This topic is locked
Hi,
The issue started on 20th March 2021, when I opened on a 350 mb video file that I had downloaded, which turned out to be not a .mkv file but a .scr file and launched certain processes. I was immediately able to use task manager to cancel the process. The file had made copies of itself in various locations, but I was able to do a windows search of recent files above a certain size and able to delete all copies of this particular file with the exact same size.
However, since then, the windows explorer window keeps on opening every 5-10 minutes. If my computer is left on overnight, then in the morning there are 50-100 instances of windows explorer. I have not been able to find a "process" in any of the task manager bars which is linked to a .exe file which is created after 20th March and hence may be responsible for this. So essentially, I do not know what is causing this explorer to be opened (perhaps like a scheduled task?)
Anyway, here are the logs needed.
---------------------------------FRST.txt----------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
Ran by Abhishek (administrator) on RECCANEWPC (24-06-2021 12:13:33)
Running from F:\Downloads
Loaded Profiles: Abhishek
Platform: Windows 10 Pro Version 1709 16299.214 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Code Sector -> Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Discord Inc. -> Discord Inc.) C:\Users\Abhishek\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\125.4.3474\QtWebEngineProcess.exe <3>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google Inc -> ) [File not signed] [File is in use] C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel® INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [4922184 2016-10-02] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [Windows32svc] => C:\Windows\Temp\win32sc.exe <==== ATTENTION
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8167200 2021-06-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-07-03] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [Discord] => C:\Users\Abhishek\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [EpicGamesLauncher] => D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32894024 2021-02-13] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Abhishek\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-09-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [GoogleChromeAutoLaunch_5B35183588D233BF8332B28DA00A5D9B] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\MountPoints2: E - "E:\setup.exe"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\MountPoints2: {110a92f3-ad70-11e8-a990-88d7f6c73614} - "G:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\MountPoints2: {18d814c6-a02b-11e8-a98e-88d7f6c73614} - "H:\OnePlus_setup.exe" /s
HKLM\...\Print\Monitors\IppMon: C:\Windows\system32\IPPMon.dll [226816 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\terran.exe: [{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb] -> alpha_centauri
HKLM\Software\...\AppCompatFlags\Custom\terranx.exe: [{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb] -> alien_crossfire
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb [2012-11-14]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fe81cd48-2ed2-4e7d-886c-b65767350095}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb [2012-11-14]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-23] (Google LLC -> Google LLC)
Startup: C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-09-09]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Open Source Developer, Birunthan Mohanathas -> Rainmeter)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09800C35-A5C4-4971-BAF7-66C6F7349EFB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0C69F404-FC5B-43DB-9123-B79D52D91693} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0D5BDC23-3D33-4A96-A803-CEB68519422B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FB9CF9E-E99D-4BF2-8924-2489BE926E5A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {10AC88C5-8E1E-4BCB-8207-AA4159B65425} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2B1FEFDD-262B-4808-88C8-55BF3C595EBD} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {312199CC-FD8B-4866-9612-5B1A91704225} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118104 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {334C7998-4221-450D-92D8-057B234ED895} - System32\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001 => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupload.exe [31320 2021-05-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3CAB35B7-1B33-4A4D-84FE-F54CF8788823} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3E8337F4-9287-4933-BA2E-2223A0F40007} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-26] (Google Inc -> Google Inc.)
Task: {3F620CBE-C0D3-4C50-9D3E-AB34F5298CDD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {46D0D251-06EF-446D-AA50-6959B13E593E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {510710C3-60F3-4AC1-9713-ED25305591B4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [471888 2021-03-08] (Microsoft Windows -> Microsoft Corporation)
Task: {53ECF6D0-8578-4E63-9304-BF1B928A24CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118104 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A860373-5D20-4285-ACEE-268DC7F9B8FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {5CC8F03E-A993-4C59-9D1A-765D4F487E3D} - \WindowsUpdate -> No File <==== ATTENTION
Task: {5E768443-4ADF-491F-880F-D68621694AA7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [471888 2021-03-08] (Microsoft Windows -> Microsoft Corporation)
Task: {5FF9E686-71FA-4C77-B113-E61E3C0764F9} - System32\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001 => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupdate.exe [31320 2021-05-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6A19F8D4-C473-48E9-A00C-060B076C50A1} - System32\Tasks\SS3Svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe [794624 2017-04-12] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {6E572112-109A-4AEB-80D7-3EB2A0E85B17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-26] (Google Inc -> Google Inc.)
Task: {8117D700-9F53-4316-94C1-87AC169A6160} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8EBDEA99-3CD2-49B6-8047-3E3FE137B774} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {90F0F33B-B785-49B3-9A03-4EB358BCC825} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {94B5A039-0F88-4856-8DE4-C24F4D440313} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {A356F776-8C4E-4F41-A84C-60DB31E2E479} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A486F0D2-32D2-4F48-8C02-15579A57593F} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1216512 2017-04-12] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {B10942B1-7C7A-4599-AD4C-5E8CF4D2AAE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {B2873486-983D-48CB-A124-6DA151B4D3FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3953096 2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {B381B4B4-67CB-4399-8A86-B95387696FAF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0617149-E37A-47B9-A68C-35D2EB8317C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C485429B-13D0-4170-9574-76917C0BF87D} - System32\Tasks\Firefox Default Browser Agent DF72D75C999415D6 => C:\Users\Abhishek\AppData\Roaming\iiagbru [3485392 2018-01-01] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Task: {C7D6A2C9-5FBC-4806-BEBE-9192932A85E8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CAB9CC3E-286D-4EDC-9308-1F8269D77E87} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CE00F1F0-4A28-4C92-B545-F1207F531E4F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D39F9F7C-A8BF-4359-970E-140DE7890377} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {D40B446C-3541-4F98-86C4-B156FB25AD4A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {EF91CCCC-9C0E-405E-B74C-BFADDAED302F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3953096 2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001.job => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001.job => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 1.1.1.1 coin-hive.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2a80d19b-769f-48ae-90f6-1ee6054faf73}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2a80d19b-769f-48ae-90f6-1ee6054faf73}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{42624213-a3a1-4b1a-93a7-f40566b26a6a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{c7331699-fd02-4ce3-bd67-bbc7385ba290}: [DhcpNameServer] 192.168.42.129
Edge:
=======
DownloadDir: F:\Downloads
Edge Notifications: HKU\S-1-5-21-1421928017-2934188180-441290238-1001 -> hxxps://www.facebook.com
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default [2021-06-24]
CHR Notifications: Default -> hxxps://boardgamearena.com; hxxps://dineout.lightning.force.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-26]
CHR Extension: (Pushbullet) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-24]
CHR Extension: (Tabs Outliner) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2021-04-08]
CHR Extension: (Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (What To Watch) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbodlmbchgeoifgoblfdagllijdhmae [2021-02-05]
CHR Extension: (Black metallic theme) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbhhihkiaeeioepkklgfpdohnemkjcoi [2018-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-17]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-24]
CHR Extension: (Cisco Webex Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-06-11]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2019-11-25]
CHR Extension: (LinkedIn Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajfmicibjppdgbjfkpdikfjcflabpk [2021-02-05]
CHR Extension: (Save to Pocket) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-13]
CHR Extension: (Google Meet Volume Control) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbnlgonoekhmldnihfdpakhhjhmdkbd [2021-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (The Marvellous Suspender) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\noogafoofpebimajpfpamcfhoaifemoa [2021-04-03]
CHR Extension: (TV Show Tracker) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeeaimdpifhphdgoflgeddbigpgmnnjn [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-06]
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-21]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] (ASUSTeK Computer Inc. -> )
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-06-19] (Dropbox, Inc -> Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-07-03] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-12-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-21] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2509616 2020-06-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3460912 2020-06-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-11-18] (ASUSTeK Computer Inc. -> )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-10-15] (Disc Soft Ltd -> Disc Soft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-07] (Malwarebytes Inc -> Malwarebytes)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-30] (SOKNO S.R.L. -> Almico Software)
R1 SPVDPort; C:\WINDOWS\System32\drivers\spvdbus.sys [99768 2016-10-02] (SOFTPERFECT PTY. LTD. -> )
R2 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [248760 2016-10-02] (SOFTPERFECT PTY. LTD. -> )
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Windows -> Microsoft Corporation)
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-24 07:57 - 2021-06-24 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-06-21 23:59 - 2021-06-21 23:59 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2021-06-21 23:59 - 2021-06-21 23:59 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2021-06-21 13:23 - 2021-06-21 14:01 - 000000000 ___HD C:\$WINDOWS.~BT
2021-06-21 12:53 - 2021-06-21 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect Legendary Edition
2021-06-19 19:25 - 2021-06-19 19:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-06-19 19:25 - 2021-06-19 19:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-06-19 19:25 - 2021-06-19 19:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-06-19 19:25 - 2021-06-19 19:25 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-06-18 07:51 - 2021-06-18 07:51 - 000000000 ____D C:\Users\Abhishek\AppData\LocalLow\Free Lives
2021-06-08 08:14 - 2021-06-08 08:14 - 000000000 ____D C:\Users\Abhishek\AppData\LocalLow\Beetlewing
2021-06-06 10:32 - 2021-06-06 12:00 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Gears5
2021-06-06 10:31 - 2021-06-06 10:31 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-05-27 11:45 - 2021-05-27 11:45 - 000067948 __RSH C:\ProgramData\ntuser.pol
2021-05-27 11:44 - 2021-05-27 12:41 - 000000000 ____D C:\ProgramData\TEMP
2021-05-27 11:44 - 2021-05-27 12:41 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2021-05-27 11:44 - 2021-05-27 11:44 - 000001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster.lnk
2021-05-26 04:13 - 2021-06-07 04:12 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-06-24 12:13 - 2021-03-21 17:15 - 000000000 ____D C:\FRST
2021-06-24 12:04 - 2017-08-26 14:05 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-24 12:01 - 2017-12-01 06:20 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Packages
2021-06-24 11:51 - 2017-08-26 18:35 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\TeraCopy
2021-06-24 11:49 - 2017-09-27 22:57 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\discord
2021-06-24 11:49 - 2017-09-27 22:57 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Discord
2021-06-24 10:04 - 2019-12-19 23:35 - 000000000 ____D C:\Program Files\CCleaner
2021-06-24 09:01 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2021-06-24 07:57 - 2017-08-26 14:49 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-06-24 07:50 - 2017-09-06 23:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-06-24 07:49 - 2017-12-01 06:23 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-06-24 07:49 - 2017-12-01 06:23 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-06-24 07:49 - 2017-08-26 14:49 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-06-24 07:49 - 2017-08-26 14:49 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-06-23 22:03 - 2017-12-01 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-23 15:19 - 2017-09-29 19:07 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-23 14:16 - 2018-03-12 22:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-23 14:16 - 2017-09-29 19:14 - 000000000 ____D C:\WINDOWS\INF
2021-06-23 03:25 - 2017-08-26 12:13 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-23 00:46 - 2018-02-01 08:38 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-06-22 09:26 - 2017-08-30 16:27 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\BitTorrent
2021-06-22 03:14 - 2017-08-26 15:22 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\vlc
2021-06-22 01:18 - 2021-02-13 08:56 - 000000000 ____D C:\Users\Abhishek\AppData\Local\BitTorrentHelper
2021-06-21 14:01 - 2018-09-08 22:30 - 000000000 ___HD C:\$GetCurrent
2021-06-21 14:01 - 2017-12-01 06:23 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2021-06-21 14:01 - 2017-12-01 06:23 - 000001908 _____ C:\WINDOWS\diagerr.xml
2021-06-21 14:01 - 2017-08-25 19:58 - 000000000 ____D C:\Users\Abhishek\AppData\Local\CrashDumps
2021-06-21 14:00 - 2017-11-30 05:30 - 000000000 ___DC C:\WINDOWS\Panther
2021-06-21 13:59 - 2017-09-29 14:15 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-06-21 13:56 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\registration
2021-06-21 13:23 - 2018-09-08 23:34 - 000000036 _____ C:\WINDOWS\progress.ini
2021-06-21 13:19 - 2018-09-08 22:30 - 000000000 ____D C:\Windows10Upgrade
2021-06-19 14:26 - 2019-07-14 10:30 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Ubisoft Game Launcher
2021-06-18 10:04 - 2019-12-19 23:35 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-18 07:36 - 2017-09-29 19:16 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-18 07:36 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-17 23:36 - 2017-12-01 06:23 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421928017-2934188180-441290238-1001
2021-06-17 23:36 - 2017-08-25 19:24 - 000002372 _____ C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-17 23:36 - 2017-08-25 19:24 - 000000000 ___RD C:\Users\Abhishek\OneDrive
2021-06-09 13:34 - 2017-08-27 11:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 13:28 - 2017-08-27 11:37 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-06 13:05 - 2017-12-01 06:26 - 007458846 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-06 12:59 - 2021-03-23 09:56 - 000000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001.job
2021-06-06 12:59 - 2021-03-23 09:56 - 000000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001.job
2021-06-06 12:59 - 2017-12-01 06:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-06 12:58 - 2017-09-29 14:15 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-03 21:02 - 2021-03-16 17:56 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\r2modman
2021-05-29 17:49 - 2021-03-23 09:56 - 000003838 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001
2021-05-29 17:49 - 2021-03-23 09:56 - 000003742 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001
2021-05-29 17:49 - 2021-03-23 09:56 - 000000000 ____D C:\Users\Abhishek\AppData\Local\GoToMeeting
2021-05-28 23:07 - 2017-12-01 06:20 - 000000000 ____D C:\Users\Abhishek
2021-05-27 11:45 - 2015-10-30 12:54 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-05-27 11:44 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
==================== Files in the root of some directories ========
2020-03-15 17:02 - 2020-03-15 17:02 - 000000000 _____ () C:\Users\Abhishek\AppData\Roaming\avoriontestfile
2018-01-08 01:03 - 2018-01-01 18:17 - 003485392 ___SH (Microsoft Corporation) C:\Users\Abhishek\AppData\Roaming\iiagbru
2019-05-20 01:16 - 2019-05-20 06:10 - 006503253 _____ () C:\Users\Abhishek\AppData\Roaming\resume (2).dat
2017-08-30 16:37 - 2019-05-20 01:14 - 005895987 _____ () C:\Users\Abhishek\AppData\Roaming\resume.dat
2021-03-20 16:04 - 2021-03-20 15:58 - 336592896 ___SH (System) C:\Users\Abhishek\AppData\Roaming\svchost.exe
2018-01-08 01:03 - 2018-01-01 18:17 - 000248375 ___SH () C:\Users\Abhishek\AppData\Roaming\uwhcuhf
2017-08-26 13:49 - 2020-07-14 11:21 - 000007606 _____ () C:\Users\Abhishek\AppData\Local\resmon.resmoncfg
2018-05-24 09:10 - 2018-05-24 09:10 - 000038737 _____ () C:\Users\Abhishek\AppData\Local\TempD05BDB8684C2E702C896BFDE31CA5F86_S_Stat_qwshrojc.zip
2019-10-31 20:56 - 2019-10-31 20:56 - 000000000 _____ () C:\Users\Abhishek\AppData\Local\{7B8BDD85-8C04-4B1D-B01F-86EEDDD8822D}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2021-06-22 20:39
==================== End of FRST.txt ========================
----------------------------------------------------------------------Addition.txt----------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by Abhishek (24-06-2021 12:14:34)
Running from F:\Downloads
Windows 10 Pro Version 1709 16299.214 (X64) (2017-12-01 00:54:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Abhishek (S-1-5-21-1421928017-2934188180-441290238-1001 - Administrator - Enabled) => C:\Users\Abhishek
Administrator (S-1-5-21-1421928017-2934188180-441290238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1421928017-2934188180-441290238-503 - Limited - Disabled)
Guest (S-1-5-21-1421928017-2934188180-441290238-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1421928017-2934188180-441290238-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Age of Wonders Planetfall Revelations (HKLM-x32\...\Age of Wonders Planetfall Revelations_is1) (Version: - )
alien_crossfire (HKLM\...\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb) (Version: - )
alpha_centauri (HKLM\...\{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb) (Version: - )
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Ancestors: Humankind Odyssey (HKLM-x32\...\Ancestors: Humankind Odyssey_is1) (Version: - )
Asus Sonic Radar 3 (HKLM-x32\...\{bc91cf0f-54ed-4f0d-8500-91f971851819}) (Version: 3.3.2.41474 - ASUSTeKcomputer.Inc)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
Battle Brothers Warriors of the North (HKLM-x32\...\Battle Brothers Warriors of the North_is1) (Version: - )
Battlefleet Gothic Armada II (HKLM-x32\...\Battlefleet Gothic Armada II_is1) (Version: - )
BitTorrent (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\BitTorrent) (Version: 7.10.5.45312 - BitTorrent Inc.)
Black Mesa (HKLM-x32\...\Black Mesa_is1) (Version: - )
Capitalism 2 (HKLM-x32\...\Capitalism 2_is1) (Version: - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Children Of Morta (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Children Of Morta) (Version: - HOODLUM)
Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - )
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
CPUID ROG CPU-Z 1.82.2 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.82.2 - CPUID, Inc.)
Crusader Kings 3 (HKLM-x32\...\Crusader Kings 3_is1) (Version: - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd)
D-Fend Reloaded 1.4.4 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
Discord (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 125.4.3474 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Dungeon Defenders: Awakened (HKLM-x32\...\Dungeon Defenders: Awakened_is1) (Version: - )
eFootball PES 2021 (HKLM-x32\...\eFootball PES 2021_is1) (Version: 0.0.0 - DODI-Repacks)
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Evolution The Video Game (HKLM-x32\...\Evolution The Video Game_is1) (Version: - )
Fantasy General II: Invasion (HKLM-x32\...\Fantasy General II: Invasion_is1) (Version: - )
Five Nations (HKLM-x32\...\DOGE_Five_Nations) (Version: - )
Forged of Blood (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Forged of Blood) (Version: - HOODLUM)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
Geeks3D FurMark 1.20.8.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoToMeeting 10.16.1.19709 (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\GoToMeeting) (Version: 10.16.1.19709 - LogMeIn, Inc.)
GreedFall (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\GreedFall) (Version: - HOODLUM)
Heroes of Might and Magic III HD Edition (HKLM-x32\...\SGVyb2Vzb2ZNaWdodGFuZE1hZ2ljSUlJSERFZGl0aW9u_is1) (Version: 1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Imperiums Greek Wars (HKLM-x32\...\Imperiums Greek Wars_is1) (Version: - )
Intel® Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
K-Lite Codec Pack 13.4.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.4.5 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Mass Effect Legendary Edition (HKLM-x32\...\Mass Effect Legendary Edition_is1) (Version: 0.0.0 - DODI-Repacks)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14026.20308 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.8 (x86) (HKLM-x32\...\{3ab9e9b0-debb-4a16-b9cf-d213cf129873}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might and Magic VIII: Day of the Destroyer (HKLM-x32\...\Might and Magic VIII: Day of the Destroyer_is1) (Version: - GOG.com)
Mordheim: City of the Damned (HKLM-x32\...\Mordheim: City of the Damned_is1) (Version: - )
NBA 2K20 (HKLM-x32\...\NBA 2K20_is1) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20280 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
Offworld Trading Company Conspicuous Consumption (HKLM-x32\...\Offworld Trading Company Conspicuous Consumption_is1) (Version: - )
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.74.41754 - Electronic Arts, Inc.)
Outer Wilds (HKLM-x32\...\Outer Wilds_is1) (Version: - )
Pathfinder Kingmaker (HKLM-x32\...\Pathfinder Kingmaker_is1) (Version: - )
Persona 4 Golden (HKLM-x32\...\Persona 4 Golden_is1) (Version: 0.0.0 - DODI-Repacks)
ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.3.201 - ASUSTeKcomputer.Inc) Hidden
r2modman 3.1.14 (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.14 - ebkr)
Railroad Tycoon 3 (HKLM-x32\...\1445251062_is1) (Version: 2.0.0.6 - GOG.com)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 beta r2858 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Scythe Digital Edition (HKLM\...\SKIDROW - Scythe Digital Edition) (Version: - SKIDROW)
Shadow Empire (HKLM\...\SKIDROW - Shadow Empire) (Version: - SKIDROW)
Sid Meier's Alpha Centauri (HKLM-x32\...\GOGPACKSIDMEIERSALPHACENTAURI_is1) (Version: 2.0.0.19 - GOG.com)
Sid Meiers Civilization VI Gathering Storm (HKLM-x32\...\Sid Meiers Civilization VI Gathering Storm_is1) (Version: - )
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Slipways (HKLM-x32\...\Slipways) (Version: - SKIDROW)
SoftPerfect RAM Disk version 3.4.8 (HKLM\...\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1) (Version: 3.4.8 - SoftPerfect)
SonicRadar3Setup (HKLM\...\{ABE86884-854B-4F6C-8B63-BCC0BFFAE372}) (Version: 3.3.2.41474 - ASUSTeKcomputer.Inc) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Starsector by Fractal Softworks LLC (HKLM-x32\...\Starsector) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
Thronebreaker The Witcher Tales (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Thronebreaker The Witcher Tales) (Version: - HOODLUM)
TIS-100 (HKLM-x32\...\1436869408_is1) (Version: 11.27.2017 - GOG.com)
Total War: Warhammer 2 (HKLM-x32\...\Total War: Warhammer 2_is1) (Version: - )
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F9B2D86A-2BB4-4373-8298-6D1D0BEBBF7B}) (Version: 2.71.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.1.4 - Black Tree Gaming Ltd.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wasteland 3 (HKLM-x32\...\Wasteland 3_is1) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 307.2016.1230.2300 - Wrye & Wrye Bash Development Team)
X4 Foundations Split Vendetta (HKLM-x32\...\X4 Foundations Split Vendetta_is1) (Version: - )
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)
XCOM: Chimera Squad (HKLM-x32\...\XCOM: Chimera Squad_is1) (Version: - )
Zip Motion Block Video codec (Remove Only) (HKLM\...\ZMBV) (Version: - DOSBox Team)
Zoom (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => F:\Documents\Dropbox [2017-11-17 17:55]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll -> No File
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google Inc -> Google)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google Inc -> Google)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.ZMBV] => C:\Windows\SysWOW64\zmbv.dll [94208 2010-04-10] () [File not signed]
HKLM\...\Drivers32: [vidc.zmbv] => C:\Windows\SysWOW64\zmbv.dll [94208 2010-04-10] () [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-03-25 01:29 - 2012-08-08 21:56 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\P2PLib.dll
2017-08-25 19:43 - 2015-05-08 11:56 - 000104448 ____R () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2020-03-25 01:29 - 2012-11-06 09:47 - 000114688 _____ () [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll
2017-08-26 14:08 - 2017-03-14 15:51 - 001714688 _____ () [File not signed] C:\Program Files\TeraCopy\TeraCopy64.dll
2017-08-25 19:43 - 2021-06-06 12:59 - 000036136 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2017-08-26 14:05 - 2016-10-04 20:21 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-04-24 14:30 - 2017-04-24 14:30 - 000349696 _____ (Intel® Corporation) [File not signed] C:\Windows\system32\NCS2Setp.dll
2019-12-19 23:39 - 2019-12-19 23:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll
2020-04-19 06:03 - 2020-04-19 06:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 06:03 - 2020-04-19 06:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2020-03-25 01:29 - 2012-11-06 14:31 - 000623616 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlLib.dll
2020-03-25 01:29 - 2012-09-13 09:25 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\IpLib.dll
2020-03-25 01:29 - 2012-05-07 14:23 - 000040960 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlICS.dll
2020-03-25 01:29 - 2012-10-12 10:25 - 000266240 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlIhvOid.dll
2020-03-25 01:29 - 2012-06-22 16:01 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlQRCode.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-03-25 01:29 - 2009-07-23 17:32 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\LIBEAY32.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Abhishek\AppData\Local\Temp:$DATA [34]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-1421928017-2934188180-441290238-1001 -> {FFA4C493-D04D-4EF6-841C-2E31CD9580F6} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-23 09:04 - 2017-09-23 09:04 - 000000847 _____ C:\WINDOWS\system32\drivers\etc\hosts
1.1.1.1 coin-hive.com
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\;C:\Android
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abhishek\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "RAMDiskForWorkstations"
HKLM\...\StartupApproved\Run: => "Windows32svc"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{79EC96ED-012A-4F81-983D-8ED9C2B84F72}] => (Allow) D:\Steam\steamapps\common\Endless Legend\EndlessLegend.exe () [File not signed]
FirewallRules: [{5863F38E-FEAC-47E3-A1FE-8CE941E6531A}] => (Allow) D:\Steam\steamapps\common\Endless Legend\EndlessLegend.exe () [File not signed]
FirewallRules: [{37F6DF46-B949-4625-8AD8-AE843C776D9D}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{0F0128C1-0915-41A4-87BF-BA12236F8AC5}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{5E2FC7BB-60B9-457C-9652-864CEFB3AD4D}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{382FDD5B-19B0-4BE5-B2D0-A78D2022174B}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [UDP Query User{A373394E-1DD7-42A8-8B82-C2DD600BBE1E}D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe] => (Block) D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe
FirewallRules: [TCP Query User{178B800C-E9BA-4A5B-A327-67B6D2A8EA23}D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe] => (Block) D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe
FirewallRules: [UDP Query User{B8D8470B-9A9F-4337-AA0D-AEC4FB618072}D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe] => (Block) D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe => No File
FirewallRules: [TCP Query User{075BFF6E-04A3-414E-A432-5EA4E6E7EF9F}D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe] => (Block) D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe => No File
FirewallRules: [UDP Query User{73F59D41-B1BA-46E5-8C19-22D6B848C7C1}D:\games\battle chasers nightwar\bc.exe] => (Block) D:\games\battle chasers nightwar\bc.exe => No File
FirewallRules: [TCP Query User{D16EBF66-B69B-4FF7-835A-49C258B4FADB}D:\games\battle chasers nightwar\bc.exe] => (Block) D:\games\battle chasers nightwar\bc.exe => No File
FirewallRules: [{CD4660DC-8070-4202-98B5-5C8A8DAD522C}] => (Allow) D:\Steam\steamapps\common\ADOM\adom.exe () [File not signed]
FirewallRules: [{3BCFB857-7ED9-4549-AEDB-E277D0F57070}] => (Allow) D:\Steam\steamapps\common\ADOM\adom.exe () [File not signed]
FirewallRules: [UDP Query User{D2F6AA19-E169-47C4-A9EC-EB2377CAB0C0}D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Block) D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe => No File
FirewallRules: [TCP Query User{80307D5A-E192-4806-A4FF-B02CEE36067F}D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Block) D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe => No File
FirewallRules: [UDP Query User{5F536DB4-BE09-4F72-B105-17207A6EC527}D:\games\total war - warhammer ii\warhammer2.exe] => (Block) D:\games\total war - warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{64E8BCC6-AF8D-44CA-906C-1D451E26846F}D:\games\total war - warhammer ii\warhammer2.exe] => (Block) D:\games\total war - warhammer ii\warhammer2.exe => No File
FirewallRules: [{7FDF8558-AAA5-4704-8737-322B6E96A14C}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [{1496E2DB-49A1-42CF-AF0F-940B7A824164}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [UDP Query User{82A01D71-8556-4B1D-8E27-7FE43695683F}D:\setup - games\simairport.v24.08.2017\simairport.exe] => (Block) D:\setup - games\simairport.v24.08.2017\simairport.exe => No File
FirewallRules: [TCP Query User{2D9530DF-79C3-4088-AAF9-68F0F13CF6EC}D:\setup - games\simairport.v24.08.2017\simairport.exe] => (Block) D:\setup - games\simairport.v24.08.2017\simairport.exe => No File
FirewallRules: [{F5ECE79C-4DD7-43F2-9FC0-887FF7FAA20D}] => (Allow) D:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{AE67ED16-C916-4350-869E-2CCB3D929BB9}] => (Allow) D:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [UDP Query User{D9D82CA2-4A6F-4781-8598-C0FAE0A05C53}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{AB4DCC7A-4806-40B2-BF16-FB077C7478E0}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F837EE46-C1D2-4A0E-A532-8EBF19AA3777}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{3D04B226-F9B6-484C-9046-7D32FEDCFCC8}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{8CA4D03D-1DAC-47E5-AE9C-FB93E09424F1}] => (Allow) D:\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{B509131D-2FB6-47BE-8275-8986C86B3F93}] => (Allow) D:\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{5133ED78-D245-49CA-87BF-8755806521EC}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{488E8780-6429-4465-BCE3-AF15A4E4DCA5}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{57D51FB2-CFDB-4C45-AF78-3E5D6A90677F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A2B5B780-14A1-4A7B-A444-6108A63CDA65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{226D7B7C-0D8C-4A98-ADF5-A9425BA14E24}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{A5FCC1D2-1C2E-4FEA-B552-E0E6992D5A42}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{705EF4C5-6DB7-4AB3-881C-1485DEBB5FDD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E1645E22-CFD0-428C-9BAF-329F6FF02410}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6604A336-7DE0-419B-9D6E-87EBFF190C8F}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{3B2856A4-93DD-49E4-9172-2DB0451E8185}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [TCP Query User{3B23A17E-538F-41CF-8A29-0DB33768574C}D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{8966BBF1-F8D4-4441-AE48-FB478F1594B0}D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe => No File
FirewallRules: [{A4148DFC-21AA-4362-A453-CDF05A48435B}] => (Allow) C:\Users\Abhishek\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8C64E1C1-DA06-4A9D-BBF1-AC0460193BB5}] => (Allow) C:\Users\Abhishek\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{59A3ED68-1FC7-4A75-A98D-8E9A0F64EA58}D:\games\nba 2k17\nba2k17.exe] => (Block) D:\games\nba 2k17\nba2k17.exe => No File
FirewallRules: [UDP Query User{15FD33CB-450C-4F99-BBBC-4AC6C85A4ED7}D:\games\nba 2k17\nba2k17.exe] => (Block) D:\games\nba 2k17\nba2k17.exe => No File
FirewallRules: [{447652D9-6D4D-4D7C-A790-067996483559}] => (Allow) D:\Steam\steamapps\common\Space Rangers HD A War Apart\Rangers.exe (СНК-Games) [File not signed]
FirewallRules: [{9525F7F7-ABC8-4BDD-8698-46F90DB7E8B1}] => (Allow) D:\Steam\steamapps\common\Space Rangers HD A War Apart\Rangers.exe (СНК-Games) [File not signed]
FirewallRules: [{09DD6DA5-42E2-4535-BA97-D641937CCF70}] => (Allow) D:\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{C553D6E6-219B-4342-B06B-97424C4D7BBC}] => (Allow) D:\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{32556F13-E5CC-4C4F-B4B9-4BD6A783C218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{DD71EB9A-CE04-4402-8EA9-6ECE776A5BD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{1188083F-BD41-4944-9FC4-D5517A3DABBD}] => (Allow) D:\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{2F54F034-3F50-4881-8872-B707C8A7BF7A}] => (Allow) D:\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{193CE41F-1ECB-4E4C-A596-D3A8BDE5C3B2}] => (Allow) D:\Steam\steamapps\common\Distant Worlds Universe\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{C1FE5532-87F2-434E-B58B-EBA6DEBF7052}] => (Allow) D:\Steam\steamapps\common\Distant Worlds Universe\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{702BD9AC-E5E7-4F84-9644-A0D65A99763C}] => (Allow) D:\Steam\steamapps\common\Polaris Sector\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{A098BDBE-13CF-4A65-AD5A-A7C18610C5AE}] => (Allow) D:\Steam\steamapps\common\Polaris Sector\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [TCP Query User{E4771EE1-C6DF-4AF1-AE9C-2DC47983D58E}D:\games\into.the.breach.v1.0.14\breach.exe] => (Block) D:\games\into.the.breach.v1.0.14\breach.exe => No File
FirewallRules: [UDP Query User{FE1599CE-3CC2-462B-A95F-9BE2017DC174}D:\games\into.the.breach.v1.0.14\breach.exe] => (Block) D:\games\into.the.breach.v1.0.14\breach.exe => No File
FirewallRules: [TCP Query User{1BE7B85F-D0DF-4ACF-A97E-1281EFC9A37B}D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Block) D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe => No File
FirewallRules: [UDP Query User{8E7813D9-C896-4F2D-93A0-3A49456D9E3B}D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Block) D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe => No File
FirewallRules: [{4CE15FEF-7C16-47E9-A1EA-AF386D62E3BC}] => (Allow) D:\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{DFD983EA-852C-4E3A-BB36-772FEE679A8C}] => (Allow) D:\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{67EFA13A-FDF4-4151-B012-1B53A32E9DA6}] => (Allow) D:\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{5E3D08C6-E43F-48D6-B350-7DDA9A615FD5}] => (Allow) D:\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{4AADC265-6FEF-43E5-B4A7-7F4C87B283B3}] => (Allow) D:\Steam\steamapps\common\Through the Ages\ThroughTheAges_steam.exe (Marmalade Technologies Ltd) [File not signed]
FirewallRules: [{45D1B4B9-9B3A-44D6-88BA-82E874A28B85}] => (Allow) D:\Steam\steamapps\common\Through the Ages\ThroughTheAges_steam.exe (Marmalade Technologies Ltd) [File not signed]
FirewallRules: [{9400EDAE-5D72-459F-AC8D-B4A2868F3705}] => (Allow) D:\Steam\steamapps\common\Imperium Galactica II\ig2.exe () [File not signed]
FirewallRules: [{8A47577F-7E1D-487E-88CD-C36873D804C9}] => (Allow) D:\Steam\steamapps\common\Imperium Galactica II\ig2.exe () [File not signed]
FirewallRules: [{9A208074-51DC-48B7-8C00-3C5364A4E1C2}] => (Allow) D:\Steam\steamapps\common\Sword of the Stars Complete Collection\Sword of the Stars.exe () [File not signed]
FirewallRules: [{8F857C18-733F-46B6-AB55-2D940DA4D64B}] => (Allow) D:\Steam\steamapps\common\Sword of the Stars Complete Collection\Sword of the Stars.exe () [File not signed]
FirewallRules: [{2025F774-8470-4F2D-9806-235C2261A57F}] => (Allow) D:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{59886284-37DA-4CDF-912E-61D9D57A03F0}] => (Allow) D:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{A6DA829A-F67D-4AD2-8698-2BDCCF566C7C}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{945A4866-8B19-42B8-8999-DE969BC395FD}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{A17BD1A9-B110-44C7-93E8-0F4CACE19AC2}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F7DD312A-A41C-4902-B44A-62AF1BD28BD4}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F6ABCC32-1868-4D68-9632-7AA9998E49DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{55F677B5-E23D-4B72-9DC0-F8E7D8FDC7B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{7FE5E87F-DB06-4B38-8F38-11EC56C49A09}] => (Allow) D:\Games\Simcity 2014\SimCity 2013 Offline\SimCity\SimCity.exe => No File
FirewallRules: [{09944962-55E2-43FF-8F1C-28EED29BF66B}] => (Allow) D:\Games\Simcity 2014\SimCity 2013 Offline\SimCity\SimCity.exe => No File
FirewallRules: [TCP Query User{6D74C7EE-DA36-4BA0-8A5B-68D43C154843}D:\games\simcity\simcity\simcity.exe] => (Block) D:\games\simcity\simcity\simcity.exe (Electronic Arts -> Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{96E148F5-95EF-44F2-AF98-DACFDDD7335A}D:\games\simcity\simcity\simcity.exe] => (Block) D:\games\simcity\simcity\simcity.exe (Electronic Arts -> Electronic Arts Inc.) [File not signed]
FirewallRules: [{7DCF4C2E-E4A6-4CC0-96AD-A93D349BC3A9}] => (Allow) D:\Steam\steamapps\common\RiseOfIndustry\Rise of Industry.exe => No File
FirewallRules: [{133159F0-94C4-4BF6-ABAE-A276122FE413}] => (Allow) D:\Steam\steamapps\common\RiseOfIndustry\Rise of Industry.exe => No File
FirewallRules: [TCP Query User{71E9F5FB-551B-4E4B-8C01-29F6898E3CFE}D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe] => (Block) D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe => No File
FirewallRules: [UDP Query User{F13A773E-5C76-46A3-B4DD-8E90A0667762}D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe] => (Block) D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe => No File
FirewallRules: [{87EE613F-DA6A-422B-BDBB-17069D0DA98D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A28118F1-CB0E-4896-97AC-047848B1B292}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A3E7CC02-258A-4DFB-89EF-13E65F9458C3}D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{FE746B19-5743-4B9F-BDBD-A82FF7F0356E}D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe (Larian Studios -> )
FirewallRules: [{A4F43B43-13A3-4D6D-9D0D-96053A8ED44F}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{8CD26623-89F4-4D30-9265-B2D31E8430EA}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{CEF0F762-B20F-494B-B149-8EE87894D5FC}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{CEDBF4B6-F73D-4A40-A0D7-FD4B820C20B9}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{2CD73B44-CC4D-4C5A-AE11-891F406DF331}] => (Allow) D:\Steam\steamapps\common\Drox Operative\DroxOperative.exe () [File not signed]
FirewallRules: [{F2060FA0-45EF-42D6-AABD-C947FAF60342}] => (Allow) D:\Steam\steamapps\common\Drox Operative\DroxOperative.exe () [File not signed]
FirewallRules: [TCP Query User{04DEB26F-757F-411C-AB3D-6DF4AB70874F}D:\games\pathfinder kingmaker\kingmaker.exe] => (Block) D:\games\pathfinder kingmaker\kingmaker.exe => No File
FirewallRules: [UDP Query User{D7D31DBF-DC98-4E5E-9CCB-17FB5223324B}D:\games\pathfinder kingmaker\kingmaker.exe] => (Block) D:\games\pathfinder kingmaker\kingmaker.exe => No File
FirewallRules: [{C2D69F0D-6C33-4E5D-8FA8-6907DBD9827F}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe => No File
FirewallRules: [{9212A2AF-357C-4DB5-8F2F-33B3432B6439}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe => No File
FirewallRules: [TCP Query User{C7FF33B2-5E74-42EC-8FC6-58264FB9CB30}D:\setup - games\simairport.v29.10.2018\simairport.exe] => (Block) D:\setup - games\simairport.v29.10.2018\simairport.exe => No File
FirewallRules: [UDP Query User{4A925AE9-DAF7-4AAC-9DF9-1DCB3F548108}D:\setup - games\simairport.v29.10.2018\simairport.exe] => (Block) D:\setup - games\simairport.v29.10.2018\simairport.exe => No File
FirewallRules: [{E7176B6E-1F51-4A48-BA50-AB47365C1D7D}] => (Allow) D:\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{E4EFF4C6-125C-4B4A-9710-0548ADF378FD}] => (Allow) D:\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{4A1616AC-95A6-4422-9233-F700B5BE5DD0}] => (Allow) D:\Steam\steamapps\common\The Colonists\TheColonists.exe () [File not signed]
FirewallRules: [{D337FB6E-7B7E-4599-A85A-45E40534C4D8}] => (Allow) D:\Steam\steamapps\common\The Colonists\TheColonists.exe () [File not signed]
FirewallRules: [{4B81E6B1-2809-43EF-BAE4-1FD599EC9E82}] => (Allow) D:\Steam\steamapps\common\AI War 2\AIWar2.exe () [File not signed]
FirewallRules: [{91253159-B12D-4E0C-80B2-DBEB2B75EA8C}] => (Allow) D:\Steam\steamapps\common\AI War 2\AIWar2.exe () [File not signed]
FirewallRules: [{D46E4AFD-1AC4-415E-83AF-C276B04D4DB7}] => (Allow) D:\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{46945A9A-B912-46E8-9794-3A51C8EF4623}] => (Allow) D:\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{10286C11-7ECE-4F38-9664-1CB54786FA6D}] => (Allow) D:\Steam\steamapps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH) [File not signed]
FirewallRules: [{8E7DA6EF-2745-4C3A-AFDF-5BD2C9E98D6B}] => (Allow) D:\Steam\steamapps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH) [File not signed]
FirewallRules: [TCP Query User{AA559B58-555C-4AB2-AF05-C92DF1C19F26}D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9B907729-17F6-42FF-B483-F1AED5348987}D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe => No File
FirewallRules: [TCP Query User{0E41FB97-241A-43F6-B940-10DF9A4D596B}D:\setup - games\foundation.v0.4.9\foundation.exe] => (Block) D:\setup - games\foundation.v0.4.9\foundation.exe => No File
FirewallRules: [UDP Query User{80326E13-4DE4-4E86-AE07-7E7386DFCC9A}D:\setup - games\foundation.v0.4.9\foundation.exe] => (Block) D:\setup - games\foundation.v0.4.9\foundation.exe => No File
FirewallRules: [{2A1D4E10-60F6-4CE8-A0AC-7801ADC3E6E3}] => (Allow) D:\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{C79D0CA4-32BF-4978-AEDA-E0A8FFB741C0}] => (Allow) D:\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{8DC78D7B-93D4-4AB2-905A-D66F834AF8B0}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{260BD80C-B59D-4B78-8277-BCB58A4289EA}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{14456F20-7C64-448F-8C32-75AE9B8C5E34}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9CB4B5FA-7B88-4110-A8A8-19EF12684AE7}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{AB019BB3-AE65-4794-A45D-06990FEC2616}D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Block) D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4F457511-F1B1-4360-B178-490FC1ABA317}D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Block) D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [{B7B80D8E-687F-4416-BAB0-281611189013}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{E7D915B7-A6AD-4506-8DCC-11C03B01EAD4}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{6516BB23-A465-47E8-AC55-4291DD9B46A0}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{A9F6D395-8FA3-4950-8BAE-7830ACADAE7A}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{78785150-9F4B-4382-8FE2-E283205C6749}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{580C4734-7899-4B90-B3FB-2DC144008C56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3EB229B1-870D-4441-9E96-E5B6A7BE2128}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{7102BDD0-98EB-4F4C-8DA2-04D0A59B87D0}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{E7D27900-53EA-4B01-9535-4D3F729DAEAF}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [{1AD79FD6-392A-4549-A32F-8C82A7F552F6}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{D717B10B-5FB0-4DED-9BB9-EFF82F6B96BF}D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe (Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{1A401B35-B515-48C5-A44D-89F422F84A08}D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe (Firaxis Games) [File not signed]
FirewallRules: [{5AB0D642-A086-472D-BFEA-78858C056FE7}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{58FDF5EF-B3EC-497F-96AA-8F004795D6E8}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{BEF5A3B7-CC7D-4E09-986E-7808F8014CA9}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{FF892A9C-EDA7-480F-B5D4-5A011EF68DFF}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{9E1FA0D2-A8A1-4C02-B992-A2ACD7C9BC5A}] => (Allow) D:\Steam\steamapps\common\Factory Town\Factory Town.exe () [File not signed]
FirewallRules: [{71BD84C0-DCDB-4B5C-BDC5-A89BF4C940B1}] => (Allow) D:\Steam\steamapps\common\Factory Town\Factory Town.exe () [File not signed]
FirewallRules: [TCP Query User{D1B27CDE-3796-4012-977B-E13E89AD3282}D:\setup - games\urban assault 2019\urban assault source\ua.exe] => (Block) D:\setup - games\urban assault 2019\urban assault source\ua.exe => No File
FirewallRules: [UDP Query User{5C946A6A-7EC7-4602-9742-28727383E5EE}D:\setup - games\urban assault 2019\urban assault source\ua.exe] => (Block) D:\setup - games\urban assault 2019\urban assault source\ua.exe => No File
FirewallRules: [{01484C0D-C162-435B-B1D7-06E99A3788E8}] => (Allow) D:\Steam\steamapps\common\Cliff Empire\CliffEmpire.exe => No File
FirewallRules: [{099DB166-10E9-4373-8DAB-D0F40944681E}] => (Allow) D:\Steam\steamapps\common\Cliff Empire\CliffEmpire.exe => No File
FirewallRules: [TCP Query User{7B70712A-345C-42E8-95D3-682124F73BA5}D:\games\dins.legacy\din's legacy\dinslegacy.exe] => (Block) D:\games\dins.legacy\din's legacy\dinslegacy.exe => No File
FirewallRules: [UDP Query User{1D1D6B67-67EA-4F4D-A6AE-4798C38CF3DC}D:\games\dins.legacy\din's legacy\dinslegacy.exe] => (Block) D:\games\dins.legacy\din's legacy\dinslegacy.exe => No File
FirewallRules: [TCP Query User{6486FD8F-A11B-4328-B723-3265595AF60B}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{8585BC37-CF54-40C3-A802-C69E2D0B4C5F}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [{B5F304E6-7044-4675-AC97-916B17BD728F}] => (Allow) D:\Steam\steamapps\common\Might & Magic X - Legacy\Might and Magic X Legacy.exe (Limbic Entertainment GmbH -> )
FirewallRules: [{FD60A5BE-B50E-4056-9184-CE6C8F34A8F5}] => (Allow) D:\Steam\steamapps\common\Might & Magic X - Legacy\Might and Magic X Legacy.exe (Limbic Entertainment GmbH -> )
FirewallRules: [{44C48791-AC93-43F1-AA86-06A1295F64EC}] => (Allow) D:\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{02201CF8-B742-40F0-BCE2-44FBB4402626}] => (Allow) D:\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [TCP Query User{B927C14A-3CAA-407C-9179-B31AD1AFD82E}D:\setup - games\gloomhaven\gloomhaven\gh.exe] => (Block) D:\setup - games\gloomhaven\gloomhaven\gh.exe => No File
FirewallRules: [UDP Query User{BF75F859-0EC9-48F5-B129-979D8BBDA5DC}D:\setup - games\gloomhaven\gloomhaven\gh.exe] => (Block) D:\setup - games\gloomhaven\gloomhaven\gh.exe => No File
FirewallRules: [{6169895A-CA95-4104-B345-796C791AD73B}] => (Allow) D:\Steam\steamapps\common\Interstellar Space Genesis\isg.exe () [File not signed]
FirewallRules: [{2C527327-3E22-4BB2-A1B4-7BAB541B2836}] => (Allow) D:\Steam\steamapps\common\Interstellar Space Genesis\isg.exe () [File not signed]
FirewallRules: [{936E1EF6-503E-4810-B7DF-6144C50438F3}] => (Allow) D:\Steam\steamapps\common\Settlements\Settlements.exe (Treon Games) [File not signed]
FirewallRules: [{907E6FEB-1E11-419C-98CC-D5373732FCC7}] => (Allow) D:\Steam\steamapps\common\Settlements\Settlements.exe (Treon Games) [File not signed]
FirewallRules: [TCP Query User{46BED59E-5165-4511-B2B7-72E54A4D694B}D:\setup - games\foundation.v1.3.3\foundation.exe] => (Block) D:\setup - games\foundation.v1.3.3\foundation.exe => No File
FirewallRules: [UDP Query User{C16DF683-37C9-4A7A-91A7-661D81D1944E}D:\setup - games\foundation.v1.3.3\foundation.exe] => (Block) D:\setup - games\foundation.v1.3.3\foundation.exe => No File
FirewallRules: [TCP Query User{9C114CF8-954C-4694-8E97-38E0F69F57F8}D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Block) D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe => No File
FirewallRules: [UDP Query User{06C1FEDF-010F-42FD-9CC7-BCC92996ED94}D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Block) D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe => No File
FirewallRules: [{C7AE7E0E-DF8E-4D04-8DEA-E3953D6F739A}] => (Allow) D:\Games\NBA 2K14\nba2k14.exe => No File
FirewallRules: [{038249E0-44FF-4CF4-B2FA-8B1B0DA6108B}] => (Allow) D:\Games\NBA 2K14\nba2k14.exe => No File
FirewallRules: [TCP Query User{E5E46E44-C655-4A5C-9ED0-830C234E19CA}D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe] => (Block) D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [UDP Query User{F22798D7-00D4-4360-A282-9E4A021130C7}D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe] => (Block) D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [{F48D4509-7D38-473C-897F-B91A2D4E4584}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33112A60-4337-4E99-A5AB-9487CE954884}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{949AC766-48BA-4737-8E77-A6C08CB93AE7}] => (Allow) D:\Steam\steamapps\common\Stellar Tactics\StellarTactics.exe () [File not signed]
FirewallRules: [{02787B5E-065A-4C32-9231-CEDC7FB3A181}] => (Allow) D:\Steam\steamapps\common\Stellar Tactics\StellarTactics.exe () [File not signed]
FirewallRules: [TCP Query User{13CF5725-6480-4438-B4A9-EF4E52CABFD6}D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [UDP Query User{3F11B248-5334-4D91-A03A-4AA0DF93365D}D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [TCP Query User{D1C46B00-4705-4678-86D7-DEDECF898E72}D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe] => (Block) D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe => No File
FirewallRules: [UDP Query User{0A172D42-C3E9-447B-968A-CB38CDFC0B4F}D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe] => (Block) D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe => No File
FirewallRules: [TCP Query User{EA724399-F461-4A70-850B-5A5A92B12AB7}D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe] => (Block) D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe => No File
FirewallRules: [UDP Query User{8091FE39-FA5E-46A6-89CD-F31BEF75D262}D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe] => (Block) D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe => No File
FirewallRules: [TCP Query User{255B0ED2-CF32-4546-A992-6883B1D3A304}D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Block) D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe => No File
FirewallRules: [UDP Query User{80D1A396-5DFF-4942-8E16-1285BCE5D430}D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Block) D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe => No File
FirewallRules: [TCP Query User{3D96B709-1A99-4AB0-B4F2-F441338897C3}D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe] => (Block) D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe => No File
FirewallRules: [UDP Query User{82D30E03-78E3-41C3-BFD8-94659DC8C529}D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe] => (Block) D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe => No File
FirewallRules: [TCP Query User{A248BA63-034C-4684-8879-68F2D3643CC1}D:\setup - games\avorion.v0.33.3\bin\avorion.exe] => (Block) D:\setup - games\avorion.v0.33.3\bin\avorion.exe => No File
FirewallRules: [UDP Query User{358F6F83-944D-4EC5-B88A-D1ABDA78DCD7}D:\setup - games\avorion.v0.33.3\bin\avorion.exe] => (Block) D:\setup - games\avorion.v0.33.3\bin\avorion.exe => No File
FirewallRules: [TCP Query User{E9C07CB4-63C4-485D-B39E-540F795D2C1C}D:\games\phoenix point blood and titanium\phoenixpointwin64.exe] => (Block) D:\games\phoenix point blood and titanium\phoenixpointwin64.exe => No File
FirewallRules: [UDP Query User{2B96F45D-6B8F-4C73-B7DA-6A79A5D1F619}D:\games\phoenix point blood and titanium\phoenixpointwin64.exe] => (Block) D:\games\phoenix point blood and titanium\phoenixpointwin64.exe => No File
FirewallRules: [{35745CD6-89F7-4FEB-8850-235C530848F4}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{C81B5286-9791-4492-81D0-D6372AA64E1A}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{1D721E48-99B6-4014-8F1F-CF0EA451B4BD}] => (Allow) LPort=1542
FirewallRules: [{5FDCA851-18E0-48CB-96EF-1E2F008C42E4}] => (Allow) LPort=1542
FirewallRules: [{054FABBB-9BB0-435B-82E6-13673F48A16A}] => (Allow) LPort=53
FirewallRules: [{820F265B-F347-44E0-AB69-BEEDF79C687A}] => (Allow) LPort=67
FirewallRules: [{92EF0A85-FFE7-4F86-9C38-C49A9FAD2E04}] => (Allow) LPort=68
FirewallRules: [{01CBDA59-65B7-449D-8F19-6215CCC47BF5}] => (Allow) LPort=53
FirewallRules: [{A1755B7C-E11C-4BB8-BD52-1348BB9F5533}] => (Allow) LPort=53
FirewallRules: [{5627A066-08D8-45C3-BB18-F1580D6E30E6}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed]
FirewallRules: [TCP Query User{AABEB4B3-6EE1-499A-B221-341C67C532C6}D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe] => (Block) D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{3D2D6860-E4EB-41BD-875F-7AC95C13C2BD}D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe] => (Block) D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{32A45D5B-9BC6-4399-B608-2E3AD910067F}] => (Allow) D:\Steam\steamapps\common\Legend of Keepers\LegendOfKeepers.exe () [File not signed]
FirewallRules: [{36F8E4C5-AC0F-4553-B052-946D3F7B6D03}] => (Allow) D:\Steam\steamapps\common\Legend of Keepers\LegendOfKeepers.exe () [File not signed]
FirewallRules: [TCP Query User{B9E1EC74-90BC-46AE-933C-E858F6CE3816}D:\games\xcom - chimera squad\binaries\win64\xcom.exe] => (Block) D:\games\xcom - chimera squad\binaries\win64\xcom.exe (Take-Two Interactive Software, Inc. -> Firaxis Games)
FirewallRules: [UDP Query User{D7E0CB21-E9F4-4FDE-84A4-4E5EA3126D76}D:\games\xcom - chimera squad\binaries\win64\xcom.exe] => (Block) D:\games\xcom - chimera squad\binaries\win64\xcom.exe (Take-Two Interactive Software, Inc. -> Firaxis Games)
FirewallRules: [{C99E9E7E-6834-4F4D-A334-CB749D6F2272}] => (Allow) D:\Steam\steamapps\common\Wingspan Demo\WingspanDemo.exe => No File
FirewallRules: [{2ECA6A05-2F5A-4C68-9D15-2D4D53F3789B}] => (Allow) D:\Steam\steamapps\common\Wingspan Demo\WingspanDemo.exe => No File
FirewallRules: [{5F89FA5E-497F-4AB6-861C-CC4E8FC2A90A}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Launcher\launcher.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{BF6D5231-3AB5-4A3C-9835-476EB221FF82}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Launcher\launcher.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{0D3C1DF7-B6E6-40AC-96A9-EC5123A2AA8B}] => (Allow) D:\Games\Epic Games\ANNO1800\Bin\Win64\Anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{99812AAA-004E-4E51-8637-BB6AF3741BA4}] => (Allow) D:\Steam\steamapps\common\Dominus Galaxia KS Edition\Dominus Galaxia.exe () [File not signed]
FirewallRules: [{AC94092F-DE50-4F90-88F3-26118C1DC369}] => (Allow) D:\Steam\steamapps\common\Dominus Galaxia KS Edition\Dominus Galaxia.exe () [File not signed]
FirewallRules: [{26EDDC64-A2FA-41F7-BEB5-67297AD65CAE}] => (Allow) D:\Steam\steamapps\common\Secret Government Demo\Secret Government.exe () [File not signed]
FirewallRules: [{38847675-88A9-4B9C-836A-E8F00ABFF29A}] => (Allow) D:\Steam\steamapps\common\Secret Government Demo\Secret Government.exe () [File not signed]
FirewallRules: [TCP Query User{26428205-C1DC-469F-B72C-AE692D7B5DBD}D:\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) D:\steam\steamapps\common\titanfall2\titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment)
FirewallRules: [UDP Query User{35F67515-788F-4EE1-9EA1-CD4EE1523942}D:\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) D:\steam\steamapps\common\titanfall2\titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment)
FirewallRules: [TCP Query User{D54BB0AE-5634-45FE-A8A9-38B44E56ED2A}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe (3DIVISION) [File not signed]
FirewallRules: [UDP Query User{6EB9094F-891D-4CAC-A45E-9C55F13DDCE3}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe (3DIVISION) [File not signed]
FirewallRules: [TCP Query User{BA79FE3F-B96A-4541-B5B7-E1FB037CD11A}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe () [File not signed]
FirewallRules: [UDP Query User{F5AB0789-DE76-43BF-9879-7AEF53FEC329}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe () [File not signed]
FirewallRules: [{99635B19-7A18-4E79-9FCC-1685B04F9424}] => (Allow) C:\Users\Abhishek\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E394CE13-9B89-4035-B8E6-3606DA05F2D6}] => (Allow) C:\Users\Abhishek\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{0B88D9E9-FD08-4150-BB6D-9FDCDAB2DBA8}D:\games\epic games\oldworld\oldworld.exe] => (Allow) D:\games\epic games\oldworld\oldworld.exe () [File not signed]
FirewallRules: [UDP Query User{7C530AD4-0058-4DBF-B06A-965403A500E6}D:\games\epic games\oldworld\oldworld.exe] => (Allow) D:\games\epic games\oldworld\oldworld.exe () [File not signed]
FirewallRules: [TCP Query User{EE36E8FA-53CA-4CA4-88B7-0D013C6418D5}D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe] => (Block) D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe => No File
FirewallRules: [UDP Query User{176F41AE-0400-476B-A36F-2282B7D6BFE6}D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe] => (Block) D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe => No File
FirewallRules: [TCP Query User{25EA6FF6-6F2D-4F96-91DD-FC8579C8AFDD}D:\games\persona 4 golden\p4g.exe] => (Block) D:\games\persona 4 golden\p4g.exe () [File not signed]
FirewallRules: [UDP Query User{574445FF-3E70-4977-AA25-C06F2FDE494B}D:\games\persona 4 golden\p4g.exe] => (Block) D:\games\persona 4 golden\p4g.exe () [File not signed]
FirewallRules: [{E6B6A20B-64D0-4745-87FE-3BFF4D3FB53F}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus.exe (Nordic Games) [File not signed]
FirewallRules: [{E37E885C-390C-421B-BCF6-B8B1C65A63FD}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus.exe (Nordic Games) [File not signed]
FirewallRules: [{62B0CF52-C426-4028-93E7-C5ECE35AA828}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus_DX9.exe (Nordic Games) [File not signed]
FirewallRules: [{0C2E5C70-9607-4777-9A7B-B984FA8C58EC}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus_DX9.exe (Nordic Games) [File not signed]
FirewallRules: [{FE87B19C-E3CF-4A0A-81FF-17BD4C60E1D2}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\mod_tools\mod_tools.exe (Nordic Games) [File not signed]
FirewallRules: [{8A056044-9940-4675-830F-EBC57F18C3C9}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\mod_tools\mod_tools.exe (Nordic Games) [File not signed]
FirewallRules: [{5D5880A4-C833-4E38-9501-1CACAB37CF26}] => (Allow) D:\Steam\steamapps\common\Master of Orion 3\moo3.exe (INFOGRAMES & QUICKSILVER SOFTWARE) [File not signed]
FirewallRules: [{4F6D2223-801E-4A56-9E03-41AF36BECCFC}] => (Allow) D:\Steam\steamapps\common\Master of Orion 3\moo3.exe (INFOGRAMES & QUICKSILVER SOFTWARE) [File not signed]
FirewallRules: [{31450AC5-0F38-4D25-AC44-508C6E7C7E51}] => (Allow) D:\Steam\steamapps\common\Master of Orion 2\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{1AC19DBC-5197-4305-811A-65190809885D}] => (Allow) D:\Steam\steamapps\common\Master of Orion 2\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{75B9B57A-9C6E-4AB7-B0D8-1CA9B86985D8}] => (Allow) D:\Steam\steamapps\common\Master of Orion 1\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{FC55B8D8-CA23-4B27-A2E7-1CA40ECE9929}] => (Allow) D:\Steam\steamapps\common\Master of Orion 1\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{DE106AB0-F3E6-420E-A6A6-90445DD5BF91}] => (Allow) D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe () [File not signed]
FirewallRules: [{B4620D84-307C-43D6-A887-938BEB9D80C4}] => (Allow) D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe () [File not signed]
FirewallRules: [TCP Query User{1BE3B879-2C22-4E47-AEDA-D5350D2C2AD4}C:\program files (x86)\altova\mapforce2020\mapforce.exe] => (Allow) C:\program files (x86)\altova\mapforce2020\mapforce.exe => No File
FirewallRules: [UDP Query User{39F4A759-B33C-4070-BB09-91A3F1465CFF}C:\program files (x86)\altova\mapforce2020\mapforce.exe] => (Allow) C:\program files (x86)\altova\mapforce2020\mapforce.exe => No File
FirewallRules: [TCP Query User{7EDFDAC6-6793-402D-9998-07DFF0881A97}D:\games\epic games\totalwarsagatroy\troy.exe] => (Allow) D:\games\epic games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{7EC463FE-7D79-4617-8C15-8955016937CB}D:\games\epic games\totalwarsagatroy\troy.exe] => (Allow) D:\games\epic games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{EFD861C9-15AB-4499-BFCD-33514FEA6538}D:\games\total war - warhammer 2\warhammer2.exe] => (Block) D:\games\total war - warhammer 2\warhammer2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) [File not signed]
FirewallRules: [UDP Query User{8E10DDB0-CFBE-4D6A-8288-2741B441F0CC}D:\games\total war - warhammer 2\warhammer2.exe] => (Block) D:\games\total war - warhammer 2\warhammer2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) [File not signed]
FirewallRules: [{3AD7CFBF-B3CB-4304-85D6-6B705D180FF9}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{411773CD-959A-45F4-BAE7-7D30B6187AF5}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [TCP Query User{5DCF1FD6-8624-4FCD-B138-96B1A29D59E1}D:\games\wasteland 3\wl3.exe] => (Block) D:\games\wasteland 3\wl3.exe () [File not signed]
FirewallRules: [UDP Query User{5C91C3F5-2B05-42F5-A3D9-84128219E1BF}D:\games\wasteland 3\wl3.exe] => (Block) D:\games\wasteland 3\wl3.exe () [File not signed]
FirewallRules: [{317EBFB0-BAA9-482D-BF2D-64E61DD146CF}] => (Allow) D:\Steam\steamapps\common\Trials of Mana Demo\Trials of Mana\Binaries\Win64\Trials of Mana-Win64-Shipping.exe => No File
FirewallRules: [{97725372-FEE9-4789-9D1F-D3B72D45EDD2}] => (Allow) D:\Steam\steamapps\common\Trials of Mana Demo\Trials of Mana\Binaries\Win64\Trials of Mana-Win64-Shipping.exe => No File
FirewallRules: [{63575091-2436-4097-AC87-58C7FE31E069}] => (Allow) D:\Steam\steamapps\common\DarksidersGenesis\DarksidersGenesis.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{E8A7D9B8-0822-477F-9446-2C38E163FBD5}] => (Allow) D:\Steam\steamapps\common\DarksidersGenesis\DarksidersGenesis.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{AB453C86-A630-4E07-8FD7-4D858EDB0E48}D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe (THQ Nordic GmbH) [File not signed]
FirewallRules: [UDP Query User{735A859C-0DF6-410B-BBEC-ADC6BE6E5D7D}D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe (THQ Nordic GmbH) [File not signed]
FirewallRules: [{DBB9F32A-91F4-42BE-9DFE-AD89B0EBABB2}] => (Allow) D:\Steam\steamapps\common\The Jackbox Party Pack 5\The Jackbox Party Pack 5.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{4B3EED34-46BE-48A9-B25A-86ADA4232FA3}] => (Allow) D:\Steam\steamapps\common\The Jackbox Party Pack 5\The Jackbox Party Pack 5.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{60CE7F20-2A00-4899-979D-01801C409B19}C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{22F89EE7-B9D1-4FBC-BA3E-48314DC3AB64}C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7CA51103-4248-4DE7-BFB0-3ADFB1ABDBDF}D:\games\iron harvest\release\ironharvest.exe] => (Block) D:\games\iron harvest\release\ironharvest.exe => No File
FirewallRules: [UDP Query User{72D58B1C-BEC6-425B-A33C-6456F7F3E2A1}D:\games\iron harvest\release\ironharvest.exe] => (Block) D:\games\iron harvest\release\ironharvest.exe => No File
FirewallRules: [TCP Query User{FA72E94C-DE92-4EE4-9E0E-A99308AE3460}D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe] => (Block) D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe (Earthshine) [File not signed]
FirewallRules: [UDP Query User{6D18413A-3E19-4C8F-BCDF-A065FCEF756E}D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe] => (Block) D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe (Earthshine) [File not signed]
FirewallRules: [TCP Query User{862908BC-0C90-416D-8B0D-FEEF4E7DFDA9}D:\games\baldurs gate 3\bin\bg3.exe] => (Block) D:\games\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [UDP Query User{3D01CB3A-B8E6-41CF-9563-838C494A5BBB}D:\games\baldurs gate 3\bin\bg3.exe] => (Block) D:\games\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [{2D9D5DDF-DA43-43E1-926D-79BFA4E5BA24}] => (Allow) D:\Steam\steamapps\common\Drox Operative 2\DroxOperative2.exe (Soldak Entertainment, Inc. -> )
FirewallRules: [{6CB65CF1-035A-4C07-AAC2-30F0E5E68870}] => (Allow) D:\Steam\steamapps\common\Drox Operative 2\DroxOperative2.exe (Soldak Entertainment, Inc. -> )
FirewallRules: [{60345E09-E376-49B5-9B67-5C77F0D08A66}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\Launcher.exe => No File
FirewallRules: [{3B42BB0E-0CDA-4BAB-B61A-463E3FB67EDE}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\Launcher.exe => No File
FirewallRules: [{AE2EDF69-7AEB-404E-AE15-83D91E26457E}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{D3CC370B-514B-437E-9068-23198DF4BF9D}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\riftbreaker_win_release.exe => No File
FirewallRules: [TCP Query User{D216A7F5-EF10-4AAB-B45D-0CF2AD2843D0}D:\games\efootball pes 2021\pes2021.exe] => (Block) D:\games\efootball pes 2021\pes2021.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [UDP Query User{4D664224-C0F1-4DED-9131-807BF49FAE77}D:\games\efootball pes 2021\pes2021.exe] => (Block) D:\games\efootball pes 2021\pes2021.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{0CF8140B-4637-410F-9599-D4577C4E76EA}D:\games\horizon - zero down ce\horizonzerodawn.exe] => (Block) D:\games\horizon - zero down ce\horizonzerodawn.exe => No File
FirewallRules: [UDP Query User{9502DFDF-4DEB-4064-ABD0-BB76B41F48D3}D:\games\horizon - zero down ce\horizonzerodawn.exe] => (Block) D:\games\horizon - zero down ce\horizonzerodawn.exe => No File
FirewallRules: [{00F2C5F0-ED03-4A83-BA72-04F2F5810027}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16423494-7AFB-47FC-8F3B-4CDE17CF8C7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DB4AC38E-D1AA-4AC3-96DD-C9BBB9BB9B76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C994BE5-82C8-4BFF-A3A8-BCA1F4B70BB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3B5A2727-0294-46D8-A3E4-9B701F32C61D}] => (Allow) D:\Steam\steamapps\common\Gears5\GearGame\Binaries\Steam\Gears5_EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{D911566F-6C62-4EF9-8409-9D161A0E82CF}] => (Allow) D:\Steam\steamapps\common\Gears5\GearGame\Binaries\Steam\Gears5_EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0D0F32D2-AF39-4AF7-927B-E254579579C7}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{ADB679DE-9533-4993-B4BB-E8A0258AD9C5}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [TCP Query User{5DF4DA93-AF86-4B8F-BF0B-69043FB94576}D:\games\dyson.sphere.program.early.access\dspgame.exe] => (Block) D:\games\dyson.sphere.program.early.access\dspgame.exe => No File
FirewallRules: [UDP Query User{0E88FBA5-884D-488C-9E97-92228CBE1511}D:\games\dyson.sphere.program.early.access\dspgame.exe] => (Block) D:\games\dyson.sphere.program.early.access\dspgame.exe => No File
FirewallRules: [{11A5E93D-DE0A-4924-BFE6-507F1D242D68}] => (Allow) D:\Steam\steamapps\common\GWENT The Witcher Card Game\Gwent.exe () [File not signed]
FirewallRules: [{5FDB44E0-374C-4119-BE15-C137F87D66A0}] => (Allow) D:\Steam\steamapps\common\GWENT The Witcher Card Game\Gwent.exe () [File not signed]
FirewallRules: [{6CBDB863-E146-4BF3-8AB3-4615847AE4FF}] => (Allow) D:\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [{238B6438-D5C4-4016-A3F7-A76CD074FEC2}] => (Allow) D:\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [TCP Query User{6BEFAB4E-C993-442A-8CFF-7A6D1BBFFE95}D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe] => (Block) D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe => No File
FirewallRules: [UDP Query User{FE9B2D7B-5EFE-45C3-95F1-F39BBE2BDCC7}D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe] => (Block) D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe => No File
FirewallRules: [TCP Query User{058B5ADF-FC22-48E0-906E-09C7916187D5}D:\setup - games\silent sector\silent sector\silentsector.exe] => (Block) D:\setup - games\silent sector\silent sector\silentsector.exe => No File
FirewallRules: [UDP Query User{EDE30C94-6692-4BBE-8A65-3DBC1B1C9D1B}D:\setup - games\silent sector\silent sector\silentsector.exe] => (Block) D:\setup - games\silent sector\silent sector\silentsector.exe => No File
FirewallRules: [{49AC6660-6785-4C26-8467-5482F4B51735}] => (Allow) D:\Steam\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{7A78F66E-2EE3-45E6-953D-E1BEF38AEF6D}] => (Allow) D:\Steam\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{1FD61A33-E35E-48DF-8A37-7219BCD00DDD}] => (Allow) D:\Steam\steamapps\common\Portal Reloaded\portal2.exe () [File not signed]
FirewallRules: [{BEC4B1E1-9C7A-4E54-8E83-CBD075FFA044}] => (Allow) D:\Steam\steamapps\common\Portal Reloaded\portal2.exe () [File not signed]
FirewallRules: [TCP Query User{96200FDD-7EF4-4611-80F3-395B8BDDD009}D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe] => (Block) D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe => No File
FirewallRules: [UDP Query User{C2C04031-10F8-4025-8C38-BAE5025F0792}D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe] => (Block) D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe => No File
FirewallRules: [TCP Query User{28C0AE6B-6185-47AC-B500-AFE9F6A62537}D:\games\newcity\newcity\newcity.exe] => (Block) D:\games\newcity\newcity\newcity.exe () [File not signed]
FirewallRules: [UDP Query User{D35790C5-4F64-4011-A140-959D69860B74}D:\games\newcity\newcity\newcity.exe] => (Block) D:\games\newcity\newcity\newcity.exe () [File not signed]
FirewallRules: [{17F1A6BB-7480-45DF-B441-64309BA687E9}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe (id Software) [File not signed]
FirewallRules: [{2982563B-5131-4208-9C78-7997E17F3AAC}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe (id Software) [File not signed]
FirewallRules: [{7D4DD531-E6B1-4296-A914-654A2D2B0B4C}] => (Allow) LPort=1688
FirewallRules: [{D7F06A42-A187-4F4B-8096-ACF11ECD472D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{33FD585B-CB7D-4D95-8147-ABB05DEEDEF0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{B47F339C-4528-4780-9366-C4C2600F11F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20AC1AF7-B3DB-4463-B4AA-39B32236CA49}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3E88CBC-9BCB-4A4A-909C-8A8BB72C2D00}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{35C96E1A-60AA-4797-A486-593509A1B92C}D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe (The Coalition) [File not signed]
FirewallRules: [UDP Query User{D003ED15-E8A1-48A0-879C-37D0C239556B}D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe (The Coalition) [File not signed]
FirewallRules: [{2EEA6861-73FC-4882-AD03-8826F2AB42C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DD289760-2A5C-42BE-BA6A-3466BAF1CCDC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Restore Points =========================
06-06-2021 13:08:12 Windows Update
09-06-2021 13:28:28 Windows Update
09-06-2021 13:28:40 Windows Update
13-06-2021 14:48:45 Windows Update
19-06-2021 13:03:17 Windows Update
22-06-2021 13:22:32 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
Error: (06/24/2021 11:20:10 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
Error: (06/24/2021 11:20:10 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
Error: (06/24/2021 11:20:10 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
System errors:
=============
Error: (06/24/2021 12:01:30 PM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-2857473633-3109437919-1220025815-391843659-1696795867-5112260-1075828977). This security permission can be modified using the Component Services administrative tool.
Error: (06/24/2021 11:41:50 AM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/24/2021 11:20:14 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
Error: (06/24/2021 11:20:13 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
Error: (06/24/2021 11:10:11 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
Error: (06/24/2021 11:10:10 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
Error: (06/24/2021 10:42:04 AM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/24/2021 07:48:53 AM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Windows Defender:
================
Date: 2021-06-24 12:14:21.029
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Downloads\FRST64.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-24 11:20:14.080
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-24 11:20:06.347
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-24 11:10:10.262
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-24 11:10:03.969
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-21 23:59:56.389
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\AutoPico.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device.
Signature Version: AV: 1.341.1171.0, AS: 1.341.1171.0, NIS: 1.341.1171.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-14 19:02:53.356
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device.
Signature Version: AV: 1.341.726.0, AS: 1.341.726.0, NIS: 1.341.726.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-07 00:00:33.379
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\AutoPico.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device.
Signature Version: AV: 1.341.171.0, AS: 1.341.171.0, NIS: 1.341.171.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-06 13:00:32.484
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device.
Signature Version: AV: 1.341.159.0, AS: 1.341.159.0, NIS: 1.341.159.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
Date: 2021-06-04 18:35:05.097
Description:
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Action: Quarantine
Action Status: No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device.
Signature Version: AV: 1.341.42.0, AS: 1.341.42.0, NIS: 1.341.42.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3803 01/22/2018
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B350-F GAMING
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 44%
Total physical RAM: 16318.75 MB
Available physical RAM: 9103.59 MB
Total Virtual: 18750.75 MB
Available Virtual: 7737.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:231.49 GB) (Free:38.15 GB) NTFS
Drive d: (Tb4) (Fixed) (Total:3725.9 GB) (Free:292.64 GB) NTFS
Drive f: (Ironwolf) (Fixed) (Total:3725.9 GB) (Free:457.16 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:3725.9 GB) (Free:2288.42 GB) NTFS
\\?\Volume{6472e117-a8b8-400a-86b6-31435d1b4166}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{7d61a9ef-91ab-43e1-890f-f9e6935dbad9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{667c27fd-2213-489d-bd35-f67d1408902e}\ () (Fixed) (Total:0.84 GB) (Free:0.47 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 3 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Sign In
Create Account
