo XC100 Forum
NEW!
30+ members
Top