Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Potential Infection] Explorer windows keep on opening [Closed]


  • This topic is locked This topic is locked

#1
cybermantas

cybermantas

    New Member

  • Member
  • Pip
  • 5 posts

Hi,

 

The issue started on 20th March 2021, when I opened on a 350 mb video file that I had downloaded, which turned out to be not a .mkv file but a .scr file and launched certain processes. I was immediately able to use task manager to cancel the process. The file had made copies of itself in various locations, but I was able to do a windows search of recent files above a certain size and able to delete all copies of this particular file with the exact same size. 

 

However, since then, the windows explorer window keeps on opening every 5-10 minutes. If my computer is left on overnight, then in the morning there are 50-100 instances of windows explorer. I have not been able to find a "process" in any of the task manager bars which is linked to a .exe file which is created after 20th March and hence may be responsible for this. So essentially, I do not know what is causing this explorer to be opened (perhaps like a scheduled task?)

 

Anyway, here are the logs needed.

 

---------------------------------FRST.txt----------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
Ran by Abhishek (administrator) on RECCANEWPC (24-06-2021 12:13:33)
Running from F:\Downloads
Loaded Profiles: Abhishek
Platform: Windows 10 Pro Version 1709 16299.214 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Code Sector -> Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Discord Inc. -> Discord Inc.) C:\Users\Abhishek\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\125.4.3474\QtWebEngineProcess.exe <3>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google Inc -> ) [File not signed] [File is in use] C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel® INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-05-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RAMDiskForWorkstations] => C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe [4922184 2016-10-02] (SOFTPERFECT PTY. LTD. -> SoftPerfect)
HKLM\...\Run: [Windows32svc] => C:\Windows\Temp\win32sc.exe <==== ATTENTION
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8167200 2021-06-19] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4836032 2017-07-03] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [Discord] => C:\Users\Abhishek\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [EpicGamesLauncher] => D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32894024 2021-02-13] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Abhishek\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-09-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Run: [GoogleChromeAutoLaunch_5B35183588D233BF8332B28DA00A5D9B] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\MountPoints2: {110a92f3-ad70-11e8-a990-88d7f6c73614} - "G:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\MountPoints2: {18d814c6-a02b-11e8-a98e-88d7f6c73614} - "H:\OnePlus_setup.exe" /s
HKLM\...\Print\Monitors\IppMon: C:\Windows\system32\IPPMon.dll [226816 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\terran.exe: [{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb] -> alpha_centauri
HKLM\Software\...\AppCompatFlags\Custom\terranx.exe: [{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb] -> alien_crossfire
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb [2012-11-14]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{fe81cd48-2ed2-4e7d-886c-b65767350095}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb [2012-11-14]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.114\Installer\chrmstp.exe [2021-06-23] (Google LLC -> Google LLC)
Startup: C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-09-09]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Open Source Developer, Birunthan Mohanathas -> Rainmeter)
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09800C35-A5C4-4971-BAF7-66C6F7349EFB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0C69F404-FC5B-43DB-9123-B79D52D91693} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {0D5BDC23-3D33-4A96-A803-CEB68519422B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FB9CF9E-E99D-4BF2-8924-2489BE926E5A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {10AC88C5-8E1E-4BCB-8207-AA4159B65425} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2B1FEFDD-262B-4808-88C8-55BF3C595EBD} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {312199CC-FD8B-4866-9612-5B1A91704225} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118104 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {334C7998-4221-450D-92D8-057B234ED895} - System32\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001 => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupload.exe [31320 2021-05-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3CAB35B7-1B33-4A4D-84FE-F54CF8788823} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3E8337F4-9287-4933-BA2E-2223A0F40007} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-26] (Google Inc -> Google Inc.)
Task: {3F620CBE-C0D3-4C50-9D3E-AB34F5298CDD} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {46D0D251-06EF-446D-AA50-6959B13E593E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {510710C3-60F3-4AC1-9713-ED25305591B4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [471888 2021-03-08] (Microsoft Windows -> Microsoft Corporation)
Task: {53ECF6D0-8578-4E63-9304-BF1B928A24CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118104 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {5A860373-5D20-4285-ACEE-268DC7F9B8FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {5CC8F03E-A993-4C59-9D1A-765D4F487E3D} - \WindowsUpdate -> No File <==== ATTENTION
Task: {5E768443-4ADF-491F-880F-D68621694AA7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [471888 2021-03-08] (Microsoft Windows -> Microsoft Corporation)
Task: {5FF9E686-71FA-4C77-B113-E61E3C0764F9} - System32\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001 => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupdate.exe [31320 2021-05-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6A19F8D4-C473-48E9-A00C-060B076C50A1} - System32\Tasks\SS3Svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3Svc64.exe [794624 2017-04-12] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {6E572112-109A-4AEB-80D7-3EB2A0E85B17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-26] (Google Inc -> Google Inc.)
Task: {8117D700-9F53-4316-94C1-87AC169A6160} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8EBDEA99-3CD2-49B6-8047-3E3FE137B774} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {90F0F33B-B785-49B3-9A03-4EB358BCC825} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {94B5A039-0F88-4856-8DE4-C24F4D440313} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {A356F776-8C4E-4F41-A84C-60DB31E2E479} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A486F0D2-32D2-4F48-8C02-15579A57593F} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1216512 2017-04-12] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {B10942B1-7C7A-4599-AD4C-5E8CF4D2AAE2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {B2873486-983D-48CB-A124-6DA151B4D3FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3953096 2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {B381B4B4-67CB-4399-8A86-B95387696FAF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C0617149-E37A-47B9-A68C-35D2EB8317C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [468616 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C485429B-13D0-4170-9574-76917C0BF87D} - System32\Tasks\Firefox Default Browser Agent DF72D75C999415D6 => C:\Users\Abhishek\AppData\Roaming\iiagbru [3485392 2018-01-01] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
Task: {C7D6A2C9-5FBC-4806-BEBE-9192932A85E8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CAB9CC3E-286D-4EDC-9308-1F8269D77E87} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {CE00F1F0-4A28-4C92-B545-F1207F531E4F} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D39F9F7C-A8BF-4359-970E-140DE7890377} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {D40B446C-3541-4F98-86C4-B156FB25AD4A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {EF91CCCC-9C0E-405E-B74C-BFADDAED302F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3953096 2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001.job => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001.job => C:\Users\Abhishek\AppData\Local\GoToMeeting\19709\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 1.1.1.1 coin-hive.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2a80d19b-769f-48ae-90f6-1ee6054faf73}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2a80d19b-769f-48ae-90f6-1ee6054faf73}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{42624213-a3a1-4b1a-93a7-f40566b26a6a}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{c7331699-fd02-4ce3-bd67-bbc7385ba290}: [DhcpNameServer] 192.168.42.129
 
Edge: 
=======
DownloadDir: F:\Downloads
Edge Notifications: HKU\S-1-5-21-1421928017-2934188180-441290238-1001 -> hxxps://www.facebook.com
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default [2021-06-24]
CHR Notifications: Default -> hxxps://boardgamearena.com; hxxps://dineout.lightning.force.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-26]
CHR Extension: (Pushbullet) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-24]
CHR Extension: (Tabs Outliner) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2021-04-08]
CHR Extension: (Sheets) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (What To Watch) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbodlmbchgeoifgoblfdagllijdhmae [2021-02-05]
CHR Extension: (Black metallic theme) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbhhihkiaeeioepkklgfpdohnemkjcoi [2018-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-17]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-24]
CHR Extension: (Cisco Webex Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-06-11]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2019-11-25]
CHR Extension: (LinkedIn Extension) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajfmicibjppdgbjfkpdikfjcflabpk [2021-02-05]
CHR Extension: (Save to Pocket) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2020-11-13]
CHR Extension: (Google Meet Volume Control) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbnlgonoekhmldnihfdpakhhjhmdkbd [2021-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (The Marvellous Suspender) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\noogafoofpebimajpfpamcfhoaifemoa [2021-04-03]
CHR Extension: (TV Show Tracker) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeeaimdpifhphdgoflgeddbigpgmnnjn [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-06]
CHR Profile: C:\Users\Abhishek\AppData\Local\Google\Chrome\User Data\System Profile [2021-03-21]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] (ASUSTeK Computer Inc. -> )
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-23] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-26] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-06-19] (Dropbox, Inc -> Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-07-03] (Disc Soft Ltd -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-12-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-21] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2509616 2020-06-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3460912 2020-06-18] (Electronic Arts, Inc. -> Electronic Arts)
R2 RealtekCU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector -> Code Sector)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-11] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2016-11-18] (ASUSTeK Computer Inc. -> )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-10-15] (Disc Soft Ltd -> Disc Soft Ltd)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-07] (Malwarebytes Inc -> Malwarebytes)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-30] (SOKNO S.R.L. -> Almico Software)
R1 SPVDPort; C:\WINDOWS\System32\drivers\spvdbus.sys [99768 2016-10-02] (SOFTPERFECT PTY. LTD. -> )
R2 SPVVEngine; C:\Windows\system32\Drivers\spvve.sys [248760 2016-10-02] (SOFTPERFECT PTY. LTD. -> )
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-29] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Windows -> Microsoft Corporation)
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-24 07:57 - 2021-06-24 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-06-21 23:59 - 2021-06-21 23:59 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2021-06-21 23:59 - 2021-06-21 23:59 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2021-06-21 13:23 - 2021-06-21 14:01 - 000000000 ___HD C:\$WINDOWS.~BT
2021-06-21 12:53 - 2021-06-21 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect Legendary Edition
2021-06-19 19:25 - 2021-06-19 19:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-06-19 19:25 - 2021-06-19 19:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-06-19 19:25 - 2021-06-19 19:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-06-19 19:25 - 2021-06-19 19:25 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-06-18 07:51 - 2021-06-18 07:51 - 000000000 ____D C:\Users\Abhishek\AppData\LocalLow\Free Lives
2021-06-08 08:14 - 2021-06-08 08:14 - 000000000 ____D C:\Users\Abhishek\AppData\LocalLow\Beetlewing
2021-06-06 10:32 - 2021-06-06 12:00 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Gears5
2021-06-06 10:31 - 2021-06-06 10:31 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-05-27 11:45 - 2021-05-27 11:45 - 000067948 __RSH C:\ProgramData\ntuser.pol
2021-05-27 11:44 - 2021-05-27 12:41 - 000000000 ____D C:\ProgramData\TEMP
2021-05-27 11:44 - 2021-05-27 12:41 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2021-05-27 11:44 - 2021-05-27 11:44 - 000001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster.lnk
2021-05-26 04:13 - 2021-06-07 04:12 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-06-24 12:13 - 2021-03-21 17:15 - 000000000 ____D C:\FRST
2021-06-24 12:04 - 2017-08-26 14:05 - 000000000 ____D C:\Program Files (x86)\Steam
2021-06-24 12:01 - 2017-12-01 06:20 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Packages
2021-06-24 11:51 - 2017-08-26 18:35 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\TeraCopy
2021-06-24 11:49 - 2017-09-27 22:57 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\discord
2021-06-24 11:49 - 2017-09-27 22:57 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Discord
2021-06-24 10:04 - 2019-12-19 23:35 - 000000000 ____D C:\Program Files\CCleaner
2021-06-24 09:01 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2021-06-24 07:57 - 2017-08-26 14:49 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-06-24 07:50 - 2017-09-06 23:59 - 000000000 ____D C:\ProgramData\NVIDIA
2021-06-24 07:49 - 2017-12-01 06:23 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-06-24 07:49 - 2017-12-01 06:23 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-06-24 07:49 - 2017-08-26 14:49 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-06-24 07:49 - 2017-08-26 14:49 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-06-23 22:03 - 2017-12-01 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-23 15:19 - 2017-09-29 19:07 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-23 14:16 - 2018-03-12 22:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-23 14:16 - 2017-09-29 19:14 - 000000000 ____D C:\WINDOWS\INF
2021-06-23 03:25 - 2017-08-26 12:13 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-23 00:46 - 2018-02-01 08:38 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-06-22 09:26 - 2017-08-30 16:27 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\BitTorrent
2021-06-22 03:14 - 2017-08-26 15:22 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\vlc
2021-06-22 01:18 - 2021-02-13 08:56 - 000000000 ____D C:\Users\Abhishek\AppData\Local\BitTorrentHelper
2021-06-21 14:01 - 2018-09-08 22:30 - 000000000 ___HD C:\$GetCurrent
2021-06-21 14:01 - 2017-12-01 06:23 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2021-06-21 14:01 - 2017-12-01 06:23 - 000001908 _____ C:\WINDOWS\diagerr.xml
2021-06-21 14:01 - 2017-08-25 19:58 - 000000000 ____D C:\Users\Abhishek\AppData\Local\CrashDumps
2021-06-21 14:00 - 2017-11-30 05:30 - 000000000 ___DC C:\WINDOWS\Panther
2021-06-21 13:59 - 2017-09-29 14:15 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-06-21 13:56 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\registration
2021-06-21 13:23 - 2018-09-08 23:34 - 000000036 _____ C:\WINDOWS\progress.ini
2021-06-21 13:19 - 2018-09-08 22:30 - 000000000 ____D C:\Windows10Upgrade
2021-06-19 14:26 - 2019-07-14 10:30 - 000000000 ____D C:\Users\Abhishek\AppData\Local\Ubisoft Game Launcher
2021-06-18 10:04 - 2019-12-19 23:35 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-18 07:36 - 2017-09-29 19:16 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-18 07:36 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-17 23:36 - 2017-12-01 06:23 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421928017-2934188180-441290238-1001
2021-06-17 23:36 - 2017-08-25 19:24 - 000002372 _____ C:\Users\Abhishek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-17 23:36 - 2017-08-25 19:24 - 000000000 ___RD C:\Users\Abhishek\OneDrive
2021-06-09 13:34 - 2017-08-27 11:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 13:28 - 2017-08-27 11:37 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-06 13:05 - 2017-12-01 06:26 - 007458846 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-06 12:59 - 2021-03-23 09:56 - 000000674 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001.job
2021-06-06 12:59 - 2021-03-23 09:56 - 000000578 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001.job
2021-06-06 12:59 - 2017-12-01 06:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-06 12:58 - 2017-09-29 14:15 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-03 21:02 - 2021-03-16 17:56 - 000000000 ____D C:\Users\Abhishek\AppData\Roaming\r2modman
2021-05-29 17:49 - 2021-03-23 09:56 - 000003838 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1421928017-2934188180-441290238-1001
2021-05-29 17:49 - 2021-03-23 09:56 - 000003742 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1421928017-2934188180-441290238-1001
2021-05-29 17:49 - 2021-03-23 09:56 - 000000000 ____D C:\Users\Abhishek\AppData\Local\GoToMeeting
2021-05-28 23:07 - 2017-12-01 06:20 - 000000000 ____D C:\Users\Abhishek
2021-05-27 11:45 - 2015-10-30 12:54 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-05-27 11:44 - 2017-09-29 19:16 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
 
==================== Files in the root of some directories ========
 
2020-03-15 17:02 - 2020-03-15 17:02 - 000000000 _____ () C:\Users\Abhishek\AppData\Roaming\avoriontestfile
2018-01-08 01:03 - 2018-01-01 18:17 - 003485392 ___SH (Microsoft Corporation) C:\Users\Abhishek\AppData\Roaming\iiagbru
2019-05-20 01:16 - 2019-05-20 06:10 - 006503253 _____ () C:\Users\Abhishek\AppData\Roaming\resume (2).dat
2017-08-30 16:37 - 2019-05-20 01:14 - 005895987 _____ () C:\Users\Abhishek\AppData\Roaming\resume.dat
2021-03-20 16:04 - 2021-03-20 15:58 - 336592896 ___SH (System) C:\Users\Abhishek\AppData\Roaming\svchost.exe
2018-01-08 01:03 - 2018-01-01 18:17 - 000248375 ___SH () C:\Users\Abhishek\AppData\Roaming\uwhcuhf
2017-08-26 13:49 - 2020-07-14 11:21 - 000007606 _____ () C:\Users\Abhishek\AppData\Local\resmon.resmoncfg
2018-05-24 09:10 - 2018-05-24 09:10 - 000038737 _____ () C:\Users\Abhishek\AppData\Local\TempD05BDB8684C2E702C896BFDE31CA5F86_S_Stat_qwshrojc.zip
2019-10-31 20:56 - 2019-10-31 20:56 - 000000000 _____ () C:\Users\Abhishek\AppData\Local\{7B8BDD85-8C04-4B1D-B01F-86EEDDD8822D}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-06-22 20:39
==================== End of FRST.txt ========================
 
 
 
----------------------------------------------------------------------Addition.txt----------------------------------------------
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2021
Ran by Abhishek (24-06-2021 12:14:34)
Running from F:\Downloads
Windows 10 Pro Version 1709 16299.214 (X64) (2017-12-01 00:54:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Abhishek (S-1-5-21-1421928017-2934188180-441290238-1001 - Administrator - Enabled) => C:\Users\Abhishek
Administrator (S-1-5-21-1421928017-2934188180-441290238-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1421928017-2934188180-441290238-503 - Limited - Disabled)
Guest (S-1-5-21-1421928017-2934188180-441290238-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1421928017-2934188180-441290238-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Age of Wonders Planetfall Revelations (HKLM-x32\...\Age of Wonders Planetfall Revelations_is1) (Version:  - )
alien_crossfire (HKLM\...\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb) (Version:  - )
alpha_centauri (HKLM\...\{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb) (Version:  - )
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Ancestors: Humankind Odyssey (HKLM-x32\...\Ancestors: Humankind Odyssey_is1) (Version:  - )
Asus Sonic Radar 3 (HKLM-x32\...\{bc91cf0f-54ed-4f0d-8500-91f971851819}) (Version: 3.3.2.41474 - ASUSTeKcomputer.Inc)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
Battle Brothers Warriors of the North (HKLM-x32\...\Battle Brothers Warriors of the North_is1) (Version:  - )
Battlefleet Gothic Armada II (HKLM-x32\...\Battlefleet Gothic Armada II_is1) (Version:  - )
BitTorrent (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\BitTorrent) (Version: 7.10.5.45312 - BitTorrent Inc.)
Black Mesa (HKLM-x32\...\Black Mesa_is1) (Version:  - )
Capitalism 2 (HKLM-x32\...\Capitalism 2_is1) (Version:  - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Children Of Morta (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Children Of Morta) (Version:  - HOODLUM)
Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version:  - )
CPUID HWMonitor 1.41 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.41 - CPUID, Inc.)
CPUID ROG CPU-Z 1.82.2 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.82.2 - CPUID, Inc.)
Crusader Kings 3 (HKLM-x32\...\Crusader Kings 3_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd)
D-Fend Reloaded 1.4.4 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
Discord (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 125.4.3474 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Dungeon Defenders: Awakened (HKLM-x32\...\Dungeon Defenders: Awakened_is1) (Version:  - )
eFootball PES 2021 (HKLM-x32\...\eFootball PES 2021_is1) (Version: 0.0.0 - DODI-Repacks)
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Evolution The Video Game (HKLM-x32\...\Evolution The Video Game_is1) (Version:  - )
Fantasy General II: Invasion (HKLM-x32\...\Fantasy General II: Invasion_is1) (Version:  - )
Five Nations (HKLM-x32\...\DOGE_Five_Nations) (Version:  - )
Forged of Blood (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Forged of Blood) (Version:  - HOODLUM)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.3.0.10826 - Foxit Software Inc.)
Geeks3D FurMark 1.20.8.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.114 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoToMeeting 10.16.1.19709 (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\GoToMeeting) (Version: 10.16.1.19709 - LogMeIn, Inc.)
GreedFall (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\GreedFall) (Version:  - HOODLUM)
Heroes of Might and Magic III HD Edition (HKLM-x32\...\SGVyb2Vzb2ZNaWdodGFuZE1hZ2ljSUlJSERFZGl0aW9u_is1) (Version: 1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Imperiums Greek Wars (HKLM-x32\...\Imperiums Greek Wars_is1) (Version:  - )
Intel® Network Connections 22.4.16.0 (HKLM\...\PROSetDX) (Version: 22.4.16.0 - Intel)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
K-Lite Codec Pack 13.4.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.4.5 - KLCP)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LOOT version 0.11.0 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.11.0 - LOOT Team)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Mass Effect Legendary Edition (HKLM-x32\...\Mass Effect Legendary Edition_is1) (Version: 0.0.0 - DODI-Repacks)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14026.20308 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.8 (x86) (HKLM-x32\...\{3ab9e9b0-debb-4a16-b9cf-d213cf129873}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might and Magic VIII: Day of the Destroyer (HKLM-x32\...\Might and Magic VIII: Day of the Destroyer_is1) (Version:  - GOG.com)
Mordheim: City of the Damned (HKLM-x32\...\Mordheim: City of the Damned_is1) (Version:  - )
NBA 2K20 (HKLM-x32\...\NBA 2K20_is1) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20280 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12325.20288 - Microsoft Corporation) Hidden
Offworld Trading Company Conspicuous Consumption (HKLM-x32\...\Offworld Trading Company Conspicuous Consumption_is1) (Version:  - )
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.74.41754 - Electronic Arts, Inc.)
Outer Wilds (HKLM-x32\...\Outer Wilds_is1) (Version:  - )
Pathfinder Kingmaker (HKLM-x32\...\Pathfinder Kingmaker_is1) (Version:  - )
Persona 4 Golden (HKLM-x32\...\Persona 4 Golden_is1) (Version: 0.0.0 - DODI-Repacks)
ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.3.201 - ASUSTeKcomputer.Inc) Hidden
r2modman 3.1.14 (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.14 - ebkr)
Railroad Tycoon 3 (HKLM-x32\...\1445251062_is1) (Version: 2.0.0.6 - GOG.com)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 beta r2858 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8158 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Scythe Digital Edition (HKLM\...\SKIDROW - Scythe Digital Edition) (Version:  - SKIDROW)
Shadow Empire (HKLM\...\SKIDROW - Shadow Empire) (Version:  - SKIDROW)
Sid Meier's Alpha Centauri (HKLM-x32\...\GOGPACKSIDMEIERSALPHACENTAURI_is1) (Version: 2.0.0.19 - GOG.com)
Sid Meiers Civilization VI Gathering Storm (HKLM-x32\...\Sid Meiers Civilization VI Gathering Storm_is1) (Version:  - )
SimCity (HKLM-x32\...\SimCity_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Slipways (HKLM-x32\...\Slipways) (Version:  - SKIDROW)
SoftPerfect RAM Disk version 3.4.8 (HKLM\...\{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1) (Version: 3.4.8 - SoftPerfect)
SonicRadar3Setup (HKLM\...\{ABE86884-854B-4F6C-8B63-BCC0BFFAE372}) (Version: 3.3.2.41474 - ASUSTeKcomputer.Inc) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
Starsector by Fractal Softworks LLC (HKLM-x32\...\Starsector) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
Thronebreaker The Witcher Tales (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\Thronebreaker The Witcher Tales) (Version:  - HOODLUM)
TIS-100 (HKLM-x32\...\1436869408_is1) (Version: 11.27.2017 - GOG.com)
Total War: Warhammer 2 (HKLM-x32\...\Total War: Warhammer 2_is1) (Version:  - )
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F9B2D86A-2BB4-4373-8298-6D1D0BEBBF7B}) (Version: 2.71.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.1.4 - Black Tree Gaming Ltd.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Wasteland 3 (HKLM-x32\...\Wasteland 3_is1) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 307.2016.1230.2300 - Wrye & Wrye Bash Development Team)
X4 Foundations Split Vendetta (HKLM-x32\...\X4 Foundations Split Vendetta_is1) (Version:  - )
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)
XCOM: Chimera Squad (HKLM-x32\...\XCOM: Chimera Squad_is1) (Version:  - )
Zip Motion Block Video codec (Remove Only) (HKLM\...\ZMBV) (Version:  - DOSBox Team)
Zoom (HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Abhishek\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421928017-2934188180-441290238-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => F:\Documents\Dropbox [2017-11-17 17:55]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll -> No File
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google Inc -> Google)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google Inc -> Google)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-12] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2018-09-26] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TERACO~2.DLL [2016-12-07] (Code Sector -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.ZMBV] => C:\Windows\SysWOW64\zmbv.dll [94208 2010-04-10] () [File not signed]
HKLM\...\Drivers32: [vidc.zmbv] => C:\Windows\SysWOW64\zmbv.dll [94208 2010-04-10] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-03-25 01:29 - 2012-08-08 21:56 - 000863232 _____ ( Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\P2PLib.dll
2017-08-25 19:43 - 2015-05-08 11:56 - 000104448 ____R () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2020-03-25 01:29 - 2012-11-06 09:47 - 000114688 _____ () [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\EnumDevLib.dll
2017-08-26 14:08 - 2017-03-14 15:51 - 001714688 _____ () [File not signed] C:\Program Files\TeraCopy\TeraCopy64.dll
2017-08-25 19:43 - 2021-06-06 12:59 - 000036136 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2017-08-26 14:05 - 2016-10-04 20:21 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-04-24 14:30 - 2017-04-24 14:30 - 000349696 _____ (Intel® Corporation) [File not signed] C:\Windows\system32\NCS2Setp.dll
2019-12-19 23:39 - 2019-12-19 23:39 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Client\AppVIsvSubsystems32.dll
2020-04-19 06:03 - 2020-04-19 06:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 06:03 - 2020-04-19 06:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
2020-03-25 01:29 - 2012-11-06 14:31 - 000623616 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlLib.dll
2020-03-25 01:29 - 2012-09-13 09:25 - 000200704 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\IpLib.dll
2020-03-25 01:29 - 2012-05-07 14:23 - 000040960 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlICS.dll
2020-03-25 01:29 - 2012-10-12 10:25 - 000266240 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlIhvOid.dll
2020-03-25 01:29 - 2012-06-22 16:01 - 000044544 _____ (Realtek) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlQRCode.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-03-25 01:29 - 2009-07-23 17:32 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\LIBEAY32.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-06-19 19:58 - 2020-06-19 19:58 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Abhishek\AppData\Local\Temp:$DATA​ [34]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.in/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-1421928017-2934188180-441290238-1001 -> {FFA4C493-D04D-4EF6-841C-2E31CD9580F6} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-26] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-23 09:04 - 2017-09-23 09:04 - 000000847 _____ C:\WINDOWS\system32\drivers\etc\hosts
1.1.1.1 coin-hive.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\dotnet\;C:\Program Files\dotnet\;C:\Android
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abhishek\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "RAMDiskForWorkstations"
HKLM\...\StartupApproved\Run: => "Windows32svc"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1421928017-2934188180-441290238-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{79EC96ED-012A-4F81-983D-8ED9C2B84F72}] => (Allow) D:\Steam\steamapps\common\Endless Legend\EndlessLegend.exe () [File not signed]
FirewallRules: [{5863F38E-FEAC-47E3-A1FE-8CE941E6531A}] => (Allow) D:\Steam\steamapps\common\Endless Legend\EndlessLegend.exe () [File not signed]
FirewallRules: [{37F6DF46-B949-4625-8AD8-AE843C776D9D}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{0F0128C1-0915-41A4-87BF-BA12236F8AC5}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{5E2FC7BB-60B9-457C-9652-864CEFB3AD4D}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{382FDD5B-19B0-4BE5-B2D0-A78D2022174B}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [UDP Query User{A373394E-1DD7-42A8-8B82-C2DD600BBE1E}D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe] => (Block) D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe
FirewallRules: [TCP Query User{178B800C-E9BA-4A5B-A327-67B6D2A8EA23}D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe] => (Block) D:\setup - games\mule_windows_1.3.6-win7-8-10\mule\data\lib\jre\bin\java.exe
FirewallRules: [UDP Query User{B8D8470B-9A9F-4337-AA0D-AEC4FB618072}D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe] => (Block) D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe => No File
FirewallRules: [TCP Query User{075BFF6E-04A3-414E-A432-5EA4E6E7EF9F}D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe] => (Block) D:\setup - games\computer.tycoon\computer tycoon\computertycoon.exe => No File
FirewallRules: [UDP Query User{73F59D41-B1BA-46E5-8C19-22D6B848C7C1}D:\games\battle chasers nightwar\bc.exe] => (Block) D:\games\battle chasers nightwar\bc.exe => No File
FirewallRules: [TCP Query User{D16EBF66-B69B-4FF7-835A-49C258B4FADB}D:\games\battle chasers nightwar\bc.exe] => (Block) D:\games\battle chasers nightwar\bc.exe => No File
FirewallRules: [{CD4660DC-8070-4202-98B5-5C8A8DAD522C}] => (Allow) D:\Steam\steamapps\common\ADOM\adom.exe () [File not signed]
FirewallRules: [{3BCFB857-7ED9-4549-AEDB-E277D0F57070}] => (Allow) D:\Steam\steamapps\common\ADOM\adom.exe () [File not signed]
FirewallRules: [UDP Query User{D2F6AA19-E169-47C4-A9EC-EB2377CAB0C0}D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Block) D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe => No File
FirewallRules: [TCP Query User{80307D5A-E192-4806-A4FF-B02CEE36067F}D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe] => (Block) D:\games\dawn.of.war.iii.v4.0.0.16278\relicdow3.exe => No File
FirewallRules: [UDP Query User{5F536DB4-BE09-4F72-B105-17207A6EC527}D:\games\total war - warhammer ii\warhammer2.exe] => (Block) D:\games\total war - warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{64E8BCC6-AF8D-44CA-906C-1D451E26846F}D:\games\total war - warhammer ii\warhammer2.exe] => (Block) D:\games\total war - warhammer ii\warhammer2.exe => No File
FirewallRules: [{7FDF8558-AAA5-4704-8737-322B6E96A14C}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [{1496E2DB-49A1-42CF-AF0F-940B7A824164}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3Launcher.exe () [File not signed]
FirewallRules: [UDP Query User{82A01D71-8556-4B1D-8E27-7FE43695683F}D:\setup - games\simairport.v24.08.2017\simairport.exe] => (Block) D:\setup - games\simairport.v24.08.2017\simairport.exe => No File
FirewallRules: [TCP Query User{2D9530DF-79C3-4088-AAF9-68F0F13CF6EC}D:\setup - games\simairport.v24.08.2017\simairport.exe] => (Block) D:\setup - games\simairport.v24.08.2017\simairport.exe => No File
FirewallRules: [{F5ECE79C-4DD7-43F2-9FC0-887FF7FAA20D}] => (Allow) D:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{AE67ED16-C916-4350-869E-2CCB3D929BB9}] => (Allow) D:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [UDP Query User{D9D82CA2-4A6F-4781-8598-C0FAE0A05C53}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{AB4DCC7A-4806-40B2-BF16-FB077C7478E0}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{F837EE46-C1D2-4A0E-A532-8EBF19AA3777}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{3D04B226-F9B6-484C-9046-7D32FEDCFCC8}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{8CA4D03D-1DAC-47E5-AE9C-FB93E09424F1}] => (Allow) D:\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{B509131D-2FB6-47BE-8275-8986C86B3F93}] => (Allow) D:\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe (Larian Studios -> Larian Studios)
FirewallRules: [{5133ED78-D245-49CA-87BF-8755806521EC}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{488E8780-6429-4465-BCE3-AF15A4E4DCA5}] => (Allow) D:\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{57D51FB2-CFDB-4C45-AF78-3E5D6A90677F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A2B5B780-14A1-4A7B-A444-6108A63CDA65}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{226D7B7C-0D8C-4A98-ADF5-A9425BA14E24}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{A5FCC1D2-1C2E-4FEA-B552-E0E6992D5A42}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{705EF4C5-6DB7-4AB3-881C-1485DEBB5FDD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E1645E22-CFD0-428C-9BAF-329F6FF02410}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6604A336-7DE0-419B-9D6E-87EBFF190C8F}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [{3B2856A4-93DD-49E4-9172-2DB0451E8185}] => (Allow) D:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe => No File
FirewallRules: [TCP Query User{3B23A17E-538F-41CF-8A29-0DB33768574C}D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{8966BBF1-F8D4-4441-AE48-FB478F1594B0}D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe => No File
FirewallRules: [{A4148DFC-21AA-4362-A453-CDF05A48435B}] => (Allow) C:\Users\Abhishek\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{8C64E1C1-DA06-4A9D-BBF1-AC0460193BB5}] => (Allow) C:\Users\Abhishek\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{59A3ED68-1FC7-4A75-A98D-8E9A0F64EA58}D:\games\nba 2k17\nba2k17.exe] => (Block) D:\games\nba 2k17\nba2k17.exe => No File
FirewallRules: [UDP Query User{15FD33CB-450C-4F99-BBBC-4AC6C85A4ED7}D:\games\nba 2k17\nba2k17.exe] => (Block) D:\games\nba 2k17\nba2k17.exe => No File
FirewallRules: [{447652D9-6D4D-4D7C-A790-067996483559}] => (Allow) D:\Steam\steamapps\common\Space Rangers HD A War Apart\Rangers.exe (СНК-Games) [File not signed]
FirewallRules: [{9525F7F7-ABC8-4BDD-8698-46F90DB7E8B1}] => (Allow) D:\Steam\steamapps\common\Space Rangers HD A War Apart\Rangers.exe (СНК-Games) [File not signed]
FirewallRules: [{09DD6DA5-42E2-4535-BA97-D641937CCF70}] => (Allow) D:\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{C553D6E6-219B-4342-B06B-97424C4D7BBC}] => (Allow) D:\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{32556F13-E5CC-4C4F-B4B9-4BD6A783C218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{DD71EB9A-CE04-4402-8EA9-6ECE776A5BD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{1188083F-BD41-4944-9FC4-D5517A3DABBD}] => (Allow) D:\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{2F54F034-3F50-4881-8872-B707C8A7BF7A}] => (Allow) D:\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{193CE41F-1ECB-4E4C-A596-D3A8BDE5C3B2}] => (Allow) D:\Steam\steamapps\common\Distant Worlds Universe\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{C1FE5532-87F2-434E-B58B-EBA6DEBF7052}] => (Allow) D:\Steam\steamapps\common\Distant Worlds Universe\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{702BD9AC-E5E7-4F84-9644-A0D65A99763C}] => (Allow) D:\Steam\steamapps\common\Polaris Sector\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{A098BDBE-13CF-4A65-AD5A-A7C18610C5AE}] => (Allow) D:\Steam\steamapps\common\Polaris Sector\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [TCP Query User{E4771EE1-C6DF-4AF1-AE9C-2DC47983D58E}D:\games\into.the.breach.v1.0.14\breach.exe] => (Block) D:\games\into.the.breach.v1.0.14\breach.exe => No File
FirewallRules: [UDP Query User{FE1599CE-3CC2-462B-A95F-9BE2017DC174}D:\games\into.the.breach.v1.0.14\breach.exe] => (Block) D:\games\into.the.breach.v1.0.14\breach.exe => No File
FirewallRules: [TCP Query User{1BE7B85F-D0DF-4ACF-A97E-1281EFC9A37B}D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Block) D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe => No File
FirewallRules: [UDP Query User{8E7813D9-C896-4F2D-93A0-3A49456D9E3B}D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe] => (Block) D:\games\deep rock galactic\fsd\binaries\win64\fsd-win64-shipping.exe => No File
FirewallRules: [{4CE15FEF-7C16-47E9-A1EA-AF386D62E3BC}] => (Allow) D:\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{DFD983EA-852C-4E3A-BB36-772FEE679A8C}] => (Allow) D:\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{67EFA13A-FDF4-4151-B012-1B53A32E9DA6}] => (Allow) D:\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{5E3D08C6-E43F-48D6-B350-7DDA9A615FD5}] => (Allow) D:\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{4AADC265-6FEF-43E5-B4A7-7F4C87B283B3}] => (Allow) D:\Steam\steamapps\common\Through the Ages\ThroughTheAges_steam.exe (Marmalade Technologies Ltd) [File not signed]
FirewallRules: [{45D1B4B9-9B3A-44D6-88BA-82E874A28B85}] => (Allow) D:\Steam\steamapps\common\Through the Ages\ThroughTheAges_steam.exe (Marmalade Technologies Ltd) [File not signed]
FirewallRules: [{9400EDAE-5D72-459F-AC8D-B4A2868F3705}] => (Allow) D:\Steam\steamapps\common\Imperium Galactica II\ig2.exe () [File not signed]
FirewallRules: [{8A47577F-7E1D-487E-88CD-C36873D804C9}] => (Allow) D:\Steam\steamapps\common\Imperium Galactica II\ig2.exe () [File not signed]
FirewallRules: [{9A208074-51DC-48B7-8C00-3C5364A4E1C2}] => (Allow) D:\Steam\steamapps\common\Sword of the Stars Complete Collection\Sword of the Stars.exe () [File not signed]
FirewallRules: [{8F857C18-733F-46B6-AB55-2D940DA4D64B}] => (Allow) D:\Steam\steamapps\common\Sword of the Stars Complete Collection\Sword of the Stars.exe () [File not signed]
FirewallRules: [{2025F774-8470-4F2D-9806-235C2261A57F}] => (Allow) D:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{59886284-37DA-4CDF-912E-61D9D57A03F0}] => (Allow) D:\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{A6DA829A-F67D-4AD2-8698-2BDCCF566C7C}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{945A4866-8B19-42B8-8999-DE969BC395FD}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe => No File
FirewallRules: [{A17BD1A9-B110-44C7-93E8-0F4CACE19AC2}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F7DD312A-A41C-4902-B44A-62AF1BD28BD4}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe => No File
FirewallRules: [{F6ABCC32-1868-4D68-9632-7AA9998E49DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{55F677B5-E23D-4B72-9DC0-F8E7D8FDC7B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Tactics\game64.exe () [File not signed]
FirewallRules: [{7FE5E87F-DB06-4B38-8F38-11EC56C49A09}] => (Allow) D:\Games\Simcity 2014\SimCity 2013 Offline\SimCity\SimCity.exe => No File
FirewallRules: [{09944962-55E2-43FF-8F1C-28EED29BF66B}] => (Allow) D:\Games\Simcity 2014\SimCity 2013 Offline\SimCity\SimCity.exe => No File
FirewallRules: [TCP Query User{6D74C7EE-DA36-4BA0-8A5B-68D43C154843}D:\games\simcity\simcity\simcity.exe] => (Block) D:\games\simcity\simcity\simcity.exe (Electronic Arts -> Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{96E148F5-95EF-44F2-AF98-DACFDDD7335A}D:\games\simcity\simcity\simcity.exe] => (Block) D:\games\simcity\simcity\simcity.exe (Electronic Arts -> Electronic Arts Inc.) [File not signed]
FirewallRules: [{7DCF4C2E-E4A6-4CC0-96AD-A93D349BC3A9}] => (Allow) D:\Steam\steamapps\common\RiseOfIndustry\Rise of Industry.exe => No File
FirewallRules: [{133159F0-94C4-4BF6-ABAE-A276122FE413}] => (Allow) D:\Steam\steamapps\common\RiseOfIndustry\Rise of Industry.exe => No File
FirewallRules: [TCP Query User{71E9F5FB-551B-4E4B-8C01-29F6898E3CFE}D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe] => (Block) D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe => No File
FirewallRules: [UDP Query User{F13A773E-5C76-46A3-B4DD-8E90A0667762}D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe] => (Block) D:\setup - games\star.trader.frontiers.v2.3.37\startradersfrontiers.exe => No File
FirewallRules: [{87EE613F-DA6A-422B-BDBB-17069D0DA98D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A28118F1-CB0E-4896-97AC-047848B1B292}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{A3E7CC02-258A-4DFB-89EF-13E65F9458C3}D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{FE746B19-5743-4B9F-BDBD-A82FF7F0356E}D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\classic\eocapp.exe (Larian Studios -> )
FirewallRules: [{A4F43B43-13A3-4D6D-9D0D-96053A8ED44F}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{8CD26623-89F4-4D30-9265-B2D31E8430EA}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3.exe () [File not signed]
FirewallRules: [{CEF0F762-B20F-494B-B149-8EE87894D5FC}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{CEDBF4B6-F73D-4A40-A0D7-FD4B820C20B9}] => (Allow) D:\Steam\steamapps\common\AoW3\AoW3_Debug.exe () [File not signed]
FirewallRules: [{2CD73B44-CC4D-4C5A-AE11-891F406DF331}] => (Allow) D:\Steam\steamapps\common\Drox Operative\DroxOperative.exe () [File not signed]
FirewallRules: [{F2060FA0-45EF-42D6-AABD-C947FAF60342}] => (Allow) D:\Steam\steamapps\common\Drox Operative\DroxOperative.exe () [File not signed]
FirewallRules: [TCP Query User{04DEB26F-757F-411C-AB3D-6DF4AB70874F}D:\games\pathfinder kingmaker\kingmaker.exe] => (Block) D:\games\pathfinder kingmaker\kingmaker.exe => No File
FirewallRules: [UDP Query User{D7D31DBF-DC98-4E5E-9CCB-17FB5223324B}D:\games\pathfinder kingmaker\kingmaker.exe] => (Block) D:\games\pathfinder kingmaker\kingmaker.exe => No File
FirewallRules: [{C2D69F0D-6C33-4E5D-8FA8-6907DBD9827F}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe => No File
FirewallRules: [{9212A2AF-357C-4DB5-8F2F-33B3432B6439}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe => No File
FirewallRules: [TCP Query User{C7FF33B2-5E74-42EC-8FC6-58264FB9CB30}D:\setup - games\simairport.v29.10.2018\simairport.exe] => (Block) D:\setup - games\simairport.v29.10.2018\simairport.exe => No File
FirewallRules: [UDP Query User{4A925AE9-DAF7-4AAC-9DF9-1DCB3F548108}D:\setup - games\simairport.v29.10.2018\simairport.exe] => (Block) D:\setup - games\simairport.v29.10.2018\simairport.exe => No File
FirewallRules: [{E7176B6E-1F51-4A48-BA50-AB47365C1D7D}] => (Allow) D:\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{E4EFF4C6-125C-4B4A-9710-0548ADF378FD}] => (Allow) D:\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{4A1616AC-95A6-4422-9233-F700B5BE5DD0}] => (Allow) D:\Steam\steamapps\common\The Colonists\TheColonists.exe () [File not signed]
FirewallRules: [{D337FB6E-7B7E-4599-A85A-45E40534C4D8}] => (Allow) D:\Steam\steamapps\common\The Colonists\TheColonists.exe () [File not signed]
FirewallRules: [{4B81E6B1-2809-43EF-BAE4-1FD599EC9E82}] => (Allow) D:\Steam\steamapps\common\AI War 2\AIWar2.exe () [File not signed]
FirewallRules: [{91253159-B12D-4E0C-80B2-DBEB2B75EA8C}] => (Allow) D:\Steam\steamapps\common\AI War 2\AIWar2.exe () [File not signed]
FirewallRules: [{D46E4AFD-1AC4-415E-83AF-C276B04D4DB7}] => (Allow) D:\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{46945A9A-B912-46E8-9794-3A51C8EF4623}] => (Allow) D:\Steam\steamapps\common\They Are Billions\TheyAreBillions.exe (Numantian Games) [File not signed]
FirewallRules: [{10286C11-7ECE-4F38-9664-1CB54786FA6D}] => (Allow) D:\Steam\steamapps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH) [File not signed]
FirewallRules: [{8E7DA6EF-2745-4C3A-AFDF-5BD2C9E98D6B}] => (Allow) D:\Steam\steamapps\common\Industry Giant 2\ig2_AddOn.exe (United Independent Entertainment GmbH) [File not signed]
FirewallRules: [TCP Query User{AA559B58-555C-4AB2-AF05-C92DF1C19F26}D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe => No File
FirewallRules: [UDP Query User{9B907729-17F6-42FF-B483-F1AED5348987}D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\mutant year zero\zoneue4\binaries\win64\zoneue4-win64-shipping.exe => No File
FirewallRules: [TCP Query User{0E41FB97-241A-43F6-B940-10DF9A4D596B}D:\setup - games\foundation.v0.4.9\foundation.exe] => (Block) D:\setup - games\foundation.v0.4.9\foundation.exe => No File
FirewallRules: [UDP Query User{80326E13-4DE4-4E86-AE07-7E7386DFCC9A}D:\setup - games\foundation.v0.4.9\foundation.exe] => (Block) D:\setup - games\foundation.v0.4.9\foundation.exe => No File
FirewallRules: [{2A1D4E10-60F6-4CE8-A0AC-7801ADC3E6E3}] => (Allow) D:\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{C79D0CA4-32BF-4978-AEDA-E0A8FFB741C0}] => (Allow) D:\Steam\steamapps\common\Frostpunk\Frostpunk.exe (Marek Ziemak -> 11 bit studios S.A.)
FirewallRules: [{8DC78D7B-93D4-4AB2-905A-D66F834AF8B0}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{260BD80C-B59D-4B78-8277-BCB58A4289EA}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{14456F20-7C64-448F-8C32-75AE9B8C5E34}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9CB4B5FA-7B88-4110-A8A8-19EF12684AE7}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{AB019BB3-AE65-4794-A45D-06990FEC2616}D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Block) D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4F457511-F1B1-4360-B178-490FC1ABA317}D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe] => (Block) D:\games\tropicco.6.v0.90_93525\tropico 6\tropico6\binaries\win64\tropico6-win64-shipping.exe => No File
FirewallRules: [{B7B80D8E-687F-4416-BAB0-281611189013}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{E7D915B7-A6AD-4506-8DCC-11C03B01EAD4}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{6516BB23-A465-47E8-AC55-4291DD9B46A0}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{A9F6D395-8FA3-4950-8BAE-7830ACADAE7A}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{78785150-9F4B-4382-8FE2-E283205C6749}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{580C4734-7899-4B90-B3FB-2DC144008C56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3EB229B1-870D-4441-9E96-E5B6A7BE2128}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{7102BDD0-98EB-4F4C-8DA2-04D0A59B87D0}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe (Gearbox Software LLC -> Gearbox Software)
FirewallRules: [{E7D27900-53EA-4B01-9535-4D3F729DAEAF}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [{1AD79FD6-392A-4549-A32F-8C82A7F552F6}] => (Allow) D:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe (Gearbox Software LLC -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{D717B10B-5FB0-4DED-9BB9-EFF82F6B96BF}D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe (Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{1A401B35-B515-48C5-A44D-89F422F84A08}D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe] => (Allow) D:\steam\steamapps\common\xcom 2\xcom2-warofthechosen\binaries\win64\xcom2.exe (Firaxis Games) [File not signed]
FirewallRules: [{5AB0D642-A086-472D-BFEA-78858C056FE7}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{58FDF5EF-B3EC-497F-96AA-8F004795D6E8}] => (Allow) D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{BEF5A3B7-CC7D-4E09-986E-7808F8014CA9}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{FF892A9C-EDA7-480F-B5D4-5A011EF68DFF}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{9E1FA0D2-A8A1-4C02-B992-A2ACD7C9BC5A}] => (Allow) D:\Steam\steamapps\common\Factory Town\Factory Town.exe () [File not signed]
FirewallRules: [{71BD84C0-DCDB-4B5C-BDC5-A89BF4C940B1}] => (Allow) D:\Steam\steamapps\common\Factory Town\Factory Town.exe () [File not signed]
FirewallRules: [TCP Query User{D1B27CDE-3796-4012-977B-E13E89AD3282}D:\setup - games\urban assault 2019\urban assault source\ua.exe] => (Block) D:\setup - games\urban assault 2019\urban assault source\ua.exe => No File
FirewallRules: [UDP Query User{5C946A6A-7EC7-4602-9742-28727383E5EE}D:\setup - games\urban assault 2019\urban assault source\ua.exe] => (Block) D:\setup - games\urban assault 2019\urban assault source\ua.exe => No File
FirewallRules: [{01484C0D-C162-435B-B1D7-06E99A3788E8}] => (Allow) D:\Steam\steamapps\common\Cliff Empire\CliffEmpire.exe => No File
FirewallRules: [{099DB166-10E9-4373-8DAB-D0F40944681E}] => (Allow) D:\Steam\steamapps\common\Cliff Empire\CliffEmpire.exe => No File
FirewallRules: [TCP Query User{7B70712A-345C-42E8-95D3-682124F73BA5}D:\games\dins.legacy\din's legacy\dinslegacy.exe] => (Block) D:\games\dins.legacy\din's legacy\dinslegacy.exe => No File
FirewallRules: [UDP Query User{1D1D6B67-67EA-4F4D-A6AE-4798C38CF3DC}D:\games\dins.legacy\din's legacy\dinslegacy.exe] => (Block) D:\games\dins.legacy\din's legacy\dinslegacy.exe => No File
FirewallRules: [TCP Query User{6486FD8F-A11B-4328-B723-3265595AF60B}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{8585BC37-CF54-40C3-A802-C69E2D0B4C5F}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [{B5F304E6-7044-4675-AC97-916B17BD728F}] => (Allow) D:\Steam\steamapps\common\Might & Magic X - Legacy\Might and Magic X Legacy.exe (Limbic Entertainment GmbH -> )
FirewallRules: [{FD60A5BE-B50E-4056-9184-CE6C8F34A8F5}] => (Allow) D:\Steam\steamapps\common\Might & Magic X - Legacy\Might and Magic X Legacy.exe (Limbic Entertainment GmbH -> )
FirewallRules: [{44C48791-AC93-43F1-AA86-06A1295F64EC}] => (Allow) D:\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{02201CF8-B742-40F0-BCE2-44FBB4402626}] => (Allow) D:\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [TCP Query User{B927C14A-3CAA-407C-9179-B31AD1AFD82E}D:\setup - games\gloomhaven\gloomhaven\gh.exe] => (Block) D:\setup - games\gloomhaven\gloomhaven\gh.exe => No File
FirewallRules: [UDP Query User{BF75F859-0EC9-48F5-B129-979D8BBDA5DC}D:\setup - games\gloomhaven\gloomhaven\gh.exe] => (Block) D:\setup - games\gloomhaven\gloomhaven\gh.exe => No File
FirewallRules: [{6169895A-CA95-4104-B345-796C791AD73B}] => (Allow) D:\Steam\steamapps\common\Interstellar Space Genesis\isg.exe () [File not signed]
FirewallRules: [{2C527327-3E22-4BB2-A1B4-7BAB541B2836}] => (Allow) D:\Steam\steamapps\common\Interstellar Space Genesis\isg.exe () [File not signed]
FirewallRules: [{936E1EF6-503E-4810-B7DF-6144C50438F3}] => (Allow) D:\Steam\steamapps\common\Settlements\Settlements.exe (Treon Games) [File not signed]
FirewallRules: [{907E6FEB-1E11-419C-98CC-D5373732FCC7}] => (Allow) D:\Steam\steamapps\common\Settlements\Settlements.exe (Treon Games) [File not signed]
FirewallRules: [TCP Query User{46BED59E-5165-4511-B2B7-72E54A4D694B}D:\setup - games\foundation.v1.3.3\foundation.exe] => (Block) D:\setup - games\foundation.v1.3.3\foundation.exe => No File
FirewallRules: [UDP Query User{C16DF683-37C9-4A7A-91A7-661D81D1944E}D:\setup - games\foundation.v1.3.3\foundation.exe] => (Block) D:\setup - games\foundation.v1.3.3\foundation.exe => No File
FirewallRules: [TCP Query User{9C114CF8-954C-4694-8E97-38E0F69F57F8}D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Block) D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe => No File
FirewallRules: [UDP Query User{06C1FEDF-010F-42FD-9CC7-BCC92996ED94}D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe] => (Block) D:\setup - games\phoenix.point.build.5\phoenixpointbackerbuild\phoenixpointwin64.exe => No File
FirewallRules: [{C7AE7E0E-DF8E-4D04-8DEA-E3953D6F739A}] => (Allow) D:\Games\NBA 2K14\nba2k14.exe => No File
FirewallRules: [{038249E0-44FF-4CF4-B2FA-8B1B0DA6108B}] => (Allow) D:\Games\NBA 2K14\nba2k14.exe => No File
FirewallRules: [TCP Query User{E5E46E44-C655-4A5C-9ED0-830C234E19CA}D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe] => (Block) D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [UDP Query User{F22798D7-00D4-4360-A282-9E4A021130C7}D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe] => (Block) D:\setup - games\rebel.inc.escalation\rebel inc escalation\rebel inc. escalation.exe => No File
FirewallRules: [{F48D4509-7D38-473C-897F-B91A2D4E4584}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33112A60-4337-4E99-A5AB-9487CE954884}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{949AC766-48BA-4737-8E77-A6C08CB93AE7}] => (Allow) D:\Steam\steamapps\common\Stellar Tactics\StellarTactics.exe () [File not signed]
FirewallRules: [{02787B5E-065A-4C32-9231-CEDC7FB3A181}] => (Allow) D:\Steam\steamapps\common\Stellar Tactics\StellarTactics.exe () [File not signed]
FirewallRules: [TCP Query User{13CF5725-6480-4438-B4A9-EF4E52CABFD6}D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [UDP Query User{3F11B248-5334-4D91-A03A-4AA0DF93365D}D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe] => (Allow) D:\games\star wars jedi fallen order\swgame\binaries\win64\starwarsjedifallenorder.exe => No File
FirewallRules: [TCP Query User{D1C46B00-4705-4678-86D7-DEDECF898E72}D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe] => (Block) D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe => No File
FirewallRules: [UDP Query User{0A172D42-C3E9-447B-968A-CB38CDFC0B4F}D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe] => (Block) D:\setup - games\wolcen.lords.of.mayhem.wrath.of.sarisel\wolcen\win_x64\wolcen.exe => No File
FirewallRules: [TCP Query User{EA724399-F461-4A70-850B-5A5A92B12AB7}D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe] => (Block) D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe => No File
FirewallRules: [UDP Query User{8091FE39-FA5E-46A6-89CD-F31BEF75D262}D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe] => (Block) D:\setup - games\surviving.the.aftermath.v1.3.1.5514\aftermath64.exe => No File
FirewallRules: [TCP Query User{255B0ED2-CF32-4546-A992-6883B1D3A304}D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Block) D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe => No File
FirewallRules: [UDP Query User{80D1A396-5DFF-4942-8E16-1285BCE5D430}D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe] => (Block) D:\games\borderlands 3\oakgame\binaries\win64\borderlands3.exe => No File
FirewallRules: [TCP Query User{3D96B709-1A99-4AB0-B4F2-F441338897C3}D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe] => (Block) D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe => No File
FirewallRules: [UDP Query User{82D30E03-78E3-41C3-BFD8-94659DC8C529}D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe] => (Block) D:\setup - games\curse.of.the.dead.gods\curse of the dead gods\curse of the dead gods.exe => No File
FirewallRules: [TCP Query User{A248BA63-034C-4684-8879-68F2D3643CC1}D:\setup - games\avorion.v0.33.3\bin\avorion.exe] => (Block) D:\setup - games\avorion.v0.33.3\bin\avorion.exe => No File
FirewallRules: [UDP Query User{358F6F83-944D-4EC5-B88A-D1ABDA78DCD7}D:\setup - games\avorion.v0.33.3\bin\avorion.exe] => (Block) D:\setup - games\avorion.v0.33.3\bin\avorion.exe => No File
FirewallRules: [TCP Query User{E9C07CB4-63C4-485D-B39E-540F795D2C1C}D:\games\phoenix point blood and titanium\phoenixpointwin64.exe] => (Block) D:\games\phoenix point blood and titanium\phoenixpointwin64.exe => No File
FirewallRules: [UDP Query User{2B96F45D-6B8F-4C73-B7DA-6A79A5D1F619}D:\games\phoenix point blood and titanium\phoenixpointwin64.exe] => (Block) D:\games\phoenix point blood and titanium\phoenixpointwin64.exe => No File
FirewallRules: [{35745CD6-89F7-4FEB-8850-235C530848F4}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{C81B5286-9791-4492-81D0-D6372AA64E1A}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [File not signed]
FirewallRules: [{1D721E48-99B6-4014-8F1F-CF0EA451B4BD}] => (Allow) LPort=1542
FirewallRules: [{5FDCA851-18E0-48CB-96EF-1E2F008C42E4}] => (Allow) LPort=1542
FirewallRules: [{054FABBB-9BB0-435B-82E6-13673F48A16A}] => (Allow) LPort=53
FirewallRules: [{820F265B-F347-44E0-AB69-BEEDF79C687A}] => (Allow) LPort=67
FirewallRules: [{92EF0A85-FFE7-4F86-9C38-C49A9FAD2E04}] => (Allow) LPort=68
FirewallRules: [{01CBDA59-65B7-449D-8F19-6215CCC47BF5}] => (Allow) LPort=53
FirewallRules: [{A1755B7C-E11C-4BB8-BD52-1348BB9F5533}] => (Allow) LPort=53
FirewallRules: [{5627A066-08D8-45C3-BB18-F1580D6E30E6}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\Rtldhcp.exe (Realtek) [File not signed]
FirewallRules: [TCP Query User{AABEB4B3-6EE1-499A-B221-341C67C532C6}D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe] => (Block) D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{3D2D6860-E4EB-41BD-875F-7AC95C13C2BD}D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe] => (Block) D:\games\forged of blood\kingmaker\binaries\win64\kingmaker-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{32A45D5B-9BC6-4399-B608-2E3AD910067F}] => (Allow) D:\Steam\steamapps\common\Legend of Keepers\LegendOfKeepers.exe () [File not signed]
FirewallRules: [{36F8E4C5-AC0F-4553-B052-946D3F7B6D03}] => (Allow) D:\Steam\steamapps\common\Legend of Keepers\LegendOfKeepers.exe () [File not signed]
FirewallRules: [TCP Query User{B9E1EC74-90BC-46AE-933C-E858F6CE3816}D:\games\xcom - chimera squad\binaries\win64\xcom.exe] => (Block) D:\games\xcom - chimera squad\binaries\win64\xcom.exe (Take-Two Interactive Software, Inc. -> Firaxis Games)
FirewallRules: [UDP Query User{D7E0CB21-E9F4-4FDE-84A4-4E5EA3126D76}D:\games\xcom - chimera squad\binaries\win64\xcom.exe] => (Block) D:\games\xcom - chimera squad\binaries\win64\xcom.exe (Take-Two Interactive Software, Inc. -> Firaxis Games)
FirewallRules: [{C99E9E7E-6834-4F4D-A334-CB749D6F2272}] => (Allow) D:\Steam\steamapps\common\Wingspan Demo\WingspanDemo.exe => No File
FirewallRules: [{2ECA6A05-2F5A-4C68-9D15-2D4D53F3789B}] => (Allow) D:\Steam\steamapps\common\Wingspan Demo\WingspanDemo.exe => No File
FirewallRules: [{5F89FA5E-497F-4AB6-861C-CC4E8FC2A90A}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Launcher\launcher.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{BF6D5231-3AB5-4A3C-9835-476EB221FF82}] => (Allow) D:\Steam\steamapps\common\XCOM 2\Launcher\launcher.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{0D3C1DF7-B6E6-40AC-96A9-EC5123A2AA8B}] => (Allow) D:\Games\Epic Games\ANNO1800\Bin\Win64\Anno1800.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{99812AAA-004E-4E51-8637-BB6AF3741BA4}] => (Allow) D:\Steam\steamapps\common\Dominus Galaxia KS Edition\Dominus Galaxia.exe () [File not signed]
FirewallRules: [{AC94092F-DE50-4F90-88F3-26118C1DC369}] => (Allow) D:\Steam\steamapps\common\Dominus Galaxia KS Edition\Dominus Galaxia.exe () [File not signed]
FirewallRules: [{26EDDC64-A2FA-41F7-BEB5-67297AD65CAE}] => (Allow) D:\Steam\steamapps\common\Secret Government Demo\Secret Government.exe () [File not signed]
FirewallRules: [{38847675-88A9-4B9C-836A-E8F00ABFF29A}] => (Allow) D:\Steam\steamapps\common\Secret Government Demo\Secret Government.exe () [File not signed]
FirewallRules: [TCP Query User{26428205-C1DC-469F-B72C-AE692D7B5DBD}D:\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) D:\steam\steamapps\common\titanfall2\titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment)
FirewallRules: [UDP Query User{35F67515-788F-4EE1-9EA1-CD4EE1523942}D:\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) D:\steam\steamapps\common\titanfall2\titanfall2.exe (Respawn Entertainment, LLC -> Respawn Entertainment)
FirewallRules: [TCP Query User{D54BB0AE-5634-45FE-A8A9-38B44E56ED2A}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe (3DIVISION) [File not signed]
FirewallRules: [UDP Query User{6EB9094F-891D-4CAC-A45E-9C55F13DDCE3}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\setupapplication soviet.exe (3DIVISION) [File not signed]
FirewallRules: [TCP Query User{BA79FE3F-B96A-4541-B5B7-E1FB037CD11A}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe () [File not signed]
FirewallRules: [UDP Query User{F5AB0789-DE76-43BF-9879-7AEF53FEC329}D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe] => (Block) D:\games\workers.&.resources.soviet.republic.v0.8.0.22\soviet64.exe () [File not signed]
FirewallRules: [{99635B19-7A18-4E79-9FCC-1685B04F9424}] => (Allow) C:\Users\Abhishek\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E394CE13-9B89-4035-B8E6-3606DA05F2D6}] => (Allow) C:\Users\Abhishek\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{0B88D9E9-FD08-4150-BB6D-9FDCDAB2DBA8}D:\games\epic games\oldworld\oldworld.exe] => (Allow) D:\games\epic games\oldworld\oldworld.exe () [File not signed]
FirewallRules: [UDP Query User{7C530AD4-0058-4DBF-B06A-965403A500E6}D:\games\epic games\oldworld\oldworld.exe] => (Allow) D:\games\epic games\oldworld\oldworld.exe () [File not signed]
FirewallRules: [TCP Query User{EE36E8FA-53CA-4CA4-88B7-0D013C6418D5}D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe] => (Block) D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe => No File
FirewallRules: [UDP Query User{176F41AE-0400-476B-A36F-2282B7D6BFE6}D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe] => (Block) D:\games\hardspace.shipbreaker\hardspace shipbreaker\shipbreaker.exe => No File
FirewallRules: [TCP Query User{25EA6FF6-6F2D-4F96-91DD-FC8579C8AFDD}D:\games\persona 4 golden\p4g.exe] => (Block) D:\games\persona 4 golden\p4g.exe () [File not signed]
FirewallRules: [UDP Query User{574445FF-3E70-4977-AA25-C06F2FDE494B}D:\games\persona 4 golden\p4g.exe] => (Block) D:\games\persona 4 golden\p4g.exe () [File not signed]
FirewallRules: [{E6B6A20B-64D0-4745-87FE-3BFF4D3FB53F}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus.exe (Nordic Games) [File not signed]
FirewallRules: [{E37E885C-390C-421B-BCF6-B8B1C65A63FD}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus.exe (Nordic Games) [File not signed]
FirewallRules: [{62B0CF52-C426-4028-93E7-C5ECE35AA828}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus_DX9.exe (Nordic Games) [File not signed]
FirewallRules: [{0C2E5C70-9607-4777-9A7B-B984FA8C58EC}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\nexus_DX9.exe (Nordic Games) [File not signed]
FirewallRules: [{FE87B19C-E3CF-4A0A-81FF-17BD4C60E1D2}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\mod_tools\mod_tools.exe (Nordic Games) [File not signed]
FirewallRules: [{8A056044-9940-4675-830F-EBC57F18C3C9}] => (Allow) D:\Steam\steamapps\common\Nexus The Jupiter Incident\mod_tools\mod_tools.exe (Nordic Games) [File not signed]
FirewallRules: [{5D5880A4-C833-4E38-9501-1CACAB37CF26}] => (Allow) D:\Steam\steamapps\common\Master of Orion 3\moo3.exe (INFOGRAMES & QUICKSILVER SOFTWARE) [File not signed]
FirewallRules: [{4F6D2223-801E-4A56-9E03-41AF36BECCFC}] => (Allow) D:\Steam\steamapps\common\Master of Orion 3\moo3.exe (INFOGRAMES & QUICKSILVER SOFTWARE) [File not signed]
FirewallRules: [{31450AC5-0F38-4D25-AC44-508C6E7C7E51}] => (Allow) D:\Steam\steamapps\common\Master of Orion 2\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{1AC19DBC-5197-4305-811A-65190809885D}] => (Allow) D:\Steam\steamapps\common\Master of Orion 2\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{75B9B57A-9C6E-4AB7-B0D8-1CA9B86985D8}] => (Allow) D:\Steam\steamapps\common\Master of Orion 1\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{FC55B8D8-CA23-4B27-A2E7-1CA40ECE9929}] => (Allow) D:\Steam\steamapps\common\Master of Orion 1\DOSBOX\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{DE106AB0-F3E6-420E-A6A6-90445DD5BF91}] => (Allow) D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe () [File not signed]
FirewallRules: [{B4620D84-307C-43D6-A887-938BEB9D80C4}] => (Allow) D:\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe () [File not signed]
FirewallRules: [TCP Query User{1BE3B879-2C22-4E47-AEDA-D5350D2C2AD4}C:\program files (x86)\altova\mapforce2020\mapforce.exe] => (Allow) C:\program files (x86)\altova\mapforce2020\mapforce.exe => No File
FirewallRules: [UDP Query User{39F4A759-B33C-4070-BB09-91A3F1465CFF}C:\program files (x86)\altova\mapforce2020\mapforce.exe] => (Allow) C:\program files (x86)\altova\mapforce2020\mapforce.exe => No File
FirewallRules: [TCP Query User{7EDFDAC6-6793-402D-9998-07DFF0881A97}D:\games\epic games\totalwarsagatroy\troy.exe] => (Allow) D:\games\epic games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{7EC463FE-7D79-4617-8C15-8955016937CB}D:\games\epic games\totalwarsagatroy\troy.exe] => (Allow) D:\games\epic games\totalwarsagatroy\troy.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{EFD861C9-15AB-4499-BFCD-33514FEA6538}D:\games\total war - warhammer 2\warhammer2.exe] => (Block) D:\games\total war - warhammer 2\warhammer2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) [File not signed]
FirewallRules: [UDP Query User{8E10DDB0-CFBE-4D6A-8288-2741B441F0CC}D:\games\total war - warhammer 2\warhammer2.exe] => (Block) D:\games\total war - warhammer 2\warhammer2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd) [File not signed]
FirewallRules: [{3AD7CFBF-B3CB-4304-85D6-6B705D180FF9}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{411773CD-959A-45F4-BAE7-7D30B6187AF5}] => (Allow) D:\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => No File
FirewallRules: [TCP Query User{5DCF1FD6-8624-4FCD-B138-96B1A29D59E1}D:\games\wasteland 3\wl3.exe] => (Block) D:\games\wasteland 3\wl3.exe () [File not signed]
FirewallRules: [UDP Query User{5C91C3F5-2B05-42F5-A3D9-84128219E1BF}D:\games\wasteland 3\wl3.exe] => (Block) D:\games\wasteland 3\wl3.exe () [File not signed]
FirewallRules: [{317EBFB0-BAA9-482D-BF2D-64E61DD146CF}] => (Allow) D:\Steam\steamapps\common\Trials of Mana Demo\Trials of Mana\Binaries\Win64\Trials of Mana-Win64-Shipping.exe => No File
FirewallRules: [{97725372-FEE9-4789-9D1F-D3B72D45EDD2}] => (Allow) D:\Steam\steamapps\common\Trials of Mana Demo\Trials of Mana\Binaries\Win64\Trials of Mana-Win64-Shipping.exe => No File
FirewallRules: [{63575091-2436-4097-AC87-58C7FE31E069}] => (Allow) D:\Steam\steamapps\common\DarksidersGenesis\DarksidersGenesis.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{E8A7D9B8-0822-477F-9446-2C38E163FBD5}] => (Allow) D:\Steam\steamapps\common\DarksidersGenesis\DarksidersGenesis.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{AB453C86-A630-4E07-8FD7-4D858EDB0E48}D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe (THQ Nordic GmbH) [File not signed]
FirewallRules: [UDP Query User{735A859C-0DF6-410B-BBEC-ADC6BE6E5D7D}D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\darksidersgenesis\projectmayhem\binaries\win64\darksidersgenesis-win64-shipping.exe (THQ Nordic GmbH) [File not signed]
FirewallRules: [{DBB9F32A-91F4-42BE-9DFE-AD89B0EBABB2}] => (Allow) D:\Steam\steamapps\common\The Jackbox Party Pack 5\The Jackbox Party Pack 5.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{4B3EED34-46BE-48A9-B25A-86ADA4232FA3}] => (Allow) D:\Steam\steamapps\common\The Jackbox Party Pack 5\The Jackbox Party Pack 5.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{60CE7F20-2A00-4899-979D-01801C409B19}C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{22F89EE7-B9D1-4FBC-BA3E-48314DC3AB64}C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\abhishek\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7CA51103-4248-4DE7-BFB0-3ADFB1ABDBDF}D:\games\iron harvest\release\ironharvest.exe] => (Block) D:\games\iron harvest\release\ironharvest.exe => No File
FirewallRules: [UDP Query User{72D58B1C-BEC6-425B-A33C-6456F7F3E2A1}D:\games\iron harvest\release\ironharvest.exe] => (Block) D:\games\iron harvest\release\ironharvest.exe => No File
FirewallRules: [TCP Query User{FA72E94C-DE92-4EE4-9E0E-A99308AE3460}D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe] => (Block) D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe (Earthshine) [File not signed]
FirewallRules: [UDP Query User{6D18413A-3E19-4C8F-BCDF-A065FCEF756E}D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe] => (Block) D:\games\kingdoms reborn\puncity\binaries\win64\prototypecity-win64-debuggame.exe (Earthshine) [File not signed]
FirewallRules: [TCP Query User{862908BC-0C90-416D-8B0D-FEEF4E7DFDA9}D:\games\baldurs gate 3\bin\bg3.exe] => (Block) D:\games\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [UDP Query User{3D01CB3A-B8E6-41CF-9563-838C494A5BBB}D:\games\baldurs gate 3\bin\bg3.exe] => (Block) D:\games\baldurs gate 3\bin\bg3.exe => No File
FirewallRules: [{2D9D5DDF-DA43-43E1-926D-79BFA4E5BA24}] => (Allow) D:\Steam\steamapps\common\Drox Operative 2\DroxOperative2.exe (Soldak Entertainment, Inc. -> )
FirewallRules: [{6CB65CF1-035A-4C07-AAC2-30F0E5E68870}] => (Allow) D:\Steam\steamapps\common\Drox Operative 2\DroxOperative2.exe (Soldak Entertainment, Inc. -> )
FirewallRules: [{60345E09-E376-49B5-9B67-5C77F0D08A66}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\Launcher.exe => No File
FirewallRules: [{3B42BB0E-0CDA-4BAB-B61A-463E3FB67EDE}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\Launcher.exe => No File
FirewallRules: [{AE2EDF69-7AEB-404E-AE15-83D91E26457E}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{D3CC370B-514B-437E-9068-23198DF4BF9D}] => (Allow) D:\Steam\steamapps\common\The Riftbreaker Prologue\bin\riftbreaker_win_release.exe => No File
FirewallRules: [TCP Query User{D216A7F5-EF10-4AAB-B45D-0CF2AD2843D0}D:\games\efootball pes 2021\pes2021.exe] => (Block) D:\games\efootball pes 2021\pes2021.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [UDP Query User{4D664224-C0F1-4DED-9131-807BF49FAE77}D:\games\efootball pes 2021\pes2021.exe] => (Block) D:\games\efootball pes 2021\pes2021.exe (Konami Digital Entertainment Co., Ltd.) [File not signed]
FirewallRules: [TCP Query User{0CF8140B-4637-410F-9599-D4577C4E76EA}D:\games\horizon - zero down ce\horizonzerodawn.exe] => (Block) D:\games\horizon - zero down ce\horizonzerodawn.exe => No File
FirewallRules: [UDP Query User{9502DFDF-4DEB-4064-ABD0-BB76B41F48D3}D:\games\horizon - zero down ce\horizonzerodawn.exe] => (Block) D:\games\horizon - zero down ce\horizonzerodawn.exe => No File
FirewallRules: [{00F2C5F0-ED03-4A83-BA72-04F2F5810027}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{16423494-7AFB-47FC-8F3B-4CDE17CF8C7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DB4AC38E-D1AA-4AC3-96DD-C9BBB9BB9B76}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4C994BE5-82C8-4BFF-A3A8-BCA1F4B70BB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3B5A2727-0294-46D8-A3E4-9B701F32C61D}] => (Allow) D:\Steam\steamapps\common\Gears5\GearGame\Binaries\Steam\Gears5_EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{D911566F-6C62-4EF9-8409-9D161A0E82CF}] => (Allow) D:\Steam\steamapps\common\Gears5\GearGame\Binaries\Steam\Gears5_EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0D0F32D2-AF39-4AF7-927B-E254579579C7}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{ADB679DE-9533-4993-B4BB-E8A0258AD9C5}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [TCP Query User{5DF4DA93-AF86-4B8F-BF0B-69043FB94576}D:\games\dyson.sphere.program.early.access\dspgame.exe] => (Block) D:\games\dyson.sphere.program.early.access\dspgame.exe => No File
FirewallRules: [UDP Query User{0E88FBA5-884D-488C-9E97-92228CBE1511}D:\games\dyson.sphere.program.early.access\dspgame.exe] => (Block) D:\games\dyson.sphere.program.early.access\dspgame.exe => No File
FirewallRules: [{11A5E93D-DE0A-4924-BFE6-507F1D242D68}] => (Allow) D:\Steam\steamapps\common\GWENT The Witcher Card Game\Gwent.exe () [File not signed]
FirewallRules: [{5FDB44E0-374C-4119-BE15-C137F87D66A0}] => (Allow) D:\Steam\steamapps\common\GWENT The Witcher Card Game\Gwent.exe () [File not signed]
FirewallRules: [{6CBDB863-E146-4BF3-8AB3-4615847AE4FF}] => (Allow) D:\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [{238B6438-D5C4-4016-A3F7-A76CD074FEC2}] => (Allow) D:\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [TCP Query User{6BEFAB4E-C993-442A-8CFF-7A6D1BBFFE95}D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe] => (Block) D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe => No File
FirewallRules: [UDP Query User{FE9B2D7B-5EFE-45C3-95F1-F39BBE2BDCC7}D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe] => (Block) D:\setup - games\loop.hero\loop.hero\loop hero\loop hero.exe => No File
FirewallRules: [TCP Query User{058B5ADF-FC22-48E0-906E-09C7916187D5}D:\setup - games\silent sector\silent sector\silentsector.exe] => (Block) D:\setup - games\silent sector\silent sector\silentsector.exe => No File
FirewallRules: [UDP Query User{EDE30C94-6692-4BBE-8A65-3DBC1B1C9D1B}D:\setup - games\silent sector\silent sector\silentsector.exe] => (Block) D:\setup - games\silent sector\silent sector\silentsector.exe => No File
FirewallRules: [{49AC6660-6785-4C26-8467-5482F4B51735}] => (Allow) D:\Steam\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{7A78F66E-2EE3-45E6-953D-E1BEF38AEF6D}] => (Allow) D:\Steam\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{1FD61A33-E35E-48DF-8A37-7219BCD00DDD}] => (Allow) D:\Steam\steamapps\common\Portal Reloaded\portal2.exe () [File not signed]
FirewallRules: [{BEC4B1E1-9C7A-4E54-8E83-CBD075FFA044}] => (Allow) D:\Steam\steamapps\common\Portal Reloaded\portal2.exe () [File not signed]
FirewallRules: [TCP Query User{96200FDD-7EF4-4611-80F3-395B8BDDD009}D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe] => (Block) D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe => No File
FirewallRules: [UDP Query User{C2C04031-10F8-4025-8C38-BAE5025F0792}D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe] => (Block) D:\setup - games\star.dynasties.build.6551032\star.dynasties.build.6551032\stardynasties.exe => No File
FirewallRules: [TCP Query User{28C0AE6B-6185-47AC-B500-AFE9F6A62537}D:\games\newcity\newcity\newcity.exe] => (Block) D:\games\newcity\newcity\newcity.exe () [File not signed]
FirewallRules: [UDP Query User{D35790C5-4F64-4011-A140-959D69860B74}D:\games\newcity\newcity\newcity.exe] => (Block) D:\games\newcity\newcity\newcity.exe () [File not signed]
FirewallRules: [{17F1A6BB-7480-45DF-B441-64309BA687E9}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe (id Software) [File not signed]
FirewallRules: [{2982563B-5131-4208-9C78-7997E17F3AAC}] => (Allow) D:\Steam\steamapps\common\DOOM\DOOMx64.exe (id Software) [File not signed]
FirewallRules: [{7D4DD531-E6B1-4296-A914-654A2D2B0B4C}] => (Allow) LPort=1688
FirewallRules: [{D7F06A42-A187-4F4B-8096-ACF11ECD472D}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{33FD585B-CB7D-4D95-8147-ABB05DEEDEF0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe (@ByELDI -> @ByELDI) [File not signed]
FirewallRules: [{B47F339C-4528-4780-9366-C4C2600F11F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{20AC1AF7-B3DB-4463-B4AA-39B32236CA49}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C3E88CBC-9BCB-4A4A-909C-8A8BB72C2D00}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{35C96E1A-60AA-4797-A486-593509A1B92C}D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe (The Coalition) [File not signed]
FirewallRules: [UDP Query User{D003ED15-E8A1-48A0-879C-37D0C239556B}D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe] => (Allow) D:\steam\steamapps\common\gears5\geargame\binaries\steam\gears5.exe (The Coalition) [File not signed]
FirewallRules: [{2EEA6861-73FC-4882-AD03-8826F2AB42C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DD289760-2A5C-42BE-BA6A-3466BAF1CCDC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
 
==================== Restore Points =========================
 
06-06-2021 13:08:12 Windows Update
09-06-2021 13:28:28 Windows Update
09-06-2021 13:28:40 Windows Update
13-06-2021 14:48:45 Windows Update
19-06-2021 13:03:17 Windows Update
22-06-2021 13:22:32 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
Error: (06/24/2021 11:20:11 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
Error: (06/24/2021 11:20:10 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
Error: (06/24/2021 11:20:10 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
Error: (06/24/2021 11:20:10 AM) (Source: Office Software Protection Platform Service) (EventID: 1017) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004F050
Partial Pkey=H3GVB
ACID=?
Detailed Error[?]
 
 
System errors:
=============
Error: (06/24/2021 12:01:30 PM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (S-1-15-2-2857473633-3109437919-1220025815-391843659-1696795867-5112260-1075828977). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/24/2021 11:41:50 AM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/24/2021 11:20:14 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (06/24/2021 11:20:13 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (06/24/2021 11:10:11 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (06/24/2021 11:10:10 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"225"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding
 
Error: (06/24/2021 10:42:04 AM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/24/2021 07:48:53 AM) (Source: DCOM) (EventID: 10016) (User: RECCANEWPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user RECCANEWPC\Abhishek SID (S-1-5-21-1421928017-2934188180-441290238-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
================
Date: 2021-06-24 12:14:21.029
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: F:\Downloads\FRST64.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-24 11:20:14.080
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-24 11:20:06.347
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-24 11:10:10.262
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\svchost.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-24 11:10:03.969
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Signature Version: AV: 1.341.1336.0, AS: 1.341.1336.0, NIS: 1.341.1336.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-21 23:59:56.389
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\AutoPico.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device. 
Signature Version: AV: 1.341.1171.0, AS: 1.341.1171.0, NIS: 1.341.1171.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-14 19:02:53.356
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device. 
Signature Version: AV: 1.341.726.0, AS: 1.341.726.0, NIS: 1.341.726.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-07 00:00:33.379
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\AutoPico.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device. 
Signature Version: AV: 1.341.171.0, AS: 1.341.171.0, NIS: 1.341.171.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-06 13:00:32.484
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device. 
Signature Version: AV: 1.341.159.0, AS: 1.341.159.0, NIS: 1.341.159.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
Date: 2021-06-04 18:35:05.097
Description: 
Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/AutoKMS
Severity: High
Category: Tool
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Action: Quarantine
Action Status:  No additional actions required
Error Code: 0x8007001e
Error description: The system cannot read from the specified device. 
Signature Version: AV: 1.341.42.0, AS: 1.341.42.0, NIS: 1.341.42.0
Engine Version: AM: 1.1.18200.4, NIS: 1.1.18200.4
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 3803 01/22/2018
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B350-F GAMING
Processor: AMD Ryzen 5 1600 Six-Core Processor 
Percentage of memory in use: 44%
Total physical RAM: 16318.75 MB
Available physical RAM: 9103.59 MB
Total Virtual: 18750.75 MB
Available Virtual: 7737.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.49 GB) (Free:38.15 GB) NTFS
Drive d: (Tb4) (Fixed) (Total:3725.9 GB) (Free:292.64 GB) NTFS
Drive f: (Ironwolf) (Fixed) (Total:3725.9 GB) (Free:457.16 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:3725.9 GB) (Free:2288.42 GB) NTFS
 
\\?\Volume{6472e117-a8b8-400a-86b6-31435d1b4166}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{7d61a9ef-91ab-43e1-890f-f9e6935dbad9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{667c27fd-2213-489d-bd35-f67d1408902e}\ () (Fixed) (Total:0.84 GB) (Free:0.47 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 3 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 

  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello, and welcome.

 

You have KMSpico installed on your computer. This program is used to illegally activate Microsoft's products, such as Windows or Office. My instructions and fixes will ask you to uninstall it, and this means that either your Windows or Office (or both) will stop being activated, and therefore they will stop working properly. Note that if the problem is with your Windows activation, I won't provide any assistance until you buy a legal license. If Office is the case, then please uninstall the not legally activated products (e.g. Microsoft Office Professional Plus 2010 and Microsoft Office Professional Plus 2019 - en-us). Also uninstall any other cracked/not legally activated program you have installed.

 

Please let me know about your thoughts. 


  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

EDITED


  • 0

#4
cybermantas

cybermantas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you for the response.

 

1. Sure, I can uninstall KMSpico. Would you be able to share instructions for that ?

2. I am unable to uninstall Office 2010. The uninstall is "stuck". Also, the software is unusable. Because it is under "uninstall" which is stuck.

 

In my view, the problem is not related to windows activation, since the issue started from 20th March 2021. 


  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hello again.

 

A very critical question: 

 

Is the operating system (Windows) legally activated? 


  • 0

#6
cybermantas

cybermantas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

It will become an inactive license. Is that a satisfactory condition to proceed with this ?


  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

It will become an inactive license. Is that a satisfactory condition to proceed with this ?

 

No. Most (if not all) of helping forums have rules which don't allow the usage of a pirated/cracked operating system. On one hand it is something illegal and on the other hand there is no reason to clean a computer with such an operating system (or just a non activated operating system), since this will lead to many restrictions soon or later, including not receiving security updates, meaning getting infected again. 


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

See here: Terms of Use - Geeks to Go Forum

 

Especially, see this:

  • Due to the nature of online help we are not able to verify ownership, and will not be able to help bypass or recover any user passwords, cd keys, license codes, serial numbers, etc.
  • The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.
  • We will not support or allow the discussion of any peer to peer (P2P) applications, except for their removal.

  • 0

#9
cybermantas

cybermantas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thanks for patiently explaining the issue. Allow me some time to see if I can activate the Windows license.


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Thanks for patiently explaining the issue. Allow me some time to see if I can activate the Windows license.

 

Yes, sure. It is something you need to deal with sooner or later. I would choose the "sooner".  :)


  • 0

#11
cybermantas

cybermantas

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Update:

 

I was actually able to trace the issue to explorer windows being opened every 10 minutes by svchost.exe (used a bit of audit code to track the timestamp for when explorer.exe was being opened). Which pointed that tasksched may be responsible. Was able to find a task which had a frequency of 10 mins (i dont remember it now, but it didnt seem like it was pointing to explorer), and deleted that particular task. The issue has not occurred for the last 30 mins now. 

 

Thank you once again for responding to my thread. 


  • 0

#12
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,240 posts

Hi, cybermantas.

 

Perhaps your initial issue no longer exists, but this doesn't eliminate all the potential risks/dangers having to do with the use of cracked/pirated programs, torrents, and of a not legally activated operating system.

 

I will close this thread now. If you would like a check of your computer after you gain a legal Windows license, please open a new thread in this Forum.

 

Take care.  


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP