Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019 Ran by Duplat (09-10-2019 01:47:27) Running from C:\Users\Duplat\Desktop Windows 10 Pro Version 1809 17763.737 (X64) (2018-12-10 06:05:53) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2979426330-1067282791-1430516834-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2979426330-1067282791-1430516834-503 - Limited - Disabled) Duplat (S-1-5-21-2979426330-1067282791-1430516834-1001 - Administrator - Enabled) => C:\Users\Duplat Guest (S-1-5-21-2979426330-1067282791-1430516834-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2979426330-1067282791-1430516834-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe) Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated) AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.0.0.1192 - Advanced Micro Devices, Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.) Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.2.0 - Electronic Arts, Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) AudioSwitch (HKLM-x32\...\AudioSwitch_is1) (Version: 2.2.2.0 - ) Backup and Sync from Google (HKLM\...\{6DBCF61B-9281-4F9F-9022-7177D22B28A4}) (Version: 3.46.7175.2662 - Google, Inc.) Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 9.5.5 - Andrew Sampson) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 77.0.69.132 - Brave Software Inc) Call of Cthulhu (HKLM-x32\...\Call of Cthulhu_is1) (Version: - ) CORSAIR iCUE Software (HKLM-x32\...\{2CF39684-9A16-483E-897B-F92F4D64C2EF}) (Version: 3.20.80 - Corsair) CPUID CPU-Z 1.89 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.89 - CPUID, Inc.) Dauntless (HKLM\...\{03AFDFA7-7A23-41B1-AAC2-3898591127D3}) (Version: 1.00.0000 - Phoenix Labs) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Discord (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Discord) (Version: 0.0.305 - Discord Inc.) Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.5.0.12 - GOG.com) ENE_EHD_HAL (HKLM\...\{B8140D28-2CA7-4F6A-8818-BF093C3F3225}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_HAL (HKLM-x32\...\{06ebd5ee-cb8a-487e-a83c-832dab840571}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden Epic Games Launcher (HKLM-x32\...\{A398FCC0-8E8B-409E-90E9-ACF4671633F2}) (Version: 1.1.183.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fallout 4 GOTY (HKLM\...\Fallout 4 GOTY_is1) (Version: 1.10.82.0 - ) Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft) FileZilla Client 3.45.1 (HKLM-x32\...\FileZilla Client) (Version: 3.45.1 - Tim Kosse) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.) Gamers Club Anti-Cheat 3.0.68 (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\5336d6e5-cfd5-580d-976b-0c07db708c28) (Version: 3.0.68 - Gamers Club Engeneering) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HWiNFO64 Version 6.12 (HKLM\...\HWiNFO64_is1) (Version: 6.12 - Martin Malik - REALiX) i-Menu version 4.3.6 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.6 - AOC) Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation) Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc) Little Misfortune (HKLM\...\SKIDROW - Little Misfortune) (Version: - SKIDROW) Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.4 - Electronic Arts) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11328.20420 - Microsoft Corporation) Microsoft Office 365 ProPlus - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.11328.20420 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation) MiPony 3.0.5 (HKLM-x32\...\MiPony) (Version: 3.0.5 - ) Mozilla Firefox 69.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.2 (x64 en-US)) (Version: 69.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla) MSI Afterburner 4.6.0 (HKLM-x32\...\Afterburner) (Version: 4.6.0 - MSI Co., LTD) MTG Arena (HKLM-x32\...\{72DCA778-E873-42AC-AE1F-B2C14DCBF54C}) (Version: 0.1.1015.0 - Wizards of the Coast) Hidden MTG Arena (HKLM-x32\...\MTG Arena 0.1.1015.0) (Version: 0.1.1015.0 - Wizards of the Coast) NetLimiter 4 (HKLM\...\{D8EB2152-FF07-4BA1-8361-0A64CBCFA58F}) (Version: 4.0.50.0 - Locktime Software) Hidden NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.50.0) (Version: 4.0.50.0 - Locktime Software) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.2 - Notepad++ Team) Nox APP Player (HKLM-x32\...\Nox) (Version: 6.3.0.0 - Duodian Technology Co. Ltd.) NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.11328.20420 - Microsoft Corporation) Hidden Opera Stable 63.0.3368.107 (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\Opera 63.0.3368.107) (Version: 63.0.3368.107 - Opera Software) Origin (HKLM-x32\...\Origin) (Version: 10.5.47.29954 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - ) PUBG Lite (HKLM-x32\...\PUBG Lite_is1) (Version: 1.0.0.6 - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) qBittorrent 4.1.8 (HKLM-x32\...\qBittorrent) (Version: 4.1.8 - The qBittorrent project) Quick CPU (HKLM-x32\...\{41F4C8EE-903D-4EB5-B6EB-75413BF496DE}) (Version: 3.0.1.0 - CoderBag) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8356 - Realtek Semiconductor Corp.) RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.0528.1 - GIGABYTE) RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.4.116 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.2.5 - Rockstar Games) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Twitch (HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) VMR Connect version 1.2.3.0 (HKLM-x32\...\{A3135D26-0857-4E51-A491-B4CEDF9B1A2C}_is1) (Version: 1.2.3.0 - VLC Mobile Remote) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-06-12] (Adobe Systems Incorporated) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-11-20] (Microsoft Corporation) [MS Ad] Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.27.2643.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad] Microsoft People -> C:\Program Files\WindowsApps\Microsoft.People_10.1808.2473.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.89.355.0_x64__mcm4njqhnhss8 [2018-12-28] (Netflix, Inc.) Night Eye -> C:\Program Files\WindowsApps\43069RAZORdeveloper.NightEye_1.9.4.0_neutral__c9kkezg6y739m [2018-12-10] (RAZORdeveloper) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2018-12-13] (Adobe Systems Incorporated) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.177.0_x64__dt26b99r8h8gj [2019-07-14] (Realtek Semiconductor Corp) Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_1.5.4.0_x64__t4vj0pshhgkwm [2019-01-10] (Telegram Messenger LLP) uBlock Origin -> C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-12-10] (Nik Rolls) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{5C4D8D49-A0EE-41E0-98D5-B8E1A2A63328} -> [MEGAsync] => C:\Users\Duplat\Documents\MEGAsync [2019-05-25 08:58] CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2979426330-1067282791-1430516834-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Duplat\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-09-28] (Google LLC -> Google) ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2018-12-31] (Notepad++ -> ) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-09-28] (Google LLC -> Google) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-09-28] (Google LLC -> Google) ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Duplat\AppData\Local\MEGAsync\ShellExtX64.dll [2019-05-13] (Mega Limited -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-05] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.) ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => -> No File ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-04-09 13:40 - 2019-04-09 13:40 - 000015872 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libEGL.DLL 2019-04-09 13:40 - 2019-04-09 13:40 - 002786816 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libGLESv2.dll 2019-09-11 17:04 - 2019-09-11 17:04 - 000204800 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll 2019-09-11 17:02 - 2019-09-11 17:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll 2019-03-05 11:06 - 2019-03-05 11:06 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll 2019-03-05 11:06 - 2019-03-05 11:06 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll 2019-03-05 11:07 - 2019-03-05 11:07 - 000642048 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2019-03-05 11:06 - 2019-03-05 11:06 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2019-03-05 11:06 - 2019-03-05 11:06 - 000364544 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll 2019-09-09 11:29 - 2019-09-09 11:29 - 000057344 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll 2019-09-09 11:30 - 2019-09-09 11:30 - 000074240 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll 2019-09-09 11:30 - 2019-09-09 11:30 - 000368640 _____ () [File not signed] C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll 2018-11-03 00:00 - 2018-04-30 09:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2019-08-13 16:11 - 2019-08-13 16:11 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll 2019-08-19 08:04 - 2019-08-19 08:04 - 001298944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LIBEAY32.dll 2019-08-19 08:04 - 2019-08-19 08:04 - 000281600 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ssleay32.dll 2019-04-09 13:48 - 2019-04-09 13:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qgif.dll 2019-04-10 19:27 - 2019-04-10 19:27 - 000034816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qicns.dll 2019-04-09 13:48 - 2019-04-09 13:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qico.dll 2019-04-09 13:50 - 2019-04-09 13:50 - 000364032 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qjpeg.dll 2019-04-10 19:27 - 2019-04-10 19:27 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qsvg.dll 2019-04-10 19:27 - 2019-04-10 19:27 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtga.dll 2019-04-10 19:27 - 2019-04-10 19:27 - 000331776 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtiff.dll 2019-04-10 19:26 - 2019-04-10 19:26 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwbmp.dll 2019-04-10 19:27 - 2019-04-10 19:27 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwebp.dll 2019-04-09 13:50 - 2019-04-09 13:50 - 001192960 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\platforms\qwindows.dll 2019-04-09 13:42 - 2019-04-09 13:42 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Concurrent.dll 2019-09-11 17:47 - 2019-09-11 17:47 - 005087232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll 2019-04-09 13:44 - 2019-04-09 13:44 - 005353984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Gui.dll 2019-04-10 20:28 - 2019-04-10 20:28 - 000576512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Multimedia.dll 2019-04-09 13:44 - 2019-04-09 13:44 - 001042944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Network.dll 2019-04-10 20:14 - 2019-04-10 20:14 - 003359232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Qml.dll 2019-04-10 20:09 - 2019-04-10 20:09 - 003181056 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Quick.dll 2019-04-10 20:56 - 2019-04-10 20:56 - 000142336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickControls2.dll 2019-04-10 20:55 - 2019-04-10 20:55 - 000849920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickTemplates2.dll 2019-04-10 20:27 - 2019-04-10 20:27 - 000326656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Scxml.dll 2019-04-09 13:42 - 2019-04-09 13:42 - 000156672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Sql.dll 2019-04-10 19:27 - 2019-04-10 19:27 - 000265728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Svg.dll 2019-04-09 13:47 - 2019-04-09 13:47 - 004532224 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Widgets.dll 2019-04-10 20:40 - 2019-04-10 20:40 - 000444416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5WinExtras.dll 2019-04-09 13:41 - 2019-04-09 13:41 - 000147456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Xml.dll 2019-04-10 20:51 - 2019-04-10 20:51 - 000045568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2019-04-10 20:51 - 2019-04-10 20:51 - 000056320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2019-04-10 20:12 - 2019-04-10 20:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick.2\qtquick2plugin.dll 2019-04-10 20:58 - 2019-04-10 20:58 - 000456192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2019-04-10 20:56 - 2019-04-10 20:56 - 000271360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-04-10 20:13 - 2019-04-10 20:13 - 000072192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-04-10 20:56 - 2019-04-10 20:56 - 000260608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2019-04-10 20:12 - 2019-04-10 20:12 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Window.2\windowplugin.dll 2019-04-09 13:49 - 2019-04-09 13:49 - 000122880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\styles\qwindowsvistastyle.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\tracing:? [16] AlternateDataStreams: C:\Users\Duplat\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Duplat\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\Duplat\ntuser.ini:NTV [11626] AlternateDataStreams: C:\Users\Duplat\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Duplat\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394] AlternateDataStreams: C:\Users\Duplat\AppData\Local\Temp:$DATA​ [16] AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2018-04-11 20:38 - 2018-04-11 20:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\ HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Duplat\Desktop\crgo8dzcxh421.jpg DNS Servers: 1.1.1.1 - 1.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: aim_LSService => 2 MSCONFIG\Services: ArcService => 3 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: brave => 2 MSCONFIG\Services: bravem => 3 MSCONFIG\Services: EasyAntiCheat => 3 MSCONFIG\Services: EasyTuneEngineService => 2 MSCONFIG\Services: gadjservice => 2 MSCONFIG\Services: GalaxyClientService => 3 MSCONFIG\Services: GalaxyCommunication => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: OcButtonService => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: prio_svc => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: uncheater_bgl => 3 HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Screen+" HKLM\...\StartupApproved\Run32: => "Discord" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "OnScreen Control" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "TranslucentTB" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Actual Window Manager" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-2979426330-1067282791-1430516834-1001\...\StartupApproved\Run: => "NoxDaemon" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{48EE09A7-D948-4CC4-A816-BC62C71B1CB0}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{51D9CE87-8C30-4EB5-B670-AF73F7671247}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.177\deploy\leagueclient.exe No File FirewallRules: [{ED9EF4D8-A6C7-457D-8CA4-225A0F50F68B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed] FirewallRules: [{BB24F7A6-0733-40F2-95D3-83102AD22D08}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed] FirewallRules: [{6EB5213B-461F-481A-9219-9B9D3CDCF9F2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of Nations\patriots.exe (TODO: ) [File not signed] FirewallRules: [{3CBD165D-6F8F-4324-B7CB-781AB2A58224}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rise of Nations\patriots.exe (TODO: ) [File not signed] FirewallRules: [{389504B4-126F-4F3B-9C26-1E9E927E137B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed] FirewallRules: [{FFB30302-B73C-4E0E-BDE8-FEF7DCCF853A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed] FirewallRules: [{7E58A9E1-2D21-41D6-9FF7-1230FE36ABDD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{77F602BD-D4B5-44E3-AB76-8A00EB81E50A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [UDP Query User{024EC3B3-9BDD-4535-94EC-B87A452A0D4C}D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File FirewallRules: [TCP Query User{66094D79-27F9-4F67-AF33-F3F8638C6F24}D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe No File FirewallRules: [{6878B676-809A-4930-A51E-C665491AED6F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed] FirewallRules: [{2AD5F4FF-DDDA-45A1-A952-53966001937E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate II Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed] FirewallRules: [{126F5A86-0A1E-429C-8826-E09BAD2588C8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed] FirewallRules: [{1A7515D6-4701-451D-AA31-C2046CDE78A1}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed] FirewallRules: [UDP Query User{63BC745F-E429-47CF-BFA8-110AF37ACAA0}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{08045DFF-425A-4289-BAB0-6F2607A1ED16}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.174\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{4B5F68AA-7659-4B5D-8F80-A7FEAA7E22F0}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe No File FirewallRules: [TCP Query User{AA257137-E7B6-4203-8A60-7428172516A6}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe No File FirewallRules: [UDP Query User{EAD35183-9FD6-45B4-8151-FD3C59C822CD}D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe No File FirewallRules: [TCP Query User{CB1511C7-0206-4F1C-B73F-16876542B214}D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base70200\heroesofthestorm_x64.exe No File FirewallRules: [UDP Query User{ABDF02FB-5E2F-4FC0-835D-80FDD3F89EAD}D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe No File FirewallRules: [TCP Query User{9312C455-2B28-4C45-8872-9437B33B911F}D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base69823\heroesofthestorm_x64.exe No File FirewallRules: [{5A02FB9A-9E5D-499A-8A8D-1027BB5FEA60}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{775F7A21-A1DC-4559-8B12-7D896856A205}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [UDP Query User{911B8861-5DA1-40B2-AD8A-966E8AB58A38}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{BCB00455-2925-4A0B-BD3D-6879ECD4117A}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.172\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{5C6A6C9E-963A-4488-B58E-4A982169F96D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{657F2683-FB75-4EA8-A7C6-DE805655988C}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.171\deploy\leagueclient.exe No File FirewallRules: [{A51A2661-6A97-44A6-9690-4AFC2B7D65BD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed] FirewallRules: [{B0C7307A-1CBD-4A43-AEB8-354430098C36}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed] FirewallRules: [{C2759DED-F7F6-4BB7-9C50-28A561949776}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe (Marek Ziemak -> ) FirewallRules: [{9E60AB9B-FF41-4E72-B875-6B8A593AB53D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe (Marek Ziemak -> ) FirewallRules: [{1A386060-A9F3-4F34-A1CB-DE3C4F1EA2A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe () [File not signed] FirewallRules: [{2845A132-29B6-4CEA-9C1D-71253199E11C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Talisman\Talisman.exe () [File not signed] FirewallRules: [{36B5B3AF-8CD1-4255-A810-3650B71FD0DC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed] FirewallRules: [{A88290E8-D045-4EFD-9CE2-92206451CA98}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Shadowrun Returns\Shadowrun.exe () [File not signed] FirewallRules: [{237579F2-F15A-4E57-9541-DA39A6D40AAD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Secret World Legends\ClientPatcher.exe (FUNCOM OSLO AS -> Funcom) FirewallRules: [{66C6D667-344D-4161-88F1-CEAF157ECD4C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Secret World Legends\ClientPatcher.exe (FUNCOM OSLO AS -> Funcom) FirewallRules: [{179CD858-E642-4FB8-92F9-F72273CC5D19}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed] FirewallRules: [{BD2C36D7-ECFA-4BF8-B258-13082B81D645}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed] FirewallRules: [{92A05A35-EFA2-49D9-B4D3-23E3DEC0E057}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{FA854709-E2AB-4F62-90E5-E3DE8A611F6F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed] FirewallRules: [{75A9F823-2B33-4D0E-8426-925236854284}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation) [File not signed] FirewallRules: [{B40134A3-9E88-4A18-961E-24897D245BA9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation) [File not signed] FirewallRules: [{8FF4A0D0-9BF1-4352-A33D-0663E2EC31E7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed] FirewallRules: [{5D222723-DA1F-463E-9526-182CDD131D43}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Risk of Rain\Risk of Rain.exe (Hopoo Games, LLC ) [File not signed] FirewallRules: [{3CEB0939-3848-4EE1-8CFA-58440D17C322}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed] FirewallRules: [{5C09F0BF-080E-4691-818D-E1B68FECEE02}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed] FirewallRules: [{A26CB269-4326-4FFF-A141-347BE18E55E9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe (Zeboyd Games) [File not signed] FirewallRules: [{3FC8FCCD-8BB6-44CF-970B-8EC11DE10474}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Precipice Of Darkness 3\Rainslick3.exe (Zeboyd Games) [File not signed] FirewallRules: [{69088BF2-7F38-479D-9C37-A578452455C7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Magicite\Magicite.exe () [File not signed] FirewallRules: [{B0B0F156-2A3C-4997-B2AE-4586F4C449A2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Magicite\Magicite.exe () [File not signed] FirewallRules: [{46A16DCA-CFCB-493A-AB2E-4E9D3C7DE769}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe () [File not signed] FirewallRules: [{0118B36B-BAFD-4989-93DC-1EB9E9A3BF59}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Monaco\MONACO.exe () [File not signed] FirewallRules: [{FF192F8F-53E9-45D6-BC6F-DE1E6E12589B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games) FirewallRules: [{046ED7E6-16EA-471F-B51C-E41602684FAF}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Metro Last Light Redux\metro.exe (Koch Media GmbH -> 4A Games) FirewallRules: [{8792C873-7BE8-4709-8020-BD0BA205F9D9}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe () [File not signed] FirewallRules: [{6B61F6D2-1A3C-44EE-A259-FAD9D6B729D7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\Detect.exe () [File not signed] FirewallRules: [{7C5A8138-5CB2-4F29-977D-5D3000D3B4E8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe () [File not signed] FirewallRules: [{BB64C97B-CBB2-411E-92E5-5C10BABA341B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\How to Survive\HowToSurvive.exe () [File not signed] FirewallRules: [{5CDE1D0C-D5C5-4383-B052-24B9A27A931D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe No File FirewallRules: [{6A73D46A-5C09-46F1-A4E7-557DB658E61F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\CastlevaniaLoS\bin\CastlevaniaLoSUE.exe No File FirewallRules: [{731B77E5-130D-4EF2-B9AB-6EA9984BE555}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe (Remedy Entertainment Ltd. -> ) FirewallRules: [{3769F95D-4C01-4DE5-8253-60B3C5BC450F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Alan Wake\AlanWake.exe (Remedy Entertainment Ltd. -> ) FirewallRules: [UDP Query User{C9E3D405-5F7A-4463-B181-4AB9DF396258}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{C578BE65-E98E-4ED7-989B-9413FCA968F6}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.170\deploy\leagueclient.exe No File FirewallRules: [{2AC3BBF3-59AA-4EE6-BD73-3C7E7D084115}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts - BioWare) [File not signed] FirewallRules: [{C937EFF5-55B9-4050-AC3C-9873C35A1144}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromeda.exe (Electronic Arts - BioWare) [File not signed] FirewallRules: [{A4A4BC54-B8DF-4F14-A481-DCEBCC417BC9}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed] FirewallRules: [{B461E570-F83B-4A39-8FBE-74362E7DA7F8}] => (Allow) D:\Program Files (x86)\Mass Effect Andromeda\MassEffectAndromedaTrial.exe (Electronic Arts - BioWare) [File not signed] FirewallRules: [{D57180B9-552D-4182-9A8E-EA21BC1B0FC4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed] FirewallRules: [{4AA28276-A5AA-4252-8DC5-239665A76FE0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed] FirewallRules: [{CA004B1D-9D82-4EA9-8D41-A39B2BE77B8C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{252AB6DF-D54F-4023-B67F-567E78C3B8EF}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File FirewallRules: [{E2BCB1F4-AC2A-4D35-B134-8C024B8DDCD1}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{BECB06BA-25D9-4D67-AB3E-3C27CC629CF8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{770FFEC1-8F86-4F1F-A721-85111E94B66F}D:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) D:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [UDP Query User{9D28CFEC-4A05-4DD8-9A0B-FD0EA3286435}D:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Allow) D:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> ) FirewallRules: [{4FE36C4E-D6D5-4D7B-A7C5-1BD34F782D68}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> ) FirewallRules: [{CFC93580-4F12-419E-A9A4-5D60655CC468}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> ) FirewallRules: [{809DBAA9-44BB-4CEE-96C1-203A52033B3C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.) FirewallRules: [{5363911F-7A57-46F4-8BA5-AD22B38F3C3C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.) FirewallRules: [{8F9DFCDB-3A43-4DAE-85A7-D39C28E23C80}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{957D0F26-E4DA-441D-854D-5A885E98649A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1FBD4D2E-FBD1-4496-8F7E-A732FB275963}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D8786D9B-00CE-4077-9B69-99F0414CDE90}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{ED519612-75BA-4296-A51B-984FC5556A09}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B5B2738A-5D97-4992-9AED-96857596BB1F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{4F6B7CF3-F9E6-437A-9DEB-A87EEFD96813}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\SLauncher.exe (Tencent Technology(Shenzhen) Company Limited -> ) FirewallRules: [{68337F8D-33FA-441C-AA2A-6CEFC9F2BAA4}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe No File FirewallRules: [{1DA50655-D338-4D5C-8D69-57057BEF54B7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Remember Me\Binaries\Win32\RememberMe.exe No File FirewallRules: [{CC0FD976-5CCD-4E86-B4CE-EA15DBDB1763}] => (Allow) LPort=9009 FirewallRules: [{E2B70FD8-11A0-482C-99F4-0574F20DF05A}] => (Allow) LPort=9009 FirewallRules: [{2E89958C-AC5C-4729-BD66-91B74331D3D3}] => (Allow) LPort=9009 FirewallRules: [{9D2E2E61-126D-42C5-AE02-173FEE95C2B0}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{EC6CA6D3-2ACE-4B6D-9A47-0D9D62D5D65F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{EDDF1ECE-5D94-4326-B6A1-82A186A006F3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{87687B6B-F8E3-443E-94BB-9CB751570C31}] => (Allow) LPort=9009 FirewallRules: [{4946F1EE-88E0-4786-AC2F-84B89696F55E}] => (Allow) LPort=9009 FirewallRules: [{04414CC0-E465-4FF8-AA48-C223F7B6773E}] => (Allow) LPort=9009 FirewallRules: [{8A5C1187-1155-4D48-B3B5-0ADFB121D367}] => (Allow) LPort=9009 FirewallRules: [{AAF48710-05BF-42D3-B53D-5028A7FA8772}] => (Allow) LPort=9009 FirewallRules: [{6F763511-82FC-4EDB-BB37-9D51E42EBC9F}] => (Allow) LPort=9009 FirewallRules: [{AFB78C3F-B0ED-42BB-9C4D-A1D6A34E00AF}] => (Allow) LPort=9009 FirewallRules: [{E39F510A-08EA-4887-BC11-4046C9044B90}] => (Allow) LPort=9009 FirewallRules: [{B1A42D65-4874-48B9-81BE-E497D9F51990}] => (Allow) LPort=9009 FirewallRules: [{7C1DDFD8-C7AC-4CCB-BB7B-F4AE4822EFB8}] => (Allow) LPort=9009 FirewallRules: [{22DFED0C-AC9B-4E88-829B-6FD1960B0CAA}] => (Allow) LPort=9009 FirewallRules: [{6A8400FA-4192-4DB4-BC2F-8D5B49E2221D}] => (Allow) LPort=9009 FirewallRules: [{0B1BED5C-A7F3-4D29-B5E3-2B9636969664}] => (Allow) LPort=9009 FirewallRules: [{99D9DB0A-53A8-4AA7-9F98-CF41F8B3C411}] => (Allow) LPort=9009 FirewallRules: [{0507CB8B-6C35-4F1A-ACA7-E98BE0E2806D}] => (Allow) LPort=9009 FirewallRules: [{9955FA05-55EF-4B07-B1AE-1E6859992B25}] => (Allow) LPort=9009 FirewallRules: [{00488E9E-3EBF-42DC-BD63-C8FA16BC241B}] => (Allow) LPort=9009 FirewallRules: [{9618C31C-0D73-4563-AAD8-91004E4DCD93}] => (Allow) LPort=9009 FirewallRules: [{16B823F0-65CD-41DA-B651-6E7B7AE2B959}] => (Allow) LPort=9009 FirewallRules: [{74443F33-8DC4-44E7-8395-8EDA40740504}] => (Allow) LPort=9009 FirewallRules: [{F8312CB7-3F18-4B4C-85F6-61E6754B584C}] => (Allow) LPort=9009 FirewallRules: [{1BAF156F-65FC-4A6D-BD5E-826B3119C00A}] => (Allow) LPort=9009 FirewallRules: [{416D088D-2CAB-4E41-A79D-8108988A2EA2}] => (Allow) LPort=9009 FirewallRules: [{B8EAD117-7C88-490D-B76C-941BF578F2EC}] => (Allow) LPort=9009 FirewallRules: [{44B89C3B-9721-4090-B6CC-2214CD716BF7}] => (Allow) LPort=9009 FirewallRules: [{4B78F361-AF8D-4C36-A574-81578BDADB1C}] => (Allow) LPort=9009 FirewallRules: [{45AE23A9-A05A-490D-A003-6D81807B98C3}] => (Allow) LPort=9009 FirewallRules: [{5D0361D5-A309-45EB-9F95-7C5DF28A5F59}] => (Allow) LPort=9009 FirewallRules: [{DD1F0D3E-09DC-42C8-B207-E7DB208F41C5}] => (Allow) LPort=9009 FirewallRules: [{1CA6B0E2-28BB-4334-8055-16F7C254869F}] => (Allow) LPort=9009 FirewallRules: [{2B918E9B-A3B2-445F-B173-97DDF3BDE95C}] => (Allow) LPort=9009 FirewallRules: [{CA4A7291-70CC-4354-9B01-4D88007D3D02}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{C5862EBE-2648-48D0-87D2-03EFE3725B70}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed] FirewallRules: [UDP Query User{6119E4A7-C9F1-4974-A807-6A1C309CAFD8}D:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) D:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed] FirewallRules: [{02735B30-75E6-440B-B692-65C99DC03478}] => (Allow) LPort=9009 FirewallRules: [{7F7E2EBD-2CF1-4A4F-A378-00FB50051AFB}] => (Allow) LPort=9009 FirewallRules: [{AD100F57-1AF8-4881-B115-4B991AB2177D}] => (Allow) LPort=9009 FirewallRules: [{E6852746-E88E-405A-A40E-C4DF74DCE009}] => (Allow) LPort=9009 FirewallRules: [{D7690D02-DBC1-4B96-B9C1-0CC9C8297B1A}] => (Allow) LPort=9009 FirewallRules: [{87774665-37E3-4892-A10F-CFCA4F58D44D}] => (Allow) LPort=9009 FirewallRules: [{28D6206D-737C-4110-AF2F-33E761E2BBA4}] => (Allow) LPort=9009 FirewallRules: [{009ECC04-6D3A-4144-A8A0-1DBA4520A5BE}] => (Allow) LPort=9009 FirewallRules: [{84AD50DF-59AA-433D-A7B8-5FAAA17A0339}] => (Allow) LPort=9009 FirewallRules: [{2267C91F-BD87-46F2-B26D-A04783E61F4D}] => (Allow) LPort=9009 FirewallRules: [{EE100B6D-AE18-4246-B77C-7FF4F9861746}] => (Allow) LPort=9009 FirewallRules: [{409585FD-641F-406D-83E4-C5B5FC110B59}] => (Allow) LPort=9009 FirewallRules: [{A7C56AE0-27FE-43A4-AC76-6F5AAF8756F5}] => (Allow) LPort=9009 FirewallRules: [{490F7E01-C273-4BA2-926E-F90BEBC7B2A9}] => (Allow) LPort=9009 FirewallRules: [{5A13C48C-A378-41D0-8475-1631DB5EAFB0}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{EFC991C9-F605-4020-B4E9-8DC9E96A51EA}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{FA5CA709-1A55-4489-9910-E6FCBB4428D4}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{EB329487-2172-4BE9-ABB5-4ED072C74C7E}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{DB70C80D-65D8-4B47-B7A9-ECDBBCA3B183}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{3E1FFB83-F922-4991-9928-3EAD9FC32C67}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [{6F560A4F-A34E-4130-A0AB-1C7E3E547640}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed] FirewallRules: [TCP Query User{C1128FA0-59A4-487F-9BA1-877A609B159A}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{37923856-069E-4282-8469-71FD2001BB17}D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{3185A879-556A-464C-8D48-21C12A9840F5}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{F9EAC156-57B7-4CC7-B0C0-2F8618EAD81E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.189\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{802DBCEC-68B3-49FD-98A4-9C8597CB570A}D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe] => (Allow) D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe (Epic Games, Inc.) [File not signed] FirewallRules: [UDP Query User{E66C4917-B0E6-4EF8-9F71-8DBE0C684BD7}D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe] => (Allow) D:\program files (x86)\torchlight frontiers_en\frontiers\binaries\win64\frontiers.exe (Epic Games, Inc.) [File not signed] FirewallRules: [TCP Query User{6B908A39-D9A8-4FB9-A611-3C9A238510CF}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{1393D183-A4A6-4867-80E5-0BDE81ABB8D2}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.192\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{7D55F9DF-292A-477E-A65B-A2738693DA32}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File FirewallRules: [UDP Query User{A55F06B1-90DF-4451-8558-C181529C567B}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.193\deploy\leagueclient.exe No File FirewallRules: [TCP Query User{2141CA7F-17B0-4328-9CAE-A1FEF2B271A8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{A35F7A67-BCC4-497D-8F89-7D7F0095F4AD}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{F211D123-5F20-422D-BB65-75578E045647}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{882688C5-1FA6-4338-8C5E-3B630CDC353C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> ) FirewallRules: [{CF252B37-4F48-47E0-9CC2-6649165F74E6}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{48113EAA-67C9-4772-AB9C-100E93FD3E9C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [TCP Query User{6863AF9B-F452-4D3D-A6F1-165102F2123E}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> ) FirewallRules: [UDP Query User{D1DF1264-0A8C-4312-A614-290675E3904D}D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe] => (Allow) D:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.194\deploy\leagueclient.exe (Riot Games, Inc. -> ) FirewallRules: [{92656738-4617-4BA7-9822-C44CDC20CD8D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pandemic Express\Bin\win_x64\PandemicExpress.exe No File FirewallRules: [{F2F0060D-ECBE-436A-A902-8A189D8E6430}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Pandemic Express\Bin\win_x64\PandemicExpress.exe No File FirewallRules: [{2B59489B-C086-40FA-B119-AAA58B3A93D2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe No File FirewallRules: [{D89F5046-9381-46E2-95AE-E22BA22F8A9D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe No File FirewallRules: [TCP Query User{3A73C1F1-ADD1-42F3-8073-DB16654F52AC}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works) FirewallRules: [UDP Query User{5E65FFCA-51A1-4B3E-BC6A-F0E5A34E4636}D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe] => (Allow) D:\program files (x86)\pubglite\client\shadowtrackerextra\binaries\win64\pubglite-win64-shipping.exe (PUBG CORPORATION -> PUBG Works) FirewallRules: [{F3748818-C038-4476-8EED-594BC64A7072}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe (Frontier Developments Ltd) [File not signed] FirewallRules: [{815EB672-817E-4D67-83CA-7CF837ACF337}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe (Frontier Developments Ltd) [File not signed] FirewallRules: [TCP Query User{FB81BAFF-9926-4B5E-8C71-C2274E40D471}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [UDP Query User{ED5BF280-82A6-4689-871A-BAA671D02C5D}D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe No File FirewallRules: [TCP Query User{BA6D6B51-B868-4C73-982E-7C94BB3AF6F8}D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe No File FirewallRules: [UDP Query User{A9BFB6C8-B746-4830-9E54-B2BA512BC117}D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) D:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe No File FirewallRules: [TCP Query User{D9BCD5EB-CBDE-4046-A179-E8062A51CB22}D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed] FirewallRules: [UDP Query User{5BFF66A7-9C1B-4633-80C3-5C6C6EF3E2F2}D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe] => (Allow) D:\gog games\divinity - original sin enhanced edition\shipping\eocapp.exe () [File not signed] FirewallRules: [{774338CE-78DF-4E92-A4FE-BA94C1DAABD4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{6A92BAD2-E852-4516-B096-9C87093882FD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3BF3106C-6B56-4611-9AAF-75669E491FF7}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.) FirewallRules: [{8910EA05-16E6-478D-912D-B1E67C834E23}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation) FirewallRules: [{F0AE905B-5BE9-4D0E-9EC9-9F8A227EF4D0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{B7467F85-6D38-4C45-BD54-6DBC9709A495}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{6EBAEB3B-9327-4440-9014-11217CC0A0CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{C41FC74F-76D3-496E-9593-B9687C8C6157}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [TCP Query User{A2171132-43E4-4859-9C3C-22238241170C}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe (Ubisoft Entertainment -> Ubisoft Entertainment) FirewallRules: [UDP Query User{6F5B7542-9E52-46D1-A76F-F2E592C6BFE6}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3.exe (Ubisoft Entertainment -> Ubisoft Entertainment) FirewallRules: [TCP Query User{D654BAA4-DD25-4514-8BDD-4EBDD3C71C24}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe (Ubisoft Entertainment -> Ubisoft Entertainment) FirewallRules: [UDP Query User{2D0D1DFA-5347-4BD2-8175-71C8783EB500}D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe] => (Allow) D:\program files (x86)\ubisoft\ubisoft game launcher\games\far cry 3\bin\farcry3_d3d11.exe (Ubisoft Entertainment -> Ubisoft Entertainment) FirewallRules: [{95A67440-F63F-432F-9E0E-98624F3231AE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{94F18F66-5FDB-4C8B-AC31-CFCC244FC00C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [TCP Query User{7D7C17E4-8F68-43CE-8385-9ED59F72ECF7}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed] FirewallRules: [UDP Query User{264EFBD2-CC58-4332-AC0F-0AE9184DB11F}C:\program files (x86)\vmr connect\vmrhub.exe] => (Allow) C:\program files (x86)\vmr connect\vmrhub.exe (VLC Mobile Remote) [File not signed] FirewallRules: [TCP Query User{242DFB03-7FA7-409A-9B7E-32F8C3018961}D:\program files (x86)\heroes of newerth\hon.exe] => (Allow) D:\program files (x86)\heroes of newerth\hon.exe No File FirewallRules: [UDP Query User{A808E717-6840-4DAA-97F1-DA48FB531937}D:\program files (x86)\heroes of newerth\hon.exe] => (Allow) D:\program files (x86)\heroes of newerth\hon.exe No File FirewallRules: [{C3A204AD-B983-4975-8CC4-3B98D7CC6328}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH) FirewallRules: [{36C19CFF-DB02-4B2A-A8D0-6561DDF6E1A5}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH) FirewallRules: [{05A7B4FA-153F-47A1-B8C9-B4D52C76AE58}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH) FirewallRules: [{5FD0D9C0-63B9-49F0-8F52-AA7978BFE503}] => (Allow) D:\Program Files\Epic Games\TheCycleAlpha\Prospect\Binaries\Win64\Prospect-Win64-Shipping.exe (YAGER Development GmbH -> YAGER Development GmbH) FirewallRules: [TCP Query User{94EBBAFA-CE2F-482C-BEF2-1338CEB0687F}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe (www.mipony.net -> ) [File not signed] FirewallRules: [UDP Query User{3ADEFA27-50FE-4BEA-8572-C8952728EAF9}C:\program files (x86)\mipony\mipony.exe] => (Allow) C:\program files (x86)\mipony\mipony.exe (www.mipony.net -> ) [File not signed] FirewallRules: [{42F34E8E-831C-45AB-A21F-58EEA284694F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed] FirewallRules: [{97EB6E38-75F3-4AC2-B37A-C6566FA0552C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed] FirewallRules: [{22421E47-F02D-4A04-A9F7-140F5D54819B}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> ) FirewallRules: [{ABBE715B-9E7F-4FE7-BD0D-A0767862F77D}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> ) FirewallRules: [TCP Query User{19D68C8E-D3F2-41ED-8529-DCFA96C1BD6C}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File FirewallRules: [UDP Query User{2A6FEE49-59CC-4ECA-A718-7534A277BF7D}D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) D:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe No File FirewallRules: [{1FEA261F-E5BA-43CE-B3EF-334016D81252}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{6925456E-79C9-412E-B7B4-857BD4656993}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{5A3A50C7-E0CD-4298-A540-38FF40BE42BD}] => (Allow) D:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{C5E483FD-8CDC-4A6A-9B7C-E757606759AA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> ) FirewallRules: [{4928633F-6240-480A-A2A3-D8CD33FE693B}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Underlords\game\bin\win64\underlords.exe (Valve -> ) FirewallRules: [{3FB82226-05E3-4E12-B36E-41BA6A274E63}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed] FirewallRules: [{2391B1D4-4692-4744-8DB9-BC3F6F2215B0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed] FirewallRules: [TCP Query User{6A444315-DB10-4979-994F-6772B5F76059}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project) FirewallRules: [UDP Query User{D68FA08D-D7BC-4706-8312-C6A43039C84C}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project) FirewallRules: [TCP Query User{56694041-2190-4525-8E31-0AE35878F4D3}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project) FirewallRules: [UDP Query User{12195111-69A8-4BDE-80C5-E5ED9C91BCDE}D:\program files\filezilla ftp client\filezilla.exe] => (Allow) D:\program files\filezilla ftp client\filezilla.exe (Tim Kosse -> FileZilla Project) FirewallRules: [{3815C04C-0E05-4357-A9DD-1D5B9281164D}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{E15207E5-D614-402F-9EB1-CB1B5CB916F9}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{63E35652-AA1F-49DA-8075-4B3ADBA87BF1}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [TCP Query User{A8DC18A8-14B3-4F22-8390-EF61C6FA1A99}D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [UDP Query User{FED66F0E-4FBB-4EEA-AE05-518FA6995FF4}D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base76517\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.) FirewallRules: [{B436417E-8817-4F6B-929E-14F2A32E0B0F}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie) FirewallRules: [{E044FC5D-9A63-424E-8308-BEA4562B411C}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie) ==================== Codecs (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] ==================== Restore Points ========================= 02-10-2019 07:06:13 Installed CORSAIR iCUE Software ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/09/2019 01:34:03 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/07/2019 11:21:10 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SkypeApp.exe version 8.34.0.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: cc Start Time: 01d57d5f4de82754 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe Report Id: 8a13237e-d934-4751-bd8d-fd150d45494a Faulting package full name: Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c Faulting package-relative application ID: App Hang type: Quiesce Error: (10/07/2019 07:17:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program SkypeApp.exe version 8.34.0.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 225c Start Time: 01d57d58d8e49435 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe Report Id: bbdd3fdb-232d-45b2-a269-da462a905a17 Faulting package full name: Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c Faulting package-relative application ID: App Hang type: Quiesce Error: (10/07/2019 06:56:32 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/06/2019 08:09:32 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Europa_Client.exe version 0.2.537.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 7bc Start Time: 01d57c9a9d95beae Termination Time: 8 Application Path: D:\Program Files (x86)\Steam\steamapps\common\Ring of Elysium\Xversion\Europa_Client.exe Report Id: 59c12abc-c30a-4d21-85e8-b2dfec261dea Faulting package full name: Faulting package-relative application ID: Hang type: Unknown Error: (10/06/2019 05:29:07 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/05/2019 05:29:22 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/05/2019 01:22:11 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (10/09/2019 01:32:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/09/2019 01:32:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/09/2019 01:29:28 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS) Description: Unable to start a DCOM Server: ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppX0kb1wv51yacfv58jnrprgtyj3c0t775x.mca as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppX9n879r3et3x3b24eqasexpgc3412rn2m.mca Error: (10/09/2019 01:29:19 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS) Description: Unable to start a DCOM Server: AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppXgrtg5zk0qzd58y4kdyd4g0wpzdp7rhmf.mca as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppXj7d2pwbjt1by8j1s5wak729xa46cf4br.mca Error: (10/09/2019 01:28:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (10/09/2019 01:28:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect. Error: (10/08/2019 04:33:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.303.1174.0). Error: (10/08/2019 01:54:57 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-O5SD2IS) Description: Unable to start a DCOM Server: AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r!App.AppXgrtg5zk0qzd58y4kdyd4g0wpzdp7rhmf.mca as Unavailable/Unavailable. The error: "0" Happened while starting this command: "C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe" -ServerName:App.AppXj7d2pwbjt1by8j1s5wak729xa46cf4br.mca Windows Defender: =================================== Date: 2019-10-07 00:32:43.553 Description: Windows Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Name: Trojan:Win32/Tiggre!plock ID: 2147723626 Severity: Severe Category: Trojan Path: file:_C:\WINDOWS\system32\StartupCheckLibrary.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: System Process Name: Unknown Signature Version: AV: 1.303.1042.0, AS: 1.303.1042.0, NIS: 1.303.1042.0 Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2 Date: 2019-10-05 19:30:58.658 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {3C9A005D-01D5-4901-9DB3-79F121EC0EBA} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-10-05 17:05:07.285 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {569D6F41-A00F-48EB-9BC5-68150799A7A6} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-10-05 06:14:00.373 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {90806FF2-5A45-4879-83BB-BD40F3DD15B8} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-10-02 06:25:42.325 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {6C6FAB3B-152A-47B9-BF5F-CB060DAFAABD} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-10-08 04:33:41.839 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.303.1174.0 Previous Signature Version: 1.303.1146.0 Update Source: User Signature Type: AntiSpyware Update Type: Delta Current Engine Version: 1.1.16400.2 Previous Engine Version: 1.1.16400.2 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2019-10-08 04:33:41.839 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: 1.303.1174.0 Previous Signature Version: 1.303.1146.0 Update Source: User Signature Type: AntiVirus Update Type: Delta Current Engine Version: 1.1.16400.2 Previous Engine Version: 1.1.16400.2 Error code: 0x80509004 Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Date: 2019-09-18 20:37:16.753 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1519.0 Update Source: Microsoft Update Server Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80246007 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Date: 2019-09-18 20:00:28.270 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1519.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Date: 2019-09-18 20:00:28.269 Description: Windows Defender Antivirus has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.299.1519.0 Update Source: Microsoft Malware Protection Center Signature Type: AntiSpyware Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16200.1 Error code: 0x80072ee7 Error description: The server name or address could not be resolved CodeIntegrity: =================================== Date: 2019-08-01 14:58:18.127 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-01 14:42:59.895 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-08-01 03:11:50.215 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-31 19:19:14.518 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-31 13:31:21.299 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-31 02:48:24.224 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\mbmiodrvr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-07-09 21:16:32.345 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume1\Program Files\Prio\prio.dll that did not meet the Microsoft signing level requirements. Date: 2019-07-09 17:52:47.092 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\SearchIndexer.exe) attempted to load \Device\HarddiskVolume1\Program Files\Prio\prio.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F42a 07/31/2019 Motherboard: Gigabyte Technology Co., Ltd. AB350-Gaming 3-CF Processor: AMD Ryzen 5 1600X Six-Core Processor Percentage of memory in use: 61% Total physical RAM: 8143.37 MB Available physical RAM: 3100.68 MB Total Virtual: 16143.37 MB Available Virtual: 9223.9 MB ==================== Drives ================================ Drive c: (Local Disk) (Fixed) (Total:930.7 GB) (Free:103.55 GB) NTFS Drive d: (Local Disk) (Fixed) (Total:1862.42 GB) (Free:402.44 GB) NTFS Drive e: () (Fixed) (Total:232.88 GB) (Free:104.49 GB) NTFS \\?\Volume{26c4f6e3-ae76-402e-924e-64c06f594455}\ () (Fixed) (Total:0.81 GB) (Free:0.34 GB) NTFS \\?\Volume{3b8a238f-2f3a-4784-8545-56c16e5e4cfe}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS \\?\Volume{c8899f10-cbea-4cf6-a976-76024a3ea4ac}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 60B170B4) Partition: GPT. ======================================================== Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (Size: 232.9 GB) (Disk ID: A0329484) Partition: GPT. ==================== End of Addition.txt ============================