Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

see process called "Be Productive" running and toonboom softwa


  • Please log in to reply

#1
mallowmallow

mallowmallow

    New Member

  • Member
  • Pip
  • 6 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by samue (administrator) on DESKTOP-VMR9NA7 (17-01-2022 17:31:11)
Running from C:\Users\samue\Desktop
Loaded Profiles: samue
Platform: Microsoft Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(Discord Inc. -> Discord Inc.) C:\Users\samue\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) C:\Program Files (x86)\MaskVPN\mask_svc.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(MICROLEAVES LTD -> ) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <6>
(Microleaves LTD -> Advanced Windows Manager) C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SpatialAudioLicenseSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.188.0.22\OverwolfHelper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.188.0.22\OverwolfHelper64.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe <3>
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Wacom Co., Ltd. -> ) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18389960 2018-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Weather] => C:\Users\samue\AppData\Roaming\Weather\Weather.exe [134113181 2021-02-06] (WeatherApplication) [File not signed]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1312040 2018-12-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Discord] => C:\Users\samue\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2495672 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13799776 2022-01-05] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [] => [X]
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1802072 2022-01-13] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\RunOnce: [Application Restart #3] => C:\Users\samue\AppData\Roaming\Weather\Weather.exe [134113181 2021-02-06] (WeatherApplication) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-06] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0738FF8C-B2DB-4557-BF14-6AA032B8A753} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {078FBA31-9C80-4A43-AEC5-88E74F136F28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-27] (Google LLC -> Google LLC)
Task: {0BC7E0D8-4C01-465D-B5B3-5F32828DEF73} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {13B700C7-8397-4A8D-B7CB-0BDBAA30B5E0} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {15EE891E-21AD-42CB-9E4B-32F39947C9D7} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {183C5E42-ECBA-47A9-A27F-F65AE864355B} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {1C66CD3B-D733-43C9-9A86-3DEBFF79B3CD} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {1D0CB678-50B3-4856-BF13-69ED5D81727D} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {1E409E1B-58B1-4380-88B1-B766EDCB8B7D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {223F24CD-498E-4ADA-91AD-0FB56D7CE485} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {23343E61-70C7-42EF-94E4-930B734B7A8A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => C:\WINDOWS\system32\winrmsrv.exe [731136 2021-06-05] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {2BFEE421-016B-478B-984D-BFF278196D39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {30D4F409-292D-4B26-B0D6-2655D56AD3FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A3FF56B-64E1-428C-B71C-EFEAC2DA8AC0} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\Windows Updater.exe [1020024 2021-04-09] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {3DA0675D-3FCC-4BD6-A21E-0D03108CE074} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {3DE2B95F-0A7A-447F-A6AB-D3119F3A74FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-27] (Google LLC -> Google LLC)
Task: {467C1A21-20E8-46C6-813E-FEB5E1237360} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {476A68C5-4C66-4E3E-B777-E12E5463D130} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [908144 2017-11-09] (MICROLEAVES LTD -> Microleaves) <==== ATTENTION
Task: {572F8315-0B42-4B4C-BE01-0716A435CACA} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5FE26B08-4934-477E-9D79-0B9DACE3EDA2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {61C9ECD3-0C65-481A-8CF2-FCC66370A7EE} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {6B2DBB5F-5353-449B-95DE-D304B2666A1D} - System32\Tasks\AdvancedWindowsManager => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {7480ECD9-F0C1-457E-874F-663935E6EC7F} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe -o pool.minexmr.com:4444 -u 844ozfodJvN59Xn7LLDfqXNKbM1bAABZY2ZWmd5jJJQ6P2cdseRePBYAkwmEhLhoCXGFod5DXZY8eiRcnwKxjVMpFgsWU5V -p x (No File) <==== ATTENTION
Task: {76534BC4-8AEA-4095-9D72-6F54208DA8FC} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7809B2BC-1799-43D3-9C09-2B695FA52517} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {8C171133-CAE9-4179-8F3D-E23107DC0A82} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {8C591FB3-CA4D-4498-813F-3916D8D9AF48} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2539864 2022-01-13] (Overwolf Ltd -> Overwolf LTD)
Task: {9A699171-4AE3-4057-A9F5-2D9AC10FD510} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9D4EAA9A-8F8E-4BD5-90B6-EB1E12F784F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9D5E980D-B2E6-4054-ABB3-C992721B7A9B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1443207549-266473185-1957000176-500 => C:\Users\samue\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {AAEBCE61-B9B4-440C-94B6-B582684935F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AE05780A-2EAD-48C5-97CA-3E783054FB8F} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {AF13FDA5-4AB9-4F54-B720-EF13EDAC884B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AFE8648C-0DEC-482D-B596-D7E4EF066F32} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {B6EF075B-766C-46F9-9111-3BF040C8321F} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {BE717321-4795-48C4-A94F-54DA0D6F5005} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E5E15249-5708-4E9F-94AF-D513AF35CB3C} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {EBBF449E-ED59-4FD4-BB12-DF531E2876F1} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {F4DF1DC4-68F6-4C44-8909-B5A9E719DCB7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F5A92030-10EC-435D-A825-8069428DC71C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6C699AB-1705-42FD-BA7F-25F85E3B5315} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{67e5bc1d-4207-4265-9467-7b7f63a4081d}: [DhcpNameServer] 10.0.1.1 10.0.1.3
Tcpip\..\Interfaces\{f633f7ab-56bb-4545-a271-410c006b76dc}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\samue\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-16]

FireFox:
========
FF DefaultProfile: 9rbtgwa0.default
FF ProfilePath: C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\9rbtgwa0.default [0000-00-00]
FF Homepage: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF NewTab: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF ProfilePath: C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release [0000-00-00]
FF DownloadDir: C:\Users\samue\Desktop
FF Homepage: Mozilla\Firefox\Profiles\lkzehow4.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF NewTab: Mozilla\Firefox\Profiles\lkzehow4.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF Extension: (Dark Reader) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-12-07]
FF Extension: (Clear Cache) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2020-12-31]
FF Extension: (Tomato Clock) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-09-06]
FF Extension: (SponsorBlock for YouTube - Skip Sponsorships) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-17]
FF Extension: (TinEye Reverse Image Search) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-10-29]
FF Extension: (Tree Style Tab) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-12]
FF Extension: (uBlock Origin) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-13]
FF Extension: (Flagfox) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2022-01-03]
FF Extension: (Halo-4-wallpaper-unsc) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{192fc524-b327-4258-a129-bac739726340}.xpi [2020-12-31]
FF Extension: (ANIMATED Neutron Stars by candelora) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{2c216ba1-594a-4039-a389-b954f42ff809}.xpi [2021-07-12]
FF Extension: (Blue and Black Stamped Metal) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{3cda8d03-de1b-47b2-9075-9050cb300ee6}.xpi [2020-12-31]
FF Extension: (Psychedelic Glass Squared) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{52b92fe9-753c-4514-851f-63689f4427f2}.xpi [2020-12-31]
FF Extension: (Dark) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{6341c2d3-7376-4d9b-847c-d4679d341d87}.xpi [2020-12-31]
FF Extension: (Misty dark forest II) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{ac92fc5a-c8cd-4f87-b75c-7a4268e9b5cc}.xpi [2020-12-31]
FF Extension: (Video DownloadHelper) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-01]
FF Extension: (Dark Carbon Fiber 1) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{c8b661e4-148d-4fa7-8cfb-81818fd98feb}.xpi [2020-12-31]
FF Extension: (Summerwood) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{fb7d2936-bd43-4dcd-ae06-bf7a15401808}.xpi [2020-12-31]
FF Plugin: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bauddlpcdew.js [2021-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\rulr5djffog.js [2021-07-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\uvt2wwvynov.js [2021-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bauddlpcdew.cfg [2021-02-18] <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\rulr5djffog.cfg [2021-07-05] <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\uvt2wwvynov.cfg [2021-02-18] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-10-06] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [61832 2020-12-04] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-07-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 EQU8_36; C:\ProgramData\EQU8\Splitgate\bin\anticheat.x64.equ8.exe [6161552 2021-09-01] (Int3 Software AB -> Int3 Software AB)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1959776 2022-01-05] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-16] (GOG Sp. z o.o. -> GOG.com)
R2 MaskVPNService; C:\Program Files (x86)\MaskVPN\mask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2022-01-13] (McAfee, LLC -> McAfee, LLC)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2539864 2022-01-13] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1934744 2021-06-30] (Rockstar Games, Inc. -> Rockstar Games)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 EQU8_HELPER_36; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_36.sys [38032 2021-09-22] (Int3 Software AB -> )
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [79872 2020-09-17] (Microsoft Windows Hardware Compatibility Publisher -> FTDI Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [131288 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [29368 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-17 17:31 - 2022-01-17 17:31 - 000035205 _____ C:\Users\samue\Desktop\FRST.txt
2022-01-17 17:30 - 2022-01-17 17:30 - 000000000 ____D C:\Users\samue\Desktop\FRST-OlderVersion
2022-01-17 17:23 - 2022-01-17 17:30 - 002311680 _____ (Farbar) C:\Users\samue\Desktop\FRST64(1).exe
2022-01-17 17:21 - 2022-01-17 17:31 - 000000000 ____D C:\FRST
2022-01-17 17:21 - 2022-01-17 17:21 - 000000000 ____D C:\Users\samue\Downloads\FRST-OlderVersion
2022-01-16 15:28 - 2022-01-16 15:28 - 000002586 _____ C:\Users\Public\Desktop\Toon Boom Storyboard Pro 20.lnk
2022-01-16 15:28 - 2022-01-16 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Storyboard Pro 20
2022-01-16 15:27 - 2022-01-16 15:27 - 337791096 _____ (Toon Boom Animation) C:\Users\samue\Downloads\SBP20-win-17538(2).exe
2022-01-16 01:28 - 2022-01-16 01:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-16 00:54 - 2022-01-16 01:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-01-15 15:11 - 2022-01-15 15:11 - 021736720 _____ C:\Users\samue\Downloads\thumbnails goblin_girl_2022 jan_15_2022.sbbkp
2022-01-14 15:11 - 2022-01-14 15:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2022-01-12 15:17 - 2022-01-12 15:17 - 009365290 _____ C:\Users\samue\Downloads\thumbnails goblin_girl_2022 its a backup.sbbkp
2022-01-12 00:54 - 2022-01-12 00:54 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2022.lnk
2022-01-08 13:03 - 2022-01-08 13:04 - 000375625 _____ C:\Users\samue\Downloads\MB_TextureBrushes.xml
2022-01-08 12:35 - 2022-01-08 12:35 - 000000000 ____D C:\Users\samue\Desktop\Goblin Girl Boards
2022-01-03 14:11 - 2022-01-03 14:11 - 000083682 _____ C:\Users\samue\Downloads\magnificent_2.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000602099 _____ C:\Users\samue\Downloads\the_centurion.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000192289 _____ C:\Users\samue\Downloads\ruritania.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000052615 _____ C:\Users\samue\Downloads\cardinal.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000020918 _____ C:\Users\samue\Downloads\seagram_tfb.zip
2022-01-03 14:09 - 2022-01-03 14:09 - 000328104 _____ C:\Users\samue\Downloads\enchanted_land.zip
2021-12-29 20:03 - 2022-01-17 01:51 - 000000000 ____D C:\Users\samue\Documents\The Witcher 3
2021-12-29 18:24 - 2021-12-29 18:24 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk
2021-12-28 21:45 - 2021-12-28 21:45 - 000000223 _____ C:\Users\samue\Desktop\ROUNDS.url
2021-12-28 19:59 - 2021-12-28 20:04 - 000000000 ____D C:\Users\samue\AppData\Local\Ori and the Will of The Wisps
2021-12-28 19:59 - 2021-12-28 19:59 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Moon Studios
2021-12-27 18:14 - 2021-12-27 18:14 - 000000222 _____ C:\Users\samue\Desktop\The Witcher 3 Wild Hunt.url
2021-12-27 18:13 - 2021-12-27 18:13 - 000000223 _____ C:\Users\samue\Desktop\Ori and the Will of the Wisps.url
2021-12-27 18:13 - 2021-12-27 18:13 - 000000223 _____ C:\Users\samue\Desktop\A Short Hike.url
2021-12-27 18:13 - 2021-12-27 18:13 - 000000000 ____D C:\Users\samue\AppData\LocalLow\adamgryu
2021-12-27 18:03 - 2021-12-27 18:03 - 000000000 ____D C:\Users\samue\AppData\Local\TheAscent
2021-12-27 16:13 - 2021-12-27 16:13 - 000000222 _____ C:\Users\samue\Desktop\Sable.url
2021-12-27 12:01 - 2021-12-27 12:01 - 3436665791 _____ C:\WINDOWS\MEMORY.DMP
2021-12-27 12:01 - 2021-12-27 12:01 - 003138716 _____ C:\WINDOWS\Minidump\122721-15015-01.dmp
2021-12-27 11:36 - 2021-12-27 11:36 - 000000223 _____ C:\Users\samue\Desktop\Portal Reloaded.url
2021-12-27 09:47 - 2021-12-27 09:47 - 000000000 ____D C:\Users\samue\Documents\DARKSiDERS
2021-12-27 09:47 - 2021-12-27 09:47 - 000000000 ____D C:\Users\samue\AppData\Roaming\milkfactory
2021-12-19 22:35 - 2021-12-19 22:35 - 000000000 ____D C:\Users\samue\AppData\Local\HellbladeGame
2021-12-19 22:05 - 2021-12-19 22:05 - 001770744 _____ C:\Users\samue\Downloads\SteamSetup(2).exe
2021-12-19 12:53 - 2021-12-19 12:53 - 000001092 _____ C:\Users\samue\Desktop\Adobe Lightroom Classic.lnk
2021-12-19 12:53 - 2021-12-19 12:53 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2021-12-18 23:25 - 2021-12-18 23:25 - 000538592 _____ C:\Users\samue\Documents\touch everything.fla
2021-12-18 15:51 - 2021-12-18 15:51 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2022.lnk
2021-12-18 15:50 - 2021-12-18 15:50 - 000001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate 2022.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-17 17:28 - 2020-09-01 18:42 - 000000000 ____D C:\Users\samue\AppData\Roaming\discord
2022-01-17 17:27 - 2020-09-01 18:42 - 000000000 ____D C:\Users\samue\AppData\Local\Discord
2022-01-17 17:25 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-17 17:20 - 2021-04-29 17:46 - 000000000 ____D C:\Users\samue\AppData\Roaming\Toon Boom Animation
2022-01-17 17:20 - 2020-12-16 23:13 - 000000000 ____D C:\Users\samue\AppData\Roaming\WTablet
2022-01-17 17:17 - 2021-03-26 00:21 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-01-17 17:17 - 2021-03-26 00:21 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-01-17 17:17 - 2021-03-26 00:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-17 17:17 - 2020-10-27 18:12 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-17 17:17 - 2020-06-28 00:35 - 000000000 ____D C:\Program Files (x86)\Steam
2022-01-17 13:19 - 2021-07-17 15:03 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-01-17 13:19 - 2020-06-28 00:24 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Mozilla
2022-01-17 01:55 - 2020-06-28 00:17 - 000000000 ____D C:\Users\samue\AppData\Local\D3DSCache
2022-01-16 23:04 - 2021-12-08 17:41 - 000000000 ____D C:\Users\samue\Desktop\gobelins work
2022-01-16 01:28 - 2020-06-28 00:24 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-16 01:28 - 2020-06-28 00:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-15 18:31 - 2021-03-26 00:21 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-15 18:31 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-15 18:27 - 2021-07-17 15:06 - 000000000 ___RD C:\Users\samue\Creative Cloud Files
2022-01-15 18:27 - 2021-07-10 13:03 - 000000000 ____D C:\Users\samue\AppData\Local\Overwolf
2022-01-15 18:26 - 2021-03-26 00:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-15 18:26 - 2021-03-26 00:17 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-15 18:26 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-15 16:26 - 2021-06-29 05:20 - 000000084 _____ C:\WINDOWS\system32\perfdish001.dat
2022-01-15 10:24 - 2020-07-19 01:16 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-15 10:24 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-15 10:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-15 07:52 - 2020-01-08 16:49 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-14 15:11 - 2020-12-16 23:12 - 000000000 ____D C:\Program Files\Tablet
2022-01-14 10:45 - 2021-07-10 13:04 - 000000000 ____D C:\Program Files (x86)\Overwolf
2022-01-14 10:19 - 2021-03-26 00:18 - 000000000 ____D C:\Users\samue
2022-01-14 00:11 - 2021-11-06 12:11 - 000000000 ____D C:\Users\samue\Desktop\goblins
2022-01-12 00:57 - 2020-12-10 23:26 - 000000000 ____D C:\Users\samue\AppData\Local\AMD_Common
2022-01-12 00:54 - 2020-12-16 23:05 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-01-12 00:53 - 2021-03-08 18:38 - 000000000 ____D C:\Users\samue\AppData\Roaming\audacity
2022-01-08 12:34 - 2020-12-15 17:41 - 000000000 ____D C:\Program Files\Adobe
2022-01-06 20:55 - 2020-10-27 18:13 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-06 20:55 - 2020-10-27 18:13 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-06 13:06 - 2021-09-09 18:04 - 000001456 _____ C:\Users\samue\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-01-05 22:20 - 2020-10-14 19:51 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2021-12-30 14:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-28 21:45 - 2021-08-29 20:55 - 000000000 ____D C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-12-28 20:05 - 2021-07-17 15:06 - 000000000 ____D C:\Users\samue\AppData\Local\CrashDumps
2021-12-28 18:42 - 2020-09-15 22:17 - 000000000 ____D C:\Users\samue\AppData\Roaming\RenPy
2021-12-27 18:03 - 2020-03-13 13:21 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-27 12:01 - 2021-12-16 10:08 - 000000000 ____D C:\Users\samue\AppData\Roaming\Apple Computer
2021-12-27 12:01 - 2021-04-16 10:12 - 000000000 ____D C:\WINDOWS\Minidump
2021-12-27 11:59 - 2020-07-21 20:39 - 000000000 ____D C:\Users\samue\AppData\Roaming\tixati
2021-12-27 09:47 - 2020-07-21 23:37 - 000000000 ____D C:\Games
2021-12-19 22:05 - 2021-06-28 00:00 - 000001039 _____ C:\Users\Public\Desktop\Steam.lnk
2021-12-18 19:10 - 2020-12-15 18:07 - 000000000 ____D C:\Users\samue\Documents\Adobe
2021-12-18 19:10 - 2020-06-28 00:19 - 000000000 ____D C:\Users\samue\AppData\Roaming\Adobe
2021-12-18 15:50 - 2020-12-15 17:40 - 000000000 ____D C:\Users\samue\AppData\Local\Adobe
2021-12-18 15:50 - 2020-12-15 17:40 - 000000000 ____D C:\ProgramData\Adobe
2021-12-18 07:24 - 2021-12-15 10:39 - 000000000 ____D C:\Users\samue\Documents\REAPER Media

==================== Files in the root of some directories ========

2020-11-07 08:16 - 2011-07-19 03:37 - 000003262 _____ () C:\Program Files (x86)\Falco.ico
2020-11-07 08:16 - 2011-07-19 04:05 - 000000046 _____ () C:\Program Files (x86)\Falco.url
2020-11-07 08:16 - 2017-11-19 13:51 - 000004286 _____ () C:\Program Files (x86)\FalcoGo.ico
2020-11-07 08:16 - 2017-11-19 13:53 - 000000044 _____ () C:\Program Files (x86)\FalcoGo.url
2020-11-07 08:16 - 2016-01-05 13:37 - 000004286 _____ () C:\Program Files (x86)\FalconLine.ico
2020-11-07 08:16 - 2016-01-05 13:25 - 000000047 _____ () C:\Program Files (x86)\FalconLine.url
2020-11-07 08:16 - 2016-12-21 01:39 - 000004286 _____ () C:\Program Files (x86)\FalcoSpace.ico
2020-11-07 08:16 - 2016-12-21 01:36 - 000000047 _____ () C:\Program Files (x86)\FalcoSpace.url
2021-09-09 18:04 - 2022-01-06 13:06 - 000001456 _____ () C:\Users\samue\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-01-06 02:13 - 2021-01-07 20:12 - 000025282 _____ () C:\Users\samue\AppData\Local\digikamrc
2021-07-17 15:16 - 2021-07-17 15:16 - 000000000 _____ () C:\Users\samue\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

266473185-1957000176-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1I_6BR0W53I3 version 156.2 (HKLM-x32\...\1I_6BR0W53I3_is1) (Version: 156.2 - LLCLnl6 SOFTWARE)
Adobe Animate 2022 (HKLM-x32\...\FLPR_22_0_2) (Version: 22.0.2 - Adobe Inc.)
Adobe Bridge 2022 (HKLM-x32\...\KBRG_12_0_1) (Version: 12.0.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788.2 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe InDesign 2022 (HKLM-x32\...\IDSN_17_0_1) (Version: 17.0.1 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_11_1) (Version: 11.1 - Adobe Inc.)
Adobe Media Encoder 2022 (HKLM-x32\...\AME_22_1_1) (Version: 22.1.1 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_1) (Version: 23.1.0.143 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{1774a753-7604-40a0-adbd-e3dc95bea5a8}) (Version: 2.04.04.111 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{4fedae1b-6980-4848-9ba0-229c946a3dac}) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Aurora (HKLM-x32\...\{A65BAA2D-2281-4DEE-93E0-34F323527587}) (Version: 1.0.3 - Aurora)
Batman - The Telltale Series (HKLM-x32\...\2140144872_is1) (Version: byefbpatch - GOG.com)
Batman The Enemy Within - The Telltale Series (HKLM-x32\...\2135854393_is1) (Version: episode 5 - GOG.com)
Blacksad: Under the Skin (HKLM-x32\...\1772238447_is1) (Version: 1.0.2_11546.2810.2019111301_Hotfix1 - GOG.com)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Capture One 20 (HKLM\...\CaptureOne13_is1) (Version: 13.0.0.155 - Phase One A/S)
Cheat Engine 7.3 (HKLM\...\Cheat Engine_is1) (Version:  - Cheat Engine)
CLIP STUDIO 1.8.0 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.8.0 - CELSYS)
CLIP STUDIO PAINT 1.8.2 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.8.2 - CELSYS)
Dead Cells (HKLM-x32\...\1237807960_is1) (Version: 1.0 - GOG.com)
digiKam 7.1.0 (HKLM-x32\...\digiKam) (Version: 7.1.0 - The digiKam team)
Discord (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Discord) (Version: 0.0.311 - Discord Inc.)
Documentation Manager (HKLM\...\{1C8E0D25-2AD1-4A5B-885E-03256A0ED8B6}) (Version: 21.70.0.6 - Intel Corporation) Hidden
DRAGON QUEST BUILDERS 2 (HKLM-x32\...\DRAGON QUEST BUILDERS 2_is1) (Version:  - )
Epson Event Manager (HKLM-x32\...\{15F081E3-93FF-4FF3-B447-42CC458C4F79}) (Version: 3.11.0021 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Genshin Impact (HKLM\...\Genshin Impact Beta) (Version: 2.3.3.0 - miHoYo Co.,Ltd)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.11.2.0 - miHoYo Co.,Ltd)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC)
Her Story (HKLM-x32\...\1435240365_is1) (Version: gog-1 - GOG.com)
Human - Fall Flat (HKLM-x32\...\{E8D22FE1-AB5F-42CA-2662-6F70B96DDD90}_is1) (Version: 0.6.0 - FreeTP.Org)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000070-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.70.0.3 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{9be285a1-83bf-4416-853d-015017626f25}) (Version: 21.70.0.6 - Intel Corporation) Hidden
Java 8 Update 301 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
Java 8 Update 301 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180301F0}) (Version: 8.0.3010.9 - Oracle Corporation)
Kentucky Route Zero (HKLM-x32\...\1207660653_is1) (Version: 2.3.0.9 - GOG.com)
LibreOffice 7.0.4.2 (HKLM\...\{B3171B83-4945-43E0-A101-841638C05506}) (Version: 7.0.4.2 - The Document Foundation)
LOOT version 0.15.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.15.1 - LOOT Team)
MaskVPN (HKLM-x32\...\{4A4ACF2E-4A98-4D18-80E3-5A5E5706F81E}_is1) (Version: 1.1.0.31 - Global Media (Thailand) Co., Ltd)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.1 (x64 en-US)) (Version: 96.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 77.0.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATTENTION
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenToonz version 1.4.0 (HKLM\...\{DF519282-600D-4E03-9190-6046329B1CB4}_is1) (Version: 1.4.0 - DWANGO Co., Ltd.)
OPPAI Academy Big Bouncy Booby Babes (HKLM-x32\...\OPPAI Academy Big Bouncy Booby Babes) (Version:  - DARKSiDERS)
Origin (HKLM-x32\...\Origin) (Version: 10.5.92.46430 - Electronic Arts, Inc.)
Overcooked 2 (HKLM-x32\...\Overcooked 2_is1) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.188.0.22 - Overwolf Ltd.)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Photo Mechanic Full (HKLM\...\{342310B8-3A44-49AB-9B22-0CC4968DA410}) (Version: 6.0.2818 - Camera Bits, Inc.)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
PSD Repair Kit 2.3 (HKLM-x32\...\PSD Repair Kit_is1) (Version:  - File Master LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8522 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.42.369 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games)
Sekiro Shadows Die Twice (HKLM-x32\...\Sekiro Shadows Die Twice_is1) (Version:  - )
SketchUp 2020 (HKLM-x32\...\{522800F1-9FCE-44F2-8D2E-2CEC5B25A9C2}) (Version: 20.2.172 - Trimble, Inc.)
SketchUpPro (HKLM\...\{5778f9a3-781e-16f1-a6bf-08fd59dfa77b}) (Version: 20.2.172.37 - SketchUp) Hidden
Spelunky (HKLM-x32\...\1207659257_is1) (Version: 2.1.0.9 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TakeMyFile (HKLM-x32\...\{21AC19EB-58FC-43D8-984F-008619E193D6}_is1) (Version: 1.02 - US-Media-Capital)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Thunderstore Mod Manager (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Overwolf_ahpflogoookodlegojjphcjpjaejgghjnfcdjdmi) (Version: 1.6.0 - Overwolf app)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Toon Boom Storyboard Pro 20 (HKLM-x32\...\{85D673AF-6DCA-1014-920B-4EFA9FCDC13C}) (Version: 20.10.2.17538 - Toon Boom Animation)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
viewerise v1.53.222 (HKLM-x32\...\viewerise_is1) (Version: 1.53.0.2 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.45-1 - Wacom Technology Corp.)
Weather (HKLM-x32\...\Weather) (Version: 9.1.0A - Weather)
Web Companion (HKLM-x32\...\{b08cfc25-a227-48fc-9b8e-5e686af24be3}) (Version: 7.0.2417.4248 - Lavasoft)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.663 - McAfee, LLC)
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Driver Package - Phase One A/S (WinUSB) USBDevice  (12/14/2018 1.15.0.0) (HKLM\...\9398055CF8BEEF1D6FCF147047450F15A1C7AF2A) (Version: 12/14/2018 1.15.0.0 - Phase One A/S)
Windows Installer (HKLM-x32\...\{13499434-9821-4E2D-B7DF-7C0867EB1504}) (Version: 5.0.3 - AdvancedWindowsManager)
WTSilver version 0.0 (HKLM-x32\...\{13B6C361-A725-475B-96F5-5871177F4B14}_is1) (Version: 0.0 - )
Zoom (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)

Packages:
=========
7-Zip File Manager (Unofficial) -> C:\Program Files\WindowsApps\HaukeGtze.7-ZipFileManagerUnofficial_1.1900.3.0_x64__6bk20wvc8rfx2 [2020-08-21] (Hauke Hasselberg)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-07-17] (Adobe Systems Incorporated)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220 [2021-03-19] (Dolby Laboratories)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.38.0.0_x64__ypmq2qh89vmny [2021-03-18] (Turnipsoft)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-11-28] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-18] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0D62594C70D7} -> [Creative Cloud Files] => C:\Users\samue\Creative Cloud Files [2021-07-17 15:06]
CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ContextMenuHandlers4: [PMShellExt] -> {D33CAA34-6010-4798-A3A3-11600C03EDDB} => C:\Program Files\Camera Bits\Photo Mechanic\PMShellMenu\PMShellMenu.dll [2019-04-05] (Camera Bits, Inc.) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-14 08:20 - 2021-10-05 20:30 - 126961152 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2020-07-14 08:20 - 2021-10-05 20:30 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2020-07-14 08:20 - 2021-10-05 20:30 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2021-03-19 03:38 - 2021-03-19 03:38 - 000168960 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220\DAXRPCClient.dll
2021-03-19 03:38 - 2021-03-19 03:38 - 037922304 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220\DolbyAccess.dll
2021-01-14 21:16 - 2021-01-14 21:16 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220\e_sqlite3.dll
2020-12-04 06:51 - 2020-12-04 06:51 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-01-08 16:49 - 2020-01-08 16:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-01-08 16:49 - 2020-01-08 16:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2017-02-13 13:54 - 2017-02-13 13:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 16:39 - 2009-10-21 16:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2020-07-14 08:20 - 2021-10-05 20:30 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2020-06-28 13:39 - 2020-06-28 13:39 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-06-28 13:39 - 2020-06-28 13:39 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-06-28 13:39 - 2020-06-28 13:39 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-04 07:02 - 2020-12-04 07:02 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D021821-AB91A1A2A71DC4AF78EF&form=CONMHP&conlogo=CT3331955
SearchScopes: HKU\S-1-5-21-1443207549-266473185-1957000176-1003 -> DefaultScope {C324477A-5E31-4AF0-B6FD-69ACABE8900C} URL =
SearchScopes: HKU\S-1-5-21-1443207549-266473185-1957000176-1003 -> {C324477A-5E31-4AF0-B6FD-69ACABE8900C} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_301\bin\ssv.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-01-13] (McAfee, LLC -> McAfee, LLC)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\ssv.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-01-13] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_301\bin\jp2ssv.dll [2021-09-21] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\samue\Desktop\downloads\New folder\ramon 4\image stills\The_Roses_of_Heliogabalus.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{4AB78639-2387-4FEA-B82F-37297E9A6A13}C:\program files\opentoonz\opentoonz.exe] => (Allow) C:\program files\opentoonz\opentoonz.exe () [File not signed]
FirewallRules: [TCP Query User{B334B5FB-DC30-4425-82D7-B12AED8E74B9}C:\program files\opentoonz\opentoonz.exe] => (Allow) C:\program files\opentoonz\opentoonz.exe () [File not signed]
FirewallRules: [{56F31E9B-F03A-4398-AF5B-7CB32C9F2C07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{2EF4CB11-A887-45C7-9F74-6267BB88BDCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{F3BCCCD1-DD95-416D-9DA7-68F888989B1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{C8EED9C4-7B1F-4E45-980E-08084B1EF86C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{01A61742-9485-43E1-B526-5F1709451EA1}C:\users\samue\appdata\roaming\weather\weather.exe] => (Block) C:\users\samue\appdata\roaming\weather\weather.exe (WeatherApplication) [File not signed]
FirewallRules: [TCP Query User{BACAB90D-6E2D-4929-A223-61F550D503F7}C:\users\samue\appdata\roaming\weather\weather.exe] => (Block) C:\users\samue\appdata\roaming\weather\weather.exe (WeatherApplication) [File not signed]
FirewallRules: [{63A3717F-C8F9-4363-98B1-FFB1D54AC029}] => (Allow) C:\Program Files (x86)\MaskVPN\tunnle.exe (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
FirewallRules: [{DE930B60-CECE-49B4-92D5-C005F6761FB8}] => (Allow) C:\Program Files (x86)\MaskVPN\MaskVPNUpdate.exe (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
FirewallRules: [{41980713-BDB2-463A-8FDC-7C044BE3E4C7}] => (Allow) C:\Program Files (x86)\MaskVPN\MaskVPN.exe (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
FirewallRules: [{A4EBEB01-ED4A-47C1-8568-D1DD4E2DC8B4}] => (Allow) C:\Program Files (x86)\MaskVPN\mask_svc.exe (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
FirewallRules: [UDP Query User{8F8008BD-5867-492D-BBF9-4D68244CEBBC}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{748ED71D-5521-48A9-AE86-775562250730}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{144A78F6-97F9-415B-817C-040667F5AFE6}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{FE76C600-932C-4D4D-B5B9-0AD59A6BD85D}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{9A1729CE-9C9E-47A4-B066-AD76E32951A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celeste\Celeste.exe (Matt Makes Games) [File not signed]
FirewallRules: [{AFEDC269-381E-4493-9D12-2CC926B7EA7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Celeste\Celeste.exe (Matt Makes Games) [File not signed]
FirewallRules: [{8CDA8247-3366-4ED0-8F65-26D000ABC569}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lair of the Clockwork God\LotCG.exe () [File not signed]
FirewallRules: [{AEC22BDC-0BE8-4027-A27D-4E9643B1BB71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lair of the Clockwork God\LotCG.exe () [File not signed]
FirewallRules: [UDP Query User{E3DEE4AC-97BA-4EC7-A632-A9061C63A2C8}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => No File
FirewallRules: [TCP Query User{D7A93C41-935F-468B-8128-AF2AAC44496E}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => No File
FirewallRules: [{474675B3-94F9-4E99-A278-7A10C05DB7A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GRIS\GRIS.exe () [File not signed]
FirewallRules: [{AD2368E6-E915-4330-B234-BC3E2E799B98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GRIS\GRIS.exe () [File not signed]
FirewallRules: [{D879F501-3D80-49C5-A262-86CF5840EF74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kami\Spiritfarer.exe () [File not signed]
FirewallRules: [{D694545B-CE3D-4657-B71D-4D5BD62F8F4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kami\Spiritfarer.exe () [File not signed]
FirewallRules: [{28AFF857-BB6E-483A-830C-F55A62C7EEDA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FDDDBA45-8D9B-4269-BD7A-E5046560BC9C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72D9DA22-4DD1-431B-908A-51A36A1CAAEE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3DF70E8-6D84-49FB-BB58-13DA33520BD8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B392C3F1-A7FB-4F99-999D-DF1D0905F7DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vagrus - The Riven Realms\Vagrus.exe () [File not signed]
FirewallRules: [{75243D7C-33D7-4088-9F8A-E06690D47BCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vagrus - The Riven Realms\Vagrus.exe () [File not signed]
FirewallRules: [{F15209A4-5142-4878-B8D9-17A55C90E024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => No File
FirewallRules: [{9DE9E1FB-FC8E-49EB-AEDA-F3B32535AA50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => No File
FirewallRules: [{2EBF1FBF-8ADC-416C-BA92-F43725CE6542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umurangi Generation\UmurangiGeneration\Umurangi Generation.exe => No File
FirewallRules: [{77433161-CDD4-48EA-8F73-24A000DE6717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umurangi Generation\UmurangiGeneration\Umurangi Generation.exe => No File
FirewallRules: [UDP Query User{AC769F15-DAD1-4EC5-A346-1D0C1BC864B0}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe => No File
FirewallRules: [TCP Query User{CA1D28AA-2FB2-493C-A1D5-D2538F549620}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B039D553-CE88-4067-949B-0BDA75171D6B}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe] => (Block) C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe => No File
FirewallRules: [TCP Query User{1760C407-F5A9-40A6-B7DC-C94A6E4D1958}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe] => (Block) C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe => No File
FirewallRules: [UDP Query User{EF1ED72B-FA79-415F-84B6-133FC9B995AB}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{170205CA-78C5-4B35-95A6-4B71910864E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{BA6B4056-BDA7-4421-8EB5-665ED94D1C7D}C:\games\human - fall flat\human.exe] => (Block) C:\games\human - fall flat\human.exe () [File not signed]
FirewallRules: [TCP Query User{1042110F-46CB-405E-943B-D0045BD685A7}C:\games\human - fall flat\human.exe] => (Block) C:\games\human - fall flat\human.exe () [File not signed]
FirewallRules: [UDP Query User{2493EF62-3DB1-4396-AEB5-330BB24E4ACE}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe] => (Block) C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F1A0AC35-5A58-4B37-8DA7-63CBCDE28107}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe] => (Block) C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe => No File
FirewallRules: [UDP Query User{498C3AB1-A858-443D-8DF9-7DC47FAD554A}C:\games\planet zoo\planetzoo.exe] => (Block) C:\games\planet zoo\planetzoo.exe => No File
FirewallRules: [TCP Query User{273D4C12-E3EC-4C2E-BE9A-C5BEBA0F682A}C:\games\planet zoo\planetzoo.exe] => (Block) C:\games\planet zoo\planetzoo.exe => No File
FirewallRules: [UDP Query User{86B1E3F0-9167-4546-A3F5-8E80D275938F}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe] => (Block) C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe => No File
FirewallRules: [TCP Query User{4A340ECC-8648-489B-8FD6-CC3FC6B86862}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe] => (Block) C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe => No File
FirewallRules: [UDP Query User{841BB8F6-96C6-4113-AF34-62F42336FAB9}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe] => (Block) C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe => No File
FirewallRules: [TCP Query User{DAB7EF86-09FE-4E47-A4F4-9A4F8AD67BD1}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe] => (Block) C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe => No File
FirewallRules: [UDP Query User{172FF75D-677F-48E5-A31C-FA24354F2A49}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe] => (Block) C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe => No File
FirewallRules: [TCP Query User{BA2ADC61-5E17-4B52-83E8-C117DA1F8986}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe] => (Block) C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe => No File
FirewallRules: [UDP Query User{8BEEE4B8-6ED2-451A-A3FF-F48AD8F8B530}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{EA8BEA53-7A2C-404A-BA85-ABFB27E17E24}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{43F29391-FA9C-4D1D-B879-111B66887B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{D7DBB605-8160-49F8-9AD6-0178AD3AC4E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{1348591A-42E1-41A6-B4C5-0ACEE42BFB27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Braid\braid.exe () [File not signed]
FirewallRules: [{440A6DF8-2081-41AB-9935-2176A9B2CB20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Braid\braid.exe () [File not signed]
FirewallRules: [{B0175C51-0694-4F65-BE7D-B9A2784303FA}] => (Allow) C:\Users\samue\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{88FF943A-A86C-4D4F-A257-091832BDB49D}] => (Allow) C:\Users\samue\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{9FFECBE5-092A-4D1B-A88D-AE173803FEBB}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7445F63C-091A-4FA8-83E8-430C2E2AC5DE}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{5777EE51-3D5D-4405-B324-38773378B57B}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{585204BF-866A-418D-BEE5-1AD3CBFD3C98}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [UDP Query User{CA8197A6-3ACB-4F34-A7F2-02B8625DAE2C}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{2853A960-31E0-4F3F-B68E-418FF088BADE}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [{61AA695C-FC1E-4285-83BE-9356EF475770}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E80F3D29-3444-4CDD-BE5A-199F68EE4628}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{2D5D5D83-C688-4176-8568-0EE62292DC16}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [TCP Query User{B806C4EB-5E67-4E56-AD29-7F2300225B24}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [{E872E941-E2DB-4FB2-A828-D9FAAEE6FAE8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{36C72715-1205-47E3-B9F8-0A860BCB4B85}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{37A2F3CD-80E5-472A-BC20-B522D572E488}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0E13EC01-F233-4D98-87FB-482F523AE318}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{09AC9C6A-AA03-4655-A3FE-9964C3DDCB96}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C4A74626-C49F-412F-AD0B-77DAA633469B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AF1D80B1-B78F-4D29-9DEF-28B55B4800F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F27C7A7A-0110-4092-8D9E-1079094625B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{40FC527B-A4BF-4172-929A-B4164B7AC1FD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F31C6101-3A4C-4910-AE3A-78821A921A16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{00A49CC9-A077-4376-9CE7-916C150431AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{02CE7010-33D7-41A0-A2D7-D78E5BCA15CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{220CBB86-F7D0-41C1-A702-E86A5BAD4871}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DE717FD3-A2CD-4F72-8175-DE5DC781E812}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C200BBE7-A42A-4064-89FB-D2FC6699E032}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{81A60BEE-4DAC-4776-A053-AA4DF66CC73D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [TCP Query User{05F43A19-4BA6-4C22-95DA-8DE54C2BF158}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{64B7DA58-401C-415C-9A6D-A8AF1952EC30}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{0165296D-C384-4002-AB8D-6F841957A279}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Elysium\disco.exe () [File not signed]
FirewallRules: [{A5748AED-8E02-41F1-8ECE-9C5DD4C1448C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disco Elysium\disco.exe () [File not signed]
FirewallRules: [{7F066513-C70F-4ED0-8CA3-0B2F9507FCEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Suzerain\Suzerain.exe () [File not signed]
FirewallRules: [{AEB9BB1E-D1FC-43E2-9D73-A5687A419967}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Suzerain\Suzerain.exe () [File not signed]
FirewallRules: [{996EFAA5-CD53-45B5-9BD9-E17E9EB90924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeTheRevolution\We.TheRevolution_x86_64.exe () [File not signed]
FirewallRules: [{C16A28C7-FB24-4362-A131-FFF17DA9291E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeTheRevolution\We.TheRevolution_x86_64.exe () [File not signed]
FirewallRules: [{DE64EDFB-22CC-43EA-AAF5-F4ACAEF999F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WHAT THE GOLF\WHAT THE GOLF.exe () [File not signed]
FirewallRules: [{4B42C671-4F84-4A8C-94D1-C4BED33A9697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WHAT THE GOLF\WHAT THE GOLF.exe () [File not signed]
FirewallRules: [TCP Query User{78C8BD44-1ECF-4E2C-B68A-493C8D528047}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File
FirewallRules: [UDP Query User{8B4464B8-4ABC-40E8-848E-DD575E53CE6C}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File
FirewallRules: [TCP Query User{00EFDF6D-F003-4F07-9144-FC0E01376C22}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{C9901599-28C5-41B5-BD9D-453031BC84E7}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [{8EDDE662-6700-4DD3-9175-451FDFC709B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [File not signed]
FirewallRules: [{337032C9-8402-4707-AA73-85565F028226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [File not signed]
FirewallRules: [TCP Query User{237939B1-8713-411F-81EA-395CD9E98F77}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{B268E5BC-BF0E-41C2-B438-5E07B1E9DAFC}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [{FA5E5D74-32E7-40F4-8899-AAE43710903C}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{4DEEE736-B1FC-4DB6-AD2B-F14F03982907}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{AF42D8D1-74A9-4900-BA34-03CF650B7747}] => (Allow) D:\SteamLibrary\steamapps\common\Tainted Grail\Tainted Grail.exe => No File
FirewallRules: [{8796E1B7-E896-4045-9D7B-55CB64001DF1}] => (Allow) D:\SteamLibrary\steamapps\common\Tainted Grail\Tainted Grail.exe => No File
FirewallRules: [{27A8887D-E209-4D2F-B658-B76A95E5D405}] => (Allow) D:\SteamLibrary\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe => No File
FirewallRules: [{49838A58-60FE-4D9C-8EAC-77145FD17DD1}] => (Allow) D:\SteamLibrary\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe => No File
FirewallRules: [{4C70BA01-13EC-4A02-9E9C-DD0D936679BA}] => (Allow) D:\SteamLibrary\steamapps\common\Ni no Kuni Wrath of the White Witch™ Remastered\NinoKuni_WotWW_Remastered.exe => No File
FirewallRules: [{5E93C050-287A-4A95-B061-1819A89C90D0}] => (Allow) D:\SteamLibrary\steamapps\common\Ni no Kuni Wrath of the White Witch™ Remastered\NinoKuni_WotWW_Remastered.exe => No File
FirewallRules: [{E425BF8A-1DC1-4E46-AEB2-DED9ADC39E5C}] => (Allow) D:\SteamLibrary\steamapps\common\CatherineClassic\Catherine.exe => No File
FirewallRules: [{FEBF4DF9-7A11-48A9-8380-E1576D316842}] => (Allow) D:\SteamLibrary\steamapps\common\CatherineClassic\Catherine.exe => No File
FirewallRules: [{A7A26BBB-9B90-477B-85FC-E47BBAE3E700}] => (Allow) D:\SteamLibrary\steamapps\common\BATTLETECH\BattleTechLauncher.exe => No File
FirewallRules: [{0632BC39-EB51-4126-8E27-7E87059FD07E}] => (Allow) D:\SteamLibrary\steamapps\common\BATTLETECH\BattleTechLauncher.exe => No File
FirewallRules: [{5E47FE40-F81B-48CA-8092-22B549BAC092}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe => No File
FirewallRules: [{B821B783-F176-438F-8BB5-605EF2293A4A}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe => No File
FirewallRules: [{0D1D35CF-1952-474F-BB8E-91B4EF9F39DD}] => (Allow) D:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe => No File
FirewallRules: [{E0A401A0-8D26-4BCC-ABF7-730236680252}] => (Allow) D:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe => No File
FirewallRules: [{3079EB29-2A86-41F1-BAB0-F04C5F0223D2}] => (Allow) D:\SteamLibrary\steamapps\common\TheOuterWorlds\TheOuterWorlds.exe => No File
FirewallRules: [{C2051989-C55B-45E6-90F5-E46B00CA3A3E}] => (Allow) D:\SteamLibrary\steamapps\common\TheOuterWorlds\TheOuterWorlds.exe => No File
FirewallRules: [TCP Query User{6C539AF7-45C6-41BA-94A3-D446A0291554}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => No File
FirewallRules: [UDP Query User{13301CC3-701E-458B-B8D3-301537699BA6}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => No File
FirewallRules: [{4B401781-C833-4C6E-AC11-8FA63424641F}] => (Allow) D:\SteamLibrary\steamapps\common\Vampire The Masquerade - Shadows of New York\VtM Shadows of New York.exe => No File
FirewallRules: [{66146324-8DB6-4F09-A53A-8FFC4D29E500}] => (Allow) D:\SteamLibrary\steamapps\common\Vampire The Masquerade - Shadows of New York\VtM Shadows of New York.exe => No File
FirewallRules: [TCP Query User{D0DD07D6-346C-47BA-BE1D-73D43402C8AB}C:\users\samue\desktop\downloads\the.last.spell.v0.91.2\the last spell\the last spell.exe] => (Block) C:\users\samue\desktop\downloads\the.last.spell.v0.91.2\the last spell\the last spell.exe () [File not signed]
FirewallRules: [UDP Query User{3102E11E-0B09-4836-9CCF-BB127165706D}C:\users\samue\desktop\downloads\the.last.spell.v0.91.2\the last spell\the last spell.exe] => (Block) C:\users\samue\desktop\downloads\the.last.spell.v0.91.2\the last spell\the last spell.exe () [File not signed]
FirewallRules: [{A261CF33-1CCF-4566-AA50-6C229D2BE6B4}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{2CDF3437-AD1A-44B0-8F30-F1D9446DAB6F}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{52F98834-E55E-451A-B905-46512BA2CADF}] => (Allow) D:\SteamLibrary\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{7D3F8A5F-71CD-4C7F-B7B8-B24847E00AA7}] => (Allow) D:\SteamLibrary\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{6D6797E9-EBA8-403C-8A4F-1074011181C2}] => (Allow) D:\SteamLibrary\steamapps\common\Armello\armello.exe => No File
FirewallRules: [{F39552C2-D007-4FD3-B8D0-776E0B12B2B0}] => (Allow) D:\SteamLibrary\steamapps\common\Armello\armello.exe => No File
FirewallRules: [{F74B14DF-AE23-4101-9AB3-44BF252BACD4}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => No File
FirewallRules: [{C92DB223-2811-432D-AAEA-D12E001CD01D}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => No File
FirewallRules: [{E6ED4459-D174-41C0-ACCC-F2BF20620FD3}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => No File
FirewallRules: [{A9F15509-E237-476A-AD36-47A81B4B5D1C}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => No File
FirewallRules: [{4F4EFADC-6C98-4956-B17A-5C348E2A3342}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => No File
FirewallRules: [{71AFBD8D-B919-440B-A19F-3A47B98766B5}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => No File
FirewallRules: [{4CA6C30E-0D4A-4FBD-AAAC-306436739249}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe => No File
FirewallRules: [{C39FF1A2-B43E-4D20-9630-A43775061232}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe => No File
FirewallRules: [{D725FFAB-BF58-42F1-8160-3C4C29B5CBD0}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe => No File
FirewallRules: [{54DDC373-48C0-43AE-8081-43E52A2789D7}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe => No File
FirewallRules: [{80ED353C-F2CB-488E-9F79-E0AC739B49AC}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe => No File
FirewallRules: [{00242C50-4B6E-497E-9987-CBFCD6B7D608}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe => No File
FirewallRules: [{028C13B8-34F1-42B4-A55F-B0D2697CA2F8}] => (Allow) D:\SteamLibrary\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{7F91DFB4-3E6A-4EF5-820C-52DB7586F551}] => (Allow) D:\SteamLibrary\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{BFBD3AE6-8E6B-4323-AEAE-E27DD99A3C88}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\ManOfMedan.exe => No File
FirewallRules: [{3E398828-8C74-4B78-A2B4-EACA06FE89A3}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\ManOfMedan.exe => No File
FirewallRules: [{9D8E8C9C-B742-4006-8275-A56D95040080}] => (Allow) D:\SteamLibrary\steamapps\common\Cthulhu Saves the World\CSTW.exe => No File
FirewallRules: [{AE253542-D507-46FE-9DE5-262ADF4781E0}] => (Allow) D:\SteamLibrary\steamapps\common\Cthulhu Saves the World\CSTW.exe => No File
FirewallRules: [TCP Query User{AE5F2C61-8EF3-46A7-A768-8C7DF31C13B5}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C4F7100C-4A34-4190-A774-C2F29E4F7D3E}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe => No File
FirewallRules: [{F3106DE0-E3AC-4C41-8834-785109D61AFB}] => (Allow) D:\SteamLibrary\steamapps\common\Star Apprentice Classic\Game.exe => No File
FirewallRules: [{7CA16405-8A18-4AEE-B02F-6BEF4D34008B}] => (Allow) D:\SteamLibrary\steamapps\common\Star Apprentice Classic\Game.exe => No File
FirewallRules: [{0FA326A1-158D-4A8D-A0AF-60B908644661}] => (Allow) D:\SteamLibrary\steamapps\common\Eastshade\Eastshade.exe => No File
FirewallRules: [{64A032D5-E018-4F3F-81BD-388962BD1A6F}] => (Allow) D:\SteamLibrary\steamapps\common\Eastshade\Eastshade.exe => No File
FirewallRules: [{276C9354-E192-4D09-B7EE-F994206B622B}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{EB26165E-2EAD-488A-9F18-6BDD737D2E3C}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{CD889A56-6920-4590-8C0F-7EEF8BBD176C}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [{01F6ED4D-C8F4-4B82-A591-0D51946994BF}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [TCP Query User{758A3EBB-BADC-4C42-8CB9-F35C8D07E05A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => No File
FirewallRules: [UDP Query User{AE24683D-1651-49E7-9F74-6A05FCD2300A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => No File
FirewallRules: [{720ACA5A-A845-4227-9416-91A891925399}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe => No File
FirewallRules: [{2A8C487F-6C55-42C2-A790-24D45B8CC637}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe => No File
FirewallRules: [{869C9FD0-F91C-4164-A503-5CEDEB2AE7BD}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{9AAB42C1-ADBB-47B2-9981-C39389BA85CA}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{C894A485-4B21-4BB8-AA15-B84A2F3F02A7}] => (Allow) D:\SteamLibrary\steamapps\common\Out of Space\Out of Space.exe => No File
FirewallRules: [{4C152555-17E9-4E49-AF98-7B1A4AF1D045}] => (Allow) D:\SteamLibrary\steamapps\common\Out of Space\Out of Space.exe => No File
FirewallRules: [{D0063132-7DB4-4CC5-837C-FE8BAFDDFD64}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{924B2581-9B41-4981-9E6C-EF64BDE143F6}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{5D79337C-B756-4517-9DEB-7BCB6B052F1E}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{83F34E30-EF72-4823-BDF4-A144BF8143F8}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [TCP Query User{FEBBC73B-9A42-434B-B7CB-6BE0C71D7C03}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe (miHoYo Co.,Ltd. -> )
FirewallRules: [UDP Query User{90FFC432-CAA4-42E9-8891-3BA9BB3B2882}C:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) C:\program files\genshin impact\genshin impact game\genshinimpact.exe (miHoYo Co.,Ltd. -> )
FirewallRules: [{8A04F679-0DFC-4B11-8399-BB6487797461}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe => No File
FirewallRules: [{C7FAE89F-9C4B-4C84-8FDD-8A1005C9DE3B}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe => No File
FirewallRules: [{97448B4A-555D-4CA8-983C-91AD23AE63B5}] => (Allow) D:\SteamLibrary\steamapps\common\Unrailed\UnrailedGame.exe => No File
FirewallRules: [{E28B77BD-92A5-4B43-B1CD-F5F7A6DA4AF0}] => (Allow) D:\SteamLibrary\steamapps\common\Unrailed\UnrailedGame.exe => No File
FirewallRules: [{28D8B84D-4884-45E1-AB5A-1171A45783C3}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe => No File
FirewallRules: [{7C99513D-D41B-4174-9A55-775C87C10A96}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe => No File
FirewallRules: [{F39E1024-53AF-4F52-837E-8B2E955C1277}] => (Allow) D:\SteamLibrary\steamapps\common\Eastward\Eastward.exe => No File
FirewallRules: [{3EE6C0E6-ADEB-4738-A69C-33CD48344261}] => (Allow) D:\SteamLibrary\steamapps\common\Eastward\Eastward.exe => No File
FirewallRules: [{7C253DC7-FA50-4D0F-AE59-FED2E11E4569}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe => No File
FirewallRules: [{22F50013-8121-4C7F-B255-5646E03793DA}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe => No File
FirewallRules: [{3AF42FA0-6D24-4366-9E1E-9CDF650CDD25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{F7BC4B33-7C96-4323-8D9F-4588017CABD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{6982D23E-5B70-4192-A144-528201B56888}] => (Block) C:\Program Files (x86)\Toon Boom Animation\Toon Boom Storyboard Pro 20\win64\bin\StoryboardPro.exe (Toon Boom Animation Inc. -> Toon Boom Animation Inc.)
FirewallRules: [{67A524B7-8771-4D43-B182-CB2C43C58DAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Griftlands\bin\Griftlands.exe () [File not signed]
FirewallRules: [{9C6BAB47-A9A5-4D33-AEF0-95160A4FE100}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Griftlands\bin\Griftlands.exe () [File not signed]
FirewallRules: [{F329D9EF-00FD-446F-AA52-02D91C628851}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6CD8742D-6DB1-45FC-B454-9C2DA4B7CACD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{066E8C43-9756-4DDC-B518-26E609AAD4EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6BDC3BDF-0720-4315-B218-FB7D34B0D8DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5C9BA521-FC33-4D06-BB79-C9947D521981}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{DFD6312D-ABA1-49BF-A35B-EF860E9AABB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Reloaded\portal2.exe () [File not signed]
FirewallRules: [{EBBEDAA2-B50F-4A1A-9302-5C835295A77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Reloaded\portal2.exe () [File not signed]
FirewallRules: [{47E33A01-D18B-462F-BE09-A74E28A599DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sable\Sable.exe () [File not signed]
FirewallRules: [{09DEC575-7C53-4978-A1E1-5872330E0EFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sable\Sable.exe () [File not signed]
FirewallRules: [{4031D578-BC6C-431A-AF5A-DEFE956B6BB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Short Hike\AShortHike.exe () [File not signed]
FirewallRules: [{BE3BED28-CFF7-47FB-9AB5-4D07BF2B3A24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Short Hike\AShortHike.exe () [File not signed]
FirewallRules: [{AD8BA2B5-2CBD-47DF-95BB-D72F0039DAC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sexy Brutale\game\game.exe () [File not signed]
FirewallRules: [{99413784-0C3F-4669-A81C-631D5F9156CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Sexy Brutale\game\game.exe () [File not signed]
FirewallRules: [{ADE14FCC-A446-4F08-A60E-BA0FE51CB976}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{BEA70E3E-06BF-484D-903E-2F990C6FB10E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{AADF6F02-1FCB-4B39-BD1B-27C31A1A3A4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori and the Will of the Wisps\oriwotw.exe () [File not signed]
FirewallRules: [{327A7614-564E-44D5-8849-5AF63A820FE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori and the Will of the Wisps\oriwotw.exe () [File not signed]
FirewallRules: [{63041F0B-24BC-4410-9817-8D25CF529D61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ROUNDS\Rounds.exe () [File not signed]
FirewallRules: [{C30EC420-9E47-4790-8CAC-D22EFECC5CA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ROUNDS\Rounds.exe () [File not signed]
FirewallRules: [{87E82CA0-C3AE-4297-98A1-EADDB0F48CA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{920992AD-2578-4AAF-A07E-058D5BC94B70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{D58EF8C1-29A2-4F54-A1E0-AD0251FE4501}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D5C48D4F-C0D4-4F48-A643-6465FF319C44}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{6F897FF3-5836-422F-9C3C-27D5A40A4029}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{62E39975-F803-4F92-84B3-86EF246FEA3E}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{DC99CE6D-A1F0-4172-AAC9-6B3F05603497}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{A308B60D-981A-44E5-A14D-F35D8FD6240F}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0AECEEDD-8D11-4141-BAC2-61BAE84796CC}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{FE9F0D5A-55D0-4F21-9091-A6000834ADB5}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B4E30F28-4BFA-4311-82B3-AD80FD824EDD}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{75850B90-9E04-4BFD-9C71-40EC7F28B88D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9E5FE024-B4C7-4977-BDF8-A05D06BEB7F1}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{D2AD9D11-9F14-4B64-BCB0-9EAAE7C89D08}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\97.0.1072.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

15-01-2022 01:32:57 Scheduled Checkpoint
16-01-2022 15:24:09 Removed Toon Boom Storyboard Pro 20.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2022 06:26:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/15/2022 06:25:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Faulting module name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Exception code: 0xc000041d
Fault offset: 0x0000000000232446
Faulting process id: 0x35c8
Faulting application start time: 0x01d80a49dc92c1d1
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Report Id: 72d4cdb4-cf2c-442d-accc-336e0d5940e9
Faulting package full name:
Faulting package-relative application ID:

Error: (01/15/2022 06:25:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Faulting module name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Exception code: 0xc0000005
Fault offset: 0x0000000000232446
Faulting process id: 0x35c8
Faulting application start time: 0x01d80a49dc92c1d1
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Report Id: 5d06c215-d7ae-410f-90b6-a613f65f040c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/15/2022 11:45:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Faulting module name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Exception code: 0xc000041d
Fault offset: 0x0000000000232446
Faulting process id: 0x1a14
Faulting application start time: 0x01d80983188b57b0
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Report Id: c6875c4d-dd9e-490a-b1f0-efb60cb334aa
Faulting package full name:
Faulting package-relative application ID:

Error: (01/15/2022 11:45:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Faulting module name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Exception code: 0xc0000005
Fault offset: 0x0000000000232446
Faulting process id: 0x1a14
Faulting application start time: 0x01d80983188b57b0
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Report Id: 6365862a-1092-4a7f-b6b7-50466c92002c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/15/2022 07:52:36 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-VMR9NA7)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.

Error: (01/13/2022 03:03:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WaaSMedicAgent.exe, version: 10.0.19041.662, time stamp: 0xc38bc2fc
Faulting module name: WaaSMedicCapsule.dll, version: 10.0.19041.662, time stamp: 0x5eff0ccc
Exception code: 0xc0000005
Fault offset: 0x000000000000ae62
Faulting process id: 0x29c0
Faulting application start time: 0x01d808b70cf576b3
Faulting application path: C:\WINDOWS\System32\WaaSMedicAgent.exe
Faulting module path: C:\WINDOWS\System32\WaaSMedicCapsule.dll
Report Id: f663fb0d-a4ea-4da5-a5bd-e42a44852d00
Faulting package full name:
Faulting package-relative application ID:

Error: (01/12/2022 12:53:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinStore.App.exe version 12101.1001.14.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 6bb4

Start Time: 01d8077899232a44

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe

Report Id: da62a48d-68d1-4258-8e94-a0b53644a8ff

Faulting package full name: Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Cross-process


System errors:
=============
Error: (01/17/2022 05:31:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/17/2022 05:31:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/17/2022 05:29:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/17/2022 05:29:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/17/2022 05:27:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/17/2022 05:27:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VMR9NA7)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/17/2022 05:25:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/17/2022 05:25:19 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-04-14 19:36:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-13 12:24:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-11 10:05:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-10 10:58:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-08 11:05:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-11-28 23:42:03
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\amdpcidev.inf_amd64_4e064472fc95e244\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:49
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:49
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\W7x64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:47
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\IODriver\PCI\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:47
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\IODriver\PCI\PCI Driver\W7x64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:46
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.50 10/14/2019
Motherboard: ASRock B450M Gaming
Processor: AMD Ryzen 7 3700X 8-Core Processor
Percentage of memory in use: 58%
Total physical RAM: 16313.94 MB
Available physical RAM: 6707.64 MB
Total Virtual: 37817.94 MB
Available Virtual: 23656.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.88 GB) (Free:63.05 GB) NTFS

\\?\Volume{aafe6565-c049-4b41-bf82-d2ddefc2acc6}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{743177cf-dafe-4a84-a588-20a0f7ad96e8}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 190CD766)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

Advertisements


#2
mallowmallow

mallowmallow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

my issues are that i see a process called weather tech - be productive that uses a lot of ram and the software "toonboom" is lagging terribly


Edited by mallowmallow, 17 January 2022 - 04:40 PM.

  • 0

#3
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,310 posts

Hi, mallowmallow!

 

Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!
2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

=============================================

 

I will need some time to review our logs. I will be back to you as soon as I am ready.


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,310 posts

Hi.
 
Your computer is infected.
 
Please follow my instructions below, with the same order.
 
=================================
 
1. P2P program

You have Tixati installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 3 below.

 

2. Java
 
There are very few reasons these days to continue having Java installed on your computer. If you don't really need it, please uninstall it in Step 3 below.
 
 
3. Uninstall programs

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Java 8 Update 301 *
Tixati *
viewerise v1.53.222 
Web Companion 
WebAdvisor by McAfee 
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

4. Search with FRST

  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search box:
 winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe;winlogui.exe;6BR0W53I3
  • Press the Search Files button.
  • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
  • Please copy and paste its contents into your reply.

 

In your next reply please post:

  1. Which programs did you uninstall and if the process ran smoothly
  2. The search.txt

  • 0

#5
mallowmallow

mallowmallow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I uninstalled all of those programs and it ran smoothly

 

 

Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by samue (19-01-2022 06:46:26)
Running from C:\Users\samue\Desktop
Boot Mode: Normal

================== Search Files: "winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe;winlogui.exe;6BR0W53I3" =============

C:\Windows\System32\StartupCheckLibrary.dll
[2021-04-16 21:23][2021-04-16 21:23] 002619392 _____ (Microsoft Corporation) 250532B95FBF3154FE571B65217D4B11 [File not signed]

C:\Windows\System32\winrmsrv.exe
[2021-06-05 09:08][2021-06-05 09:08] 000731136 _____ (Microsoft Corporation) 462EE20E8ABBBB559BD1C4F8BE87B123 [File not signed]

C:\Windows\System32\winscomrssrv.dll
[2021-06-05 09:08][2021-06-05 09:08] 000681472 _____ (Microsoft Corporation) 919611928882E781ABAB300BF9227374 [File not signed]


====== End of Search ======


  • 0

#6
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,310 posts

Hi.
 
Please do that for me, please:
 

Search with FRST

  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search box:
 SearchAll: winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe;winlogui.exe;6BR0W53I3
  • Press the Search Files button.
  • When complete, FRST will generate a log, named Search.txt, in the same location it was run from.
  • Please copy and paste its contents into your reply.

  • 0

#7
mallowmallow

mallowmallow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by samue (19-01-2022 07:33:29)
Running from C:\Users\samue\Desktop
Boot Mode: Normal

================== Search Files: "SearchAll: winlogui.exe;winscomrssrv.dll;StartupCheckLibrary.dll;winrmsrv.exe;winlogui.exe;6BR0W53I3" =============

File:
========
C:\Windows\System32\StartupCheckLibrary.dll
[2021-04-16 21:23][2021-04-16 21:23] 002619392 _____ (Microsoft Corporation) 250532B95FBF3154FE571B65217D4B11 [File not signed]

C:\Windows\System32\winrmsrv.exe
[2021-06-05 09:08][2021-06-05 09:08] 000731136 _____ (Microsoft Corporation) 462EE20E8ABBBB559BD1C4F8BE87B123 [File not signed]

C:\Windows\System32\winscomrssrv.dll
[2021-06-05 09:08][2021-06-05 09:08] 000681472 _____ (Microsoft Corporation) 919611928882E781ABAB300BF9227374 [File not signed]


folder:
========
2021-02-18 08:17 - 2021-02-18 08:17 _____ C:\Program Files (x86)\1I_6BR0W53I3

Registry:
========

===================== Search result for "winlogui.exe" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\winlogui.exe]


===================== Search result for "winscomrssrv.dll" ==========


===================== Search result for "StartupCheckLibrary.dll" ==========


===================== Search result for "winrmsrv.exe" ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4BCCD539-F152-4CA7-9BB8-749E2DEF24F7}"="v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\system32\winrmsrv.exe|Name=winrmsrv|"


===================== Search result for "winlogui.exe" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\winlogui.exe]


===================== Search result for "6BR0W53I3" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1]
"Inno Setup: App Path"="C:\Program Files (x86)\1I_6BR0W53I3"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1]
"InstallLocation"="C:\Program Files (x86)\1I_6BR0W53I3\"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1]
"DisplayName"="1I_6BR0W53I3 version 156.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1]
"UninstallString"=""C:\Program Files (x86)\1I_6BR0W53I3\unins000.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1]
"QuietUninstallString"=""C:\Program Files (x86)\1I_6BR0W53I3\unins000.exe" /SILENT"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Inlog WebBrowser 5.3]
"InstallPath"="C:\Program Files (x86)\1I_6BR0W53I3"

[HKEY_USERS\S-1-5-21-1443207549-266473185-1957000176-1003\Inlog Productions]
"Inlog WebBrowser"="C:\Program Files (x86)\1I_6BR0W53I3"


====== End of Search ======


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,310 posts

Thanks. I will be with you later this afternoon. Here it is almost 3 p.m. now, and I'm still at work. :)


  • 0

#9
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,310 posts

Hi, Mallow.

 
Let's move on. We have a lot work to do.
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere. Make sure you select the whole content, since it's long enough. 
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1443207549-266473185-1957000176-1003 -> DefaultScope {C324477A-5E31-4AF0-B6FD-69ACABE8900C} URL =
SearchScopes: HKU\S-1-5-21-1443207549-266473185-1957000176-1003 -> {C324477A-5E31-4AF0-B6FD-69ACABE8900C} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-01-13] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-01-13] (McAfee, LLC -> McAfee, LLC)
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{56F31E9B-F03A-4398-AF5B-7CB32C9F2C07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{2EF4CB11-A887-45C7-9F74-6267BB88BDCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{F3BCCCD1-DD95-416D-9DA7-68F888989B1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{C8EED9C4-7B1F-4E45-980E-08084B1EF86C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{8F8008BD-5867-492D-BBF9-4D68244CEBBC}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{748ED71D-5521-48A9-AE86-775562250730}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{144A78F6-97F9-415B-817C-040667F5AFE6}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{FE76C600-932C-4D4D-B5B9-0AD59A6BD85D}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{E3DEE4AC-97BA-4EC7-A632-A9061C63A2C8}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => No File
FirewallRules: [TCP Query User{D7A93C41-935F-468B-8128-AF2AAC44496E}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => No File
FirewallRules: [{F15209A4-5142-4878-B8D9-17A55C90E024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => No File
FirewallRules: [{9DE9E1FB-FC8E-49EB-AEDA-F3B32535AA50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => No File
FirewallRules: [{2EBF1FBF-8ADC-416C-BA92-F43725CE6542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umurangi Generation\UmurangiGeneration\Umurangi Generation.exe => No File
FirewallRules: [{77433161-CDD4-48EA-8F73-24A000DE6717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umurangi Generation\UmurangiGeneration\Umurangi Generation.exe => No File
FirewallRules: [UDP Query User{AC769F15-DAD1-4EC5-A346-1D0C1BC864B0}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe => No File
FirewallRules: [TCP Query User{CA1D28AA-2FB2-493C-A1D5-D2538F549620}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B039D553-CE88-4067-949B-0BDA75171D6B}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe] => (Block) C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe => No File
FirewallRules: [TCP Query User{1760C407-F5A9-40A6-B7DC-C94A6E4D1958}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe] => (Block) C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe => No File
FirewallRules: [UDP Query User{EF1ED72B-FA79-415F-84B6-133FC9B995AB}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{170205CA-78C5-4B35-95A6-4B71910864E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{2493EF62-3DB1-4396-AEB5-330BB24E4ACE}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe] => (Block) C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F1A0AC35-5A58-4B37-8DA7-63CBCDE28107}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe] => (Block) C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe => No File
FirewallRules: [UDP Query User{498C3AB1-A858-443D-8DF9-7DC47FAD554A}C:\games\planet zoo\planetzoo.exe] => (Block) C:\games\planet zoo\planetzoo.exe => No File
FirewallRules: [TCP Query User{273D4C12-E3EC-4C2E-BE9A-C5BEBA0F682A}C:\games\planet zoo\planetzoo.exe] => (Block) C:\games\planet zoo\planetzoo.exe => No File
FirewallRules: [UDP Query User{86B1E3F0-9167-4546-A3F5-8E80D275938F}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe] => (Block) C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe => No File
FirewallRules: [TCP Query User{4A340ECC-8648-489B-8FD6-CC3FC6B86862}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe] => (Block) C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe => No File
FirewallRules: [UDP Query User{841BB8F6-96C6-4113-AF34-62F42336FAB9}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe] => (Block) C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe => No File
FirewallRules: [TCP Query User{DAB7EF86-09FE-4E47-A4F4-9A4F8AD67BD1}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe] => (Block) C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe => No File
FirewallRules: [UDP Query User{172FF75D-677F-48E5-A31C-FA24354F2A49}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe] => (Block) C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe => No File
FirewallRules: [TCP Query User{BA2ADC61-5E17-4B52-83E8-C117DA1F8986}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe] => (Block) C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe => No File
FirewallRules: [{B0175C51-0694-4F65-BE7D-B9A2784303FA}] => (Allow) C:\Users\samue\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{9FFECBE5-092A-4D1B-A88D-AE173803FEBB}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7445F63C-091A-4FA8-83E8-430C2E2AC5DE}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CA8197A6-3ACB-4F34-A7F2-02B8625DAE2C}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{2853A960-31E0-4F3F-B68E-418FF088BADE}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{2D5D5D83-C688-4176-8568-0EE62292DC16}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [TCP Query User{B806C4EB-5E67-4E56-AD29-7F2300225B24}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [{E872E941-E2DB-4FB2-A828-D9FAAEE6FAE8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{36C72715-1205-47E3-B9F8-0A860BCB4B85}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{78C8BD44-1ECF-4E2C-B68A-493C8D528047}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File
FirewallRules: [UDP Query User{8B4464B8-4ABC-40E8-848E-DD575E53CE6C}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File
FirewallRules: [TCP Query User{00EFDF6D-F003-4F07-9144-FC0E01376C22}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{C9901599-28C5-41B5-BD9D-453031BC84E7}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{237939B1-8713-411F-81EA-395CD9E98F77}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{B268E5BC-BF0E-41C2-B438-5E07B1E9DAFC}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [{FA5E5D74-32E7-40F4-8899-AAE43710903C}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{4DEEE736-B1FC-4DB6-AD2B-F14F03982907}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{AF42D8D1-74A9-4900-BA34-03CF650B7747}] => (Allow) D:\SteamLibrary\steamapps\common\Tainted Grail\Tainted Grail.exe => No File
FirewallRules: [{8796E1B7-E896-4045-9D7B-55CB64001DF1}] => (Allow) D:\SteamLibrary\steamapps\common\Tainted Grail\Tainted Grail.exe => No File
FirewallRules: [{27A8887D-E209-4D2F-B658-B76A95E5D405}] => (Allow) D:\SteamLibrary\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe => No File
FirewallRules: [{49838A58-60FE-4D9C-8EAC-77145FD17DD1}] => (Allow) D:\SteamLibrary\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe => No File
FirewallRules: [{4C70BA01-13EC-4A02-9E9C-DD0D936679BA}] => (Allow) D:\SteamLibrary\steamapps\common\Ni no Kuni Wrath of the White Witch™ Remastered\NinoKuni_WotWW_Remastered.exe => No File
FirewallRules: [{5E93C050-287A-4A95-B061-1819A89C90D0}] => (Allow) D:\SteamLibrary\steamapps\common\Ni no Kuni Wrath of the White Witch™ Remastered\NinoKuni_WotWW_Remastered.exe => No File
FirewallRules: [{E425BF8A-1DC1-4E46-AEB2-DED9ADC39E5C}] => (Allow) D:\SteamLibrary\steamapps\common\CatherineClassic\Catherine.exe => No File
FirewallRules: [{FEBF4DF9-7A11-48A9-8380-E1576D316842}] => (Allow) D:\SteamLibrary\steamapps\common\CatherineClassic\Catherine.exe => No File
FirewallRules: [{A7A26BBB-9B90-477B-85FC-E47BBAE3E700}] => (Allow) D:\SteamLibrary\steamapps\common\BATTLETECH\BattleTechLauncher.exe => No File
FirewallRules: [{0632BC39-EB51-4126-8E27-7E87059FD07E}] => (Allow) D:\SteamLibrary\steamapps\common\BATTLETECH\BattleTechLauncher.exe => No File
FirewallRules: [{5E47FE40-F81B-48CA-8092-22B549BAC092}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe => No File
FirewallRules: [{B821B783-F176-438F-8BB5-605EF2293A4A}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe => No File
FirewallRules: [{0D1D35CF-1952-474F-BB8E-91B4EF9F39DD}] => (Allow) D:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe => No File
FirewallRules: [{E0A401A0-8D26-4BCC-ABF7-730236680252}] => (Allow) D:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe => No File
FirewallRules: [{3079EB29-2A86-41F1-BAB0-F04C5F0223D2}] => (Allow) D:\SteamLibrary\steamapps\common\TheOuterWorlds\TheOuterWorlds.exe => No File
FirewallRules: [{C2051989-C55B-45E6-90F5-E46B00CA3A3E}] => (Allow) D:\SteamLibrary\steamapps\common\TheOuterWorlds\TheOuterWorlds.exe => No File
FirewallRules: [TCP Query User{6C539AF7-45C6-41BA-94A3-D446A0291554}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => No File
FirewallRules: [UDP Query User{13301CC3-701E-458B-B8D3-301537699BA6}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => No File
FirewallRules: [{4B401781-C833-4C6E-AC11-8FA63424641F}] => (Allow) D:\SteamLibrary\steamapps\common\Vampire The Masquerade - Shadows of New York\VtM Shadows of New York.exe => No File
FirewallRules: [{66146324-8DB6-4F09-A53A-8FFC4D29E500}] => (Allow) D:\SteamLibrary\steamapps\common\Vampire The Masquerade - Shadows of New York\VtM Shadows of New York.exe => No File
FirewallRules: [{A261CF33-1CCF-4566-AA50-6C229D2BE6B4}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{2CDF3437-AD1A-44B0-8F30-F1D9446DAB6F}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{52F98834-E55E-451A-B905-46512BA2CADF}] => (Allow) D:\SteamLibrary\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{7D3F8A5F-71CD-4C7F-B7B8-B24847E00AA7}] => (Allow) D:\SteamLibrary\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{6D6797E9-EBA8-403C-8A4F-1074011181C2}] => (Allow) D:\SteamLibrary\steamapps\common\Armello\armello.exe => No File
FirewallRules: [{F39552C2-D007-4FD3-B8D0-776E0B12B2B0}] => (Allow) D:\SteamLibrary\steamapps\common\Armello\armello.exe => No File
FirewallRules: [{F74B14DF-AE23-4101-9AB3-44BF252BACD4}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => No File
FirewallRules: [{C92DB223-2811-432D-AAEA-D12E001CD01D}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => No File
FirewallRules: [{E6ED4459-D174-41C0-ACCC-F2BF20620FD3}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => No File
FirewallRules: [{A9F15509-E237-476A-AD36-47A81B4B5D1C}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => No File
FirewallRules: [{4F4EFADC-6C98-4956-B17A-5C348E2A3342}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => No File
FirewallRules: [{71AFBD8D-B919-440B-A19F-3A47B98766B5}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => No File
FirewallRules: [{4CA6C30E-0D4A-4FBD-AAAC-306436739249}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe => No File
FirewallRules: [{C39FF1A2-B43E-4D20-9630-A43775061232}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe => No File
FirewallRules: [{D725FFAB-BF58-42F1-8160-3C4C29B5CBD0}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe => No File
FirewallRules: [{54DDC373-48C0-43AE-8081-43E52A2789D7}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe => No File
FirewallRules: [{80ED353C-F2CB-488E-9F79-E0AC739B49AC}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe => No File
FirewallRules: [{00242C50-4B6E-497E-9987-CBFCD6B7D608}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe => No File
FirewallRules: [{028C13B8-34F1-42B4-A55F-B0D2697CA2F8}] => (Allow) D:\SteamLibrary\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{7F91DFB4-3E6A-4EF5-820C-52DB7586F551}] => (Allow) D:\SteamLibrary\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{BFBD3AE6-8E6B-4323-AEAE-E27DD99A3C88}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\ManOfMedan.exe => No File
FirewallRules: [{3E398828-8C74-4B78-A2B4-EACA06FE89A3}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\ManOfMedan.exe => No File
FirewallRules: [{9D8E8C9C-B742-4006-8275-A56D95040080}] => (Allow) D:\SteamLibrary\steamapps\common\Cthulhu Saves the World\CSTW.exe => No File
FirewallRules: [{AE253542-D507-46FE-9DE5-262ADF4781E0}] => (Allow) D:\SteamLibrary\steamapps\common\Cthulhu Saves the World\CSTW.exe => No File
FirewallRules: [TCP Query User{AE5F2C61-8EF3-46A7-A768-8C7DF31C13B5}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C4F7100C-4A34-4190-A774-C2F29E4F7D3E}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe => No File
FirewallRules: [{F3106DE0-E3AC-4C41-8834-785109D61AFB}] => (Allow) D:\SteamLibrary\steamapps\common\Star Apprentice Classic\Game.exe => No File
FirewallRules: [{7CA16405-8A18-4AEE-B02F-6BEF4D34008B}] => (Allow) D:\SteamLibrary\steamapps\common\Star Apprentice Classic\Game.exe => No File
FirewallRules: [{0FA326A1-158D-4A8D-A0AF-60B908644661}] => (Allow) D:\SteamLibrary\steamapps\common\Eastshade\Eastshade.exe => No File
FirewallRules: [{64A032D5-E018-4F3F-81BD-388962BD1A6F}] => (Allow) D:\SteamLibrary\steamapps\common\Eastshade\Eastshade.exe => No File
FirewallRules: [{276C9354-E192-4D09-B7EE-F994206B622B}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{EB26165E-2EAD-488A-9F18-6BDD737D2E3C}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{CD889A56-6920-4590-8C0F-7EEF8BBD176C}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [{01F6ED4D-C8F4-4B82-A591-0D51946994BF}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [TCP Query User{758A3EBB-BADC-4C42-8CB9-F35C8D07E05A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => No File
FirewallRules: [UDP Query User{AE24683D-1651-49E7-9F74-6A05FCD2300A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => No File
FirewallRules: [{720ACA5A-A845-4227-9416-91A891925399}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe => No File
FirewallRules: [{2A8C487F-6C55-42C2-A790-24D45B8CC637}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe => No File
FirewallRules: [{869C9FD0-F91C-4164-A503-5CEDEB2AE7BD}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{9AAB42C1-ADBB-47B2-9981-C39389BA85CA}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{C894A485-4B21-4BB8-AA15-B84A2F3F02A7}] => (Allow) D:\SteamLibrary\steamapps\common\Out of Space\Out of Space.exe => No File
FirewallRules: [{4C152555-17E9-4E49-AF98-7B1A4AF1D045}] => (Allow) D:\SteamLibrary\steamapps\common\Out of Space\Out of Space.exe => No File
FirewallRules: [{D0063132-7DB4-4CC5-837C-FE8BAFDDFD64}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{924B2581-9B41-4981-9E6C-EF64BDE143F6}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{5D79337C-B756-4517-9DEB-7BCB6B052F1E}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{83F34E30-EF72-4823-BDF4-A144BF8143F8}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{8A04F679-0DFC-4B11-8399-BB6487797461}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe => No File
FirewallRules: [{C7FAE89F-9C4B-4C84-8FDD-8A1005C9DE3B}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe => No File
FirewallRules: [{97448B4A-555D-4CA8-983C-91AD23AE63B5}] => (Allow) D:\SteamLibrary\steamapps\common\Unrailed\UnrailedGame.exe => No File
FirewallRules: [{E28B77BD-92A5-4B43-B1CD-F5F7A6DA4AF0}] => (Allow) D:\SteamLibrary\steamapps\common\Unrailed\UnrailedGame.exe => No File
FirewallRules: [{28D8B84D-4884-45E1-AB5A-1171A45783C3}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe => No File
FirewallRules: [{7C99513D-D41B-4174-9A55-775C87C10A96}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe => No File
FirewallRules: [{F39E1024-53AF-4F52-837E-8B2E955C1277}] => (Allow) D:\SteamLibrary\steamapps\common\Eastward\Eastward.exe => No File
FirewallRules: [{3EE6C0E6-ADEB-4738-A69C-33CD48344261}] => (Allow) D:\SteamLibrary\steamapps\common\Eastward\Eastward.exe => No File
FirewallRules: [{7C253DC7-FA50-4D0F-AE59-FED2E11E4569}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe => No File
FirewallRules: [{22F50013-8121-4C7F-B255-5646E03793DA}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe => No File
FirewallRules: [{D5C48D4F-C0D4-4F48-A643-6465FF319C44}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{6F897FF3-5836-422F-9C3C-27D5A40A4029}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{62E39975-F803-4F92-84B3-86EF246FEA3E}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{DC99CE6D-A1F0-4172-AAC9-6B3F05603497}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [] => [X]
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\RunOnce: [Application Restart #3] => C:\Users\samue\AppData\Roaming\Weather\Weather.exe [134113181 2021-02-06] (WeatherApplication) [File not signed]
HKLM-x32\...\Run: [Weather] => C:\Users\samue\AppData\Roaming\Weather\Weather.exe [134113181 2021-02-06] (WeatherApplication) [File not signed]
Task: {13B700C7-8397-4A8D-B7CB-0BDBAA30B5E0} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {15EE891E-21AD-42CB-9E4B-32F39947C9D7} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
C:\Program Files (x86)\AdvancedWindowsManager
Task: {183C5E42-ECBA-47A9-A27F-F65AE864355B} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
C:\Program Files (x86)\Microleaves
Task: {1D0CB678-50B3-4856-BF13-69ED5D81727D} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {223F24CD-498E-4ADA-91AD-0FB56D7CE485} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {23343E61-70C7-42EF-94E4-930B734B7A8A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => C:\WINDOWS\system32\winrmsrv.exe [731136 2021-06-05] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {3A3FF56B-64E1-428C-B71C-EFEAC2DA8AC0} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\Windows Updater.exe [1020024 2021-04-09] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {467C1A21-20E8-46C6-813E-FEB5E1237360} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {476A68C5-4C66-4E3E-B777-E12E5463D130} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [908144 2017-11-09] (MICROLEAVES LTD -> Microleaves) <==== ATTENTION
Task: {61C9ECD3-0C65-481A-8CF2-FCC66370A7EE} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {6B2DBB5F-5353-449B-95DE-D304B2666A1D} - System32\Tasks\AdvancedWindowsManager => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {7480ECD9-F0C1-457E-874F-663935E6EC7F} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe -o pool.minexmr.com:4444 -u 844ozfodJvN59Xn7LLDfqXNKbM1bAABZY2ZWmd5jJJQ6P2cdseRePBYAkwmEhLhoCXGFod5DXZY8eiRcnwKxjVMpFgsWU5V -p x (No File) <==== ATTENTION
Task: {8C171133-CAE9-4179-8F3D-E23107DC0A82} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {AE05780A-2EAD-48C5-97CA-3E783054FB8F} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {AFE8648C-0DEC-482D-B596-D7E4EF066F32} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {B6EF075B-766C-46F9-9111-3BF040C8321F} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {BE717321-4795-48C4-A94F-54DA0D6F5005} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E5E15249-5708-4E9F-94AF-D513AF35CB3C} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {EBBF449E-ED59-4FD4-BB12-DF531E2876F1} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF NewTab: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF Homepage: Mozilla\Firefox\Profiles\lkzehow4.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF NewTab: Mozilla\Firefox\Profiles\lkzehow4.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bauddlpcdew.js [2021-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\rulr5djffog.js [2021-07-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\uvt2wwvynov.js [2021-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bauddlpcdew.cfg [2021-02-18] <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\rulr5djffog.cfg [2021-07-05] <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\uvt2wwvynov.cfg [2021-02-18] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2022-01-13] (McAfee, LLC -> McAfee, LLC)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> )
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
2020-11-07 08:16 - 2011-07-19 03:37 - 000003262 _____ () C:\Program Files (x86)\Falco.ico
2020-11-07 08:16 - 2011-07-19 04:05 - 000000046 _____ () C:\Program Files (x86)\Falco.url
2020-11-07 08:16 - 2017-11-19 13:51 - 000004286 _____ () C:\Program Files (x86)\FalcoGo.ico
2020-11-07 08:16 - 2017-11-19 13:53 - 000000044 _____ () C:\Program Files (x86)\FalcoGo.url
2020-11-07 08:16 - 2016-01-05 13:37 - 000004286 _____ () C:\Program Files (x86)\FalconLine.ico
2020-11-07 08:16 - 2016-01-05 13:25 - 000000047 _____ () C:\Program Files (x86)\FalconLine.url
2020-11-07 08:16 - 2016-12-21 01:39 - 000004286 _____ () C:\Program Files (x86)\FalcoSpace.ico
2020-11-07 08:16 - 2016-12-21 01:36 - 000000047 _____ () C:\Program Files (x86)\FalcoSpace.url
C:\Program Files\McAfee
C:\Program Files (x86)\Lavasoft
C:\Users\samue\AppData\Roaming\Weather
C:\Windows\System32\StartupCheckLibrary.dll
C:\Windows\System32\winrmsrv.exe
C:\Windows\System32\winscomrssrv.dll
C:\Program Files (x86)\1I_6BR0W53I3
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Inlog WebBrowser 5.3
DeleteKey: HKEY_USERS\S-1-5-21-1443207549-266473185-1957000176-1003\Inlog Productions
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\winlogui.exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4BCCD539-F152-4CA7-9BB8-749E2DEF24F7}
cmd: netsh advfirewall reset
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

3. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

 

In your next reply please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#10
mallowmallow

mallowmallow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

1:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by samue (19-01-2022 17:59:21) Run:1
Running from C:\Users\samue\Desktop
Loaded Profiles: samue
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1443207549-266473185-1957000176-1003 -> DefaultScope {C324477A-5E31-4AF0-B6FD-69ACABE8900C} URL =
SearchScopes: HKU\S-1-5-21-1443207549-266473185-1957000176-1003 -> {C324477A-5E31-4AF0-B6FD-69ACABE8900C} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-01-13] (McAfee, LLC -> McAfee, LLC)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-01-13] (McAfee, LLC -> McAfee, LLC)
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [{56F31E9B-F03A-4398-AF5B-7CB32C9F2C07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{2EF4CB11-A887-45C7-9F74-6267BB88BDCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{F3BCCCD1-DD95-416D-9DA7-68F888989B1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [{C8EED9C4-7B1F-4E45-980E-08084B1EF86C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{8F8008BD-5867-492D-BBF9-4D68244CEBBC}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{748ED71D-5521-48A9-AE86-775562250730}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{144A78F6-97F9-415B-817C-040667F5AFE6}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [TCP Query User{FE76C600-932C-4D4D-B5B9-0AD59A6BD85D}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{E3DEE4AC-97BA-4EC7-A632-A9061C63A2C8}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => No File
FirewallRules: [TCP Query User{D7A93C41-935F-468B-8128-AF2AAC44496E}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe => No File
FirewallRules: [{F15209A4-5142-4878-B8D9-17A55C90E024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => No File
FirewallRules: [{9DE9E1FB-FC8E-49EB-AEDA-F3B32535AA50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => No File
FirewallRules: [{2EBF1FBF-8ADC-416C-BA92-F43725CE6542}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umurangi Generation\UmurangiGeneration\Umurangi Generation.exe => No File
FirewallRules: [{77433161-CDD4-48EA-8F73-24A000DE6717}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Umurangi Generation\UmurangiGeneration\Umurangi Generation.exe => No File
FirewallRules: [UDP Query User{AC769F15-DAD1-4EC5-A346-1D0C1BC864B0}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe => No File
FirewallRules: [TCP Query User{CA1D28AA-2FB2-493C-A1D5-D2538F549620}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe => No File
FirewallRules: [UDP Query User{B039D553-CE88-4067-949B-0BDA75171D6B}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe] => (Block) C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe => No File
FirewallRules: [TCP Query User{1760C407-F5A9-40A6-B7DC-C94A6E4D1958}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe] => (Block) C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe => No File
FirewallRules: [UDP Query User{EF1ED72B-FA79-415F-84B6-133FC9B995AB}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{170205CA-78C5-4B35-95A6-4B71910864E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{2493EF62-3DB1-4396-AEB5-330BB24E4ACE}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe] => (Block) C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe => No File
FirewallRules: [TCP Query User{F1A0AC35-5A58-4B37-8DA7-63CBCDE28107}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe] => (Block) C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe => No File
FirewallRules: [UDP Query User{498C3AB1-A858-443D-8DF9-7DC47FAD554A}C:\games\planet zoo\planetzoo.exe] => (Block) C:\games\planet zoo\planetzoo.exe => No File
FirewallRules: [TCP Query User{273D4C12-E3EC-4C2E-BE9A-C5BEBA0F682A}C:\games\planet zoo\planetzoo.exe] => (Block) C:\games\planet zoo\planetzoo.exe => No File
FirewallRules: [UDP Query User{86B1E3F0-9167-4546-A3F5-8E80D275938F}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe] => (Block) C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe => No File
FirewallRules: [TCP Query User{4A340ECC-8648-489B-8FD6-CC3FC6B86862}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe] => (Block) C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe => No File
FirewallRules: [UDP Query User{841BB8F6-96C6-4113-AF34-62F42336FAB9}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe] => (Block) C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe => No File
FirewallRules: [TCP Query User{DAB7EF86-09FE-4E47-A4F4-9A4F8AD67BD1}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe] => (Block) C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe => No File
FirewallRules: [UDP Query User{172FF75D-677F-48E5-A31C-FA24354F2A49}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe] => (Block) C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe => No File
FirewallRules: [TCP Query User{BA2ADC61-5E17-4B52-83E8-C117DA1F8986}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe] => (Block) C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe => No File
FirewallRules: [{B0175C51-0694-4F65-BE7D-B9A2784303FA}] => (Allow) C:\Users\samue\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{9FFECBE5-092A-4D1B-A88D-AE173803FEBB}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [TCP Query User{7445F63C-091A-4FA8-83E8-430C2E2AC5DE}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CA8197A6-3ACB-4F34-A7F2-02B8625DAE2C}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{2853A960-31E0-4F3F-B68E-418FF088BADE}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{2D5D5D83-C688-4176-8568-0EE62292DC16}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [TCP Query User{B806C4EB-5E67-4E56-AD29-7F2300225B24}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe => No File
FirewallRules: [{E872E941-E2DB-4FB2-A828-D9FAAEE6FAE8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{36C72715-1205-47E3-B9F8-0A860BCB4B85}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{78C8BD44-1ECF-4E2C-B68A-493C8D528047}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File
FirewallRules: [UDP Query User{8B4464B8-4ABC-40E8-848E-DD575E53CE6C}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe => No File
FirewallRules: [TCP Query User{00EFDF6D-F003-4F07-9144-FC0E01376C22}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{C9901599-28C5-41B5-BD9D-453031BC84E7}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{237939B1-8713-411F-81EA-395CD9E98F77}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{B268E5BC-BF0E-41C2-B438-5E07B1E9DAFC}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [{FA5E5D74-32E7-40F4-8899-AAE43710903C}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{4DEEE736-B1FC-4DB6-AD2B-F14F03982907}] => (Allow) D:\SteamLibrary\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{AF42D8D1-74A9-4900-BA34-03CF650B7747}] => (Allow) D:\SteamLibrary\steamapps\common\Tainted Grail\Tainted Grail.exe => No File
FirewallRules: [{8796E1B7-E896-4045-9D7B-55CB64001DF1}] => (Allow) D:\SteamLibrary\steamapps\common\Tainted Grail\Tainted Grail.exe => No File
FirewallRules: [{27A8887D-E209-4D2F-B658-B76A95E5D405}] => (Allow) D:\SteamLibrary\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe => No File
FirewallRules: [{49838A58-60FE-4D9C-8EAC-77145FD17DD1}] => (Allow) D:\SteamLibrary\steamapps\common\Torment Tides of Numenera\WIN\TidesOfNumenera.exe => No File
FirewallRules: [{4C70BA01-13EC-4A02-9E9C-DD0D936679BA}] => (Allow) D:\SteamLibrary\steamapps\common\Ni no Kuni Wrath of the White Witch™ Remastered\NinoKuni_WotWW_Remastered.exe => No File
FirewallRules: [{5E93C050-287A-4A95-B061-1819A89C90D0}] => (Allow) D:\SteamLibrary\steamapps\common\Ni no Kuni Wrath of the White Witch™ Remastered\NinoKuni_WotWW_Remastered.exe => No File
FirewallRules: [{E425BF8A-1DC1-4E46-AEB2-DED9ADC39E5C}] => (Allow) D:\SteamLibrary\steamapps\common\CatherineClassic\Catherine.exe => No File
FirewallRules: [{FEBF4DF9-7A11-48A9-8380-E1576D316842}] => (Allow) D:\SteamLibrary\steamapps\common\CatherineClassic\Catherine.exe => No File
FirewallRules: [{A7A26BBB-9B90-477B-85FC-E47BBAE3E700}] => (Allow) D:\SteamLibrary\steamapps\common\BATTLETECH\BattleTechLauncher.exe => No File
FirewallRules: [{0632BC39-EB51-4126-8E27-7E87059FD07E}] => (Allow) D:\SteamLibrary\steamapps\common\BATTLETECH\BattleTechLauncher.exe => No File
FirewallRules: [{5E47FE40-F81B-48CA-8092-22B549BAC092}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe => No File
FirewallRules: [{B821B783-F176-438F-8BB5-605EF2293A4A}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe => No File
FirewallRules: [{0D1D35CF-1952-474F-BB8E-91B4EF9F39DD}] => (Allow) D:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe => No File
FirewallRules: [{E0A401A0-8D26-4BCC-ABF7-730236680252}] => (Allow) D:\SteamLibrary\steamapps\common\Knights of the Old Republic II\swkotor2.exe => No File
FirewallRules: [{3079EB29-2A86-41F1-BAB0-F04C5F0223D2}] => (Allow) D:\SteamLibrary\steamapps\common\TheOuterWorlds\TheOuterWorlds.exe => No File
FirewallRules: [{C2051989-C55B-45E6-90F5-E46B00CA3A3E}] => (Allow) D:\SteamLibrary\steamapps\common\TheOuterWorlds\TheOuterWorlds.exe => No File
FirewallRules: [TCP Query User{6C539AF7-45C6-41BA-94A3-D446A0291554}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => No File
FirewallRules: [UDP Query User{13301CC3-701E-458B-B8D3-301537699BA6}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe => No File
FirewallRules: [{4B401781-C833-4C6E-AC11-8FA63424641F}] => (Allow) D:\SteamLibrary\steamapps\common\Vampire The Masquerade - Shadows of New York\VtM Shadows of New York.exe => No File
FirewallRules: [{66146324-8DB6-4F09-A53A-8FFC4D29E500}] => (Allow) D:\SteamLibrary\steamapps\common\Vampire The Masquerade - Shadows of New York\VtM Shadows of New York.exe => No File
FirewallRules: [{A261CF33-1CCF-4566-AA50-6C229D2BE6B4}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{2CDF3437-AD1A-44B0-8F30-F1D9446DAB6F}] => (Allow) D:\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe => No File
FirewallRules: [{52F98834-E55E-451A-B905-46512BA2CADF}] => (Allow) D:\SteamLibrary\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{7D3F8A5F-71CD-4C7F-B7B8-B24847E00AA7}] => (Allow) D:\SteamLibrary\steamapps\common\Loop Hero\Loop Hero.exe => No File
FirewallRules: [{6D6797E9-EBA8-403C-8A4F-1074011181C2}] => (Allow) D:\SteamLibrary\steamapps\common\Armello\armello.exe => No File
FirewallRules: [{F39552C2-D007-4FD3-B8D0-776E0B12B2B0}] => (Allow) D:\SteamLibrary\steamapps\common\Armello\armello.exe => No File
FirewallRules: [{F74B14DF-AE23-4101-9AB3-44BF252BACD4}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => No File
FirewallRules: [{C92DB223-2811-432D-AAEA-D12E001CD01D}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe => No File
FirewallRules: [{E6ED4459-D174-41C0-ACCC-F2BF20620FD3}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => No File
FirewallRules: [{A9F15509-E237-476A-AD36-47A81B4B5D1C}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe => No File
FirewallRules: [{4F4EFADC-6C98-4956-B17A-5C348E2A3342}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => No File
FirewallRules: [{71AFBD8D-B919-440B-A19F-3A47B98766B5}] => (Allow) D:\SteamLibrary\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe => No File
FirewallRules: [{4CA6C30E-0D4A-4FBD-AAAC-306436739249}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe => No File
FirewallRules: [{C39FF1A2-B43E-4D20-9630-A43775061232}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64\Hades.exe => No File
FirewallRules: [{D725FFAB-BF58-42F1-8160-3C4C29B5CBD0}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe => No File
FirewallRules: [{54DDC373-48C0-43AE-8081-43E52A2789D7}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x64Vk\Hades.exe => No File
FirewallRules: [{80ED353C-F2CB-488E-9F79-E0AC739B49AC}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe => No File
FirewallRules: [{00242C50-4B6E-497E-9987-CBFCD6B7D608}] => (Allow) D:\SteamLibrary\steamapps\common\Hades\x86\Hades.exe => No File
FirewallRules: [{028C13B8-34F1-42B4-A55F-B0D2697CA2F8}] => (Allow) D:\SteamLibrary\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{7F91DFB4-3E6A-4EF5-820C-52DB7586F551}] => (Allow) D:\SteamLibrary\steamapps\common\Noita\noita.exe => No File
FirewallRules: [{BFBD3AE6-8E6B-4323-AEAE-E27DD99A3C88}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\ManOfMedan.exe => No File
FirewallRules: [{3E398828-8C74-4B78-A2B4-EACA06FE89A3}] => (Allow) D:\SteamLibrary\steamapps\common\The Dark Pictures Anthology - Man of Medan\ManOfMedan.exe => No File
FirewallRules: [{9D8E8C9C-B742-4006-8275-A56D95040080}] => (Allow) D:\SteamLibrary\steamapps\common\Cthulhu Saves the World\CSTW.exe => No File
FirewallRules: [{AE253542-D507-46FE-9DE5-262ADF4781E0}] => (Allow) D:\SteamLibrary\steamapps\common\Cthulhu Saves the World\CSTW.exe => No File
FirewallRules: [TCP Query User{AE5F2C61-8EF3-46A7-A768-8C7DF31C13B5}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C4F7100C-4A34-4190-A774-C2F29E4F7D3E}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe => No File
FirewallRules: [{F3106DE0-E3AC-4C41-8834-785109D61AFB}] => (Allow) D:\SteamLibrary\steamapps\common\Star Apprentice Classic\Game.exe => No File
FirewallRules: [{7CA16405-8A18-4AEE-B02F-6BEF4D34008B}] => (Allow) D:\SteamLibrary\steamapps\common\Star Apprentice Classic\Game.exe => No File
FirewallRules: [{0FA326A1-158D-4A8D-A0AF-60B908644661}] => (Allow) D:\SteamLibrary\steamapps\common\Eastshade\Eastshade.exe => No File
FirewallRules: [{64A032D5-E018-4F3F-81BD-388962BD1A6F}] => (Allow) D:\SteamLibrary\steamapps\common\Eastshade\Eastshade.exe => No File
FirewallRules: [{276C9354-E192-4D09-B7EE-F994206B622B}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{EB26165E-2EAD-488A-9F18-6BDD737D2E3C}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe => No File
FirewallRules: [{CD889A56-6920-4590-8C0F-7EEF8BBD176C}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [{01F6ED4D-C8F4-4B82-A591-0D51946994BF}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe => No File
FirewallRules: [TCP Query User{758A3EBB-BADC-4C42-8CB9-F35C8D07E05A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => No File
FirewallRules: [UDP Query User{AE24683D-1651-49E7-9F74-6A05FCD2300A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => No File
FirewallRules: [{720ACA5A-A845-4227-9416-91A891925399}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe => No File
FirewallRules: [{2A8C487F-6C55-42C2-A790-24D45B8CC637}] => (Allow) D:\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe => No File
FirewallRules: [{869C9FD0-F91C-4164-A503-5CEDEB2AE7BD}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{9AAB42C1-ADBB-47B2-9981-C39389BA85CA}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\equ8-launcher.exe => No File
FirewallRules: [{C894A485-4B21-4BB8-AA15-B84A2F3F02A7}] => (Allow) D:\SteamLibrary\steamapps\common\Out of Space\Out of Space.exe => No File
FirewallRules: [{4C152555-17E9-4E49-AF98-7B1A4AF1D045}] => (Allow) D:\SteamLibrary\steamapps\common\Out of Space\Out of Space.exe => No File
FirewallRules: [{D0063132-7DB4-4CC5-837C-FE8BAFDDFD64}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{924B2581-9B41-4981-9E6C-EF64BDE143F6}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForest.exe => No File
FirewallRules: [{5D79337C-B756-4517-9DEB-7BCB6B052F1E}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{83F34E30-EF72-4823-BDF4-A144BF8143F8}] => (Allow) D:\SteamLibrary\steamapps\common\The Forest\TheForestVR.exe => No File
FirewallRules: [{8A04F679-0DFC-4B11-8399-BB6487797461}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe => No File
FirewallRules: [{C7FAE89F-9C4B-4C84-8FDD-8A1005C9DE3B}] => (Allow) D:\SteamLibrary\steamapps\common\Splitgate\PortalWars\Binaries\Win64\PortalWars-Win64-Shipping.exe => No File
FirewallRules: [{97448B4A-555D-4CA8-983C-91AD23AE63B5}] => (Allow) D:\SteamLibrary\steamapps\common\Unrailed\UnrailedGame.exe => No File
FirewallRules: [{E28B77BD-92A5-4B43-B1CD-F5F7A6DA4AF0}] => (Allow) D:\SteamLibrary\steamapps\common\Unrailed\UnrailedGame.exe => No File
FirewallRules: [{28D8B84D-4884-45E1-AB5A-1171A45783C3}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe => No File
FirewallRules: [{7C99513D-D41B-4174-9A55-775C87C10A96}] => (Allow) D:\SteamLibrary\steamapps\common\Sable\Sable.exe => No File
FirewallRules: [{F39E1024-53AF-4F52-837E-8B2E955C1277}] => (Allow) D:\SteamLibrary\steamapps\common\Eastward\Eastward.exe => No File
FirewallRules: [{3EE6C0E6-ADEB-4738-A69C-33CD48344261}] => (Allow) D:\SteamLibrary\steamapps\common\Eastward\Eastward.exe => No File
FirewallRules: [{7C253DC7-FA50-4D0F-AE59-FED2E11E4569}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe => No File
FirewallRules: [{22F50013-8121-4C7F-B255-5646E03793DA}] => (Allow) D:\SteamLibrary\steamapps\common\Sunless Skies\Sunless Skies.exe => No File
FirewallRules: [{D5C48D4F-C0D4-4F48-A643-6465FF319C44}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{6F897FF3-5836-422F-9C3C-27D5A40A4029}] => (Allow) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{62E39975-F803-4F92-84B3-86EF246FEA3E}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
FirewallRules: [{DC99CE6D-A1F0-4172-AAC9-6B3F05603497}] => (Block) C:\Program Files (x86)\Overwolf\0.188.0.21\OverwolfBrowser.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [] => [X]
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\RunOnce: [Application Restart #3] => C:\Users\samue\AppData\Roaming\Weather\Weather.exe [134113181 2021-02-06] (WeatherApplication) [File not signed]
HKLM-x32\...\Run: [Weather] => C:\Users\samue\AppData\Roaming\Weather\Weather.exe [134113181 2021-02-06] (WeatherApplication) [File not signed]
Task: {13B700C7-8397-4A8D-B7CB-0BDBAA30B5E0} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {15EE891E-21AD-42CB-9E4B-32F39947C9D7} - System32\Tasks\AdvancedWindowsManager #6 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
C:\Program Files (x86)\AdvancedWindowsManager
Task: {183C5E42-ECBA-47A9-A27F-F65AE864355B} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
C:\Program Files (x86)\Microleaves
Task: {1D0CB678-50B3-4856-BF13-69ED5D81727D} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {223F24CD-498E-4ADA-91AD-0FB56D7CE485} - System32\Tasks\AdvancedWindowsManager #4 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {23343E61-70C7-42EF-94E4-930B734B7A8A} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => C:\WINDOWS\system32\winrmsrv.exe [731136 2021-06-05] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {3A3FF56B-64E1-428C-B71C-EFEAC2DA8AC0} - System32\Tasks\AdvancedUpdater => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\Windows Updater.exe [1020024 2021-04-09] (Microleaves LTD -> AdvancedWindowsManager) <==== ATTENTION
Task: {467C1A21-20E8-46C6-813E-FEB5E1237360} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {476A68C5-4C66-4E3E-B777-E12E5463D130} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [908144 2017-11-09] (MICROLEAVES LTD -> Microleaves) <==== ATTENTION
Task: {61C9ECD3-0C65-481A-8CF2-FCC66370A7EE} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {6B2DBB5F-5353-449B-95DE-D304B2666A1D} - System32\Tasks\AdvancedWindowsManager => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {7480ECD9-F0C1-457E-874F-663935E6EC7F} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe -o pool.minexmr.com:4444 -u 844ozfodJvN59Xn7LLDfqXNKbM1bAABZY2ZWmd5jJJQ6P2cdseRePBYAkwmEhLhoCXGFod5DXZY8eiRcnwKxjVMpFgsWU5V -p x (No File) <==== ATTENTION
Task: {8C171133-CAE9-4179-8F3D-E23107DC0A82} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {AE05780A-2EAD-48C5-97CA-3E783054FB8F} - System32\Tasks\AdvancedWindowsManager #5 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {AFE8648C-0DEC-482D-B596-D7E4EF066F32} - System32\Tasks\AdvancedWindowsManager #3 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {B6EF075B-766C-46F9-9111-3BF040C8321F} - System32\Tasks\AdvancedWindowsManager #1 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {BE717321-4795-48C4-A94F-54DA0D6F5005} - System32\Tasks\AdvancedWindowsManager #2 => C:\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe [482632 2021-04-09] (Microleaves LTD -> Advanced Windows Manager) <==== ATTENTION
Task: {E5E15249-5708-4E9F-94AF-D513AF35CB3C} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: {EBBF449E-ED59-4FD4-BB12-DF531E2876F1} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [199864 2017-11-02] (MICROLEAVES LTD -> ) <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF NewTab: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF Homepage: Mozilla\Firefox\Profiles\lkzehow4.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF NewTab: Mozilla\Firefox\Profiles\lkzehow4.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bauddlpcdew.js [2021-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\rulr5djffog.js [2021-07-05] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\uvt2wwvynov.js [2021-02-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bauddlpcdew.cfg [2021-02-18] <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\rulr5djffog.cfg [2021-07-05] <==== ATTENTION
FF ExtraCheck: C:\Program Files\mozilla firefox\uvt2wwvynov.cfg [2021-02-18] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2022-01-13] (McAfee, LLC -> McAfee, LLC)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-24] (LAVASOFT SOFTWARE CANADA INC -> )
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
2020-11-07 08:16 - 2011-07-19 03:37 - 000003262 _____ () C:\Program Files (x86)\Falco.ico
2020-11-07 08:16 - 2011-07-19 04:05 - 000000046 _____ () C:\Program Files (x86)\Falco.url
2020-11-07 08:16 - 2017-11-19 13:51 - 000004286 _____ () C:\Program Files (x86)\FalcoGo.ico
2020-11-07 08:16 - 2017-11-19 13:53 - 000000044 _____ () C:\Program Files (x86)\FalcoGo.url
2020-11-07 08:16 - 2016-01-05 13:37 - 000004286 _____ () C:\Program Files (x86)\FalconLine.ico
2020-11-07 08:16 - 2016-01-05 13:25 - 000000047 _____ () C:\Program Files (x86)\FalconLine.url
2020-11-07 08:16 - 2016-12-21 01:39 - 000004286 _____ () C:\Program Files (x86)\FalcoSpace.ico
2020-11-07 08:16 - 2016-12-21 01:36 - 000000047 _____ () C:\Program Files (x86)\FalcoSpace.url
C:\Program Files\McAfee
C:\Program Files (x86)\Lavasoft
C:\Users\samue\AppData\Roaming\Weather
C:\Windows\System32\StartupCheckLibrary.dll
C:\Windows\System32\winrmsrv.exe
C:\Windows\System32\winscomrssrv.dll
C:\Program Files (x86)\1I_6BR0W53I3
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Inlog WebBrowser 5.3
DeleteKey: HKEY_USERS\S-1-5-21-1443207549-266473185-1957000176-1003\Inlog Productions
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\winlogui.exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4BCCD539-F152-4CA7-9BB8-749E2DEF24F7}
cmd: netsh advfirewall reset
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1443207549-266473185-1957000176-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C324477A-5E31-4AF0-B6FD-69ACABE8900C} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => not found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56F31E9B-F03A-4398-AF5B-7CB32C9F2C07}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EF4CB11-A887-45C7-9F74-6267BB88BDCB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3BCCCD1-DD95-416D-9DA7-68F888989B1D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8EED9C4-7B1F-4E45-980E-08084B1EF86C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8F8008BD-5867-492D-BBF9-4D68244CEBBC}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{748ED71D-5521-48A9-AE86-775562250730}C:\program files (x86)\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{144A78F6-97F9-415B-817C-040667F5AFE6}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FE76C600-932C-4D4D-B5B9-0AD59A6BD85D}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E3DEE4AC-97BA-4EC7-A632-A9061C63A2C8}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D7A93C41-935F-468B-8128-AF2AAC44496E}C:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F15209A4-5142-4878-B8D9-17A55C90E024}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DE9E1FB-FC8E-49EB-AEDA-F3B32535AA50}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2EBF1FBF-8ADC-416C-BA92-F43725CE6542}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{77433161-CDD4-48EA-8F73-24A000DE6717}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AC769F15-DAD1-4EC5-A346-1D0C1BC864B0}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CA1D28AA-2FB2-493C-A1D5-D2538F549620}C:\program files (x86)\steam\steamapps\common\paradise killer\paradisekiller\binaries\win64\paradisekiller-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B039D553-CE88-4067-949B-0BDA75171D6B}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1760C407-F5A9-40A6-B7DC-C94A6E4D1958}C:\users\samue\desktop\downloads\suzerain.v1.0.4\suzerain\suzerain.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EF1ED72B-FA79-415F-84B6-133FC9B995AB}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{170205CA-78C5-4B35-95A6-4B71910864E9}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2493EF62-3DB1-4396-AEB5-330BB24E4ACE}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F1A0AC35-5A58-4B37-8DA7-63CBCDE28107}C:\users\samue\desktop\downloads\the.waylanders.amergin\the.waylanders.amergin\the.waylanders.amergin\waylanders\binaries\win64\waylanders-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{498C3AB1-A858-443D-8DF9-7DC47FAD554A}C:\games\planet zoo\planetzoo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{273D4C12-E3EC-4C2E-BE9A-C5BEBA0F682A}C:\games\planet zoo\planetzoo.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{86B1E3F0-9167-4546-A3F5-8E80D275938F}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A340ECC-8648-489B-8FD6-CC3FC6B86862}C:\users\samue\desktop\downloads\gang.beasts.v12.02.2020\gang beasts.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{841BB8F6-96C6-4113-AF34-62F42336FAB9}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DAB7EF86-09FE-4E47-A4F4-9A4F8AD67BD1}C:\users\samue\desktop\downloads\hammerting\hammerting\boot.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{172FF75D-677F-48E5-A31C-FA24354F2A49}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BA2ADC61-5E17-4B52-83E8-C117DA1F8986}C:\users\samue\desktop\downloads\dream.daddy\ddadds.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0175C51-0694-4F65-BE7D-B9A2784303FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9FFECBE5-092A-4D1B-A88D-AE173803FEBB}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7445F63C-091A-4FA8-83E8-430C2E2AC5DE}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CA8197A6-3ACB-4F34-A7F2-02B8625DAE2C}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2853A960-31E0-4F3F-B68E-418FF088BADE}C:\program files (x86)\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2D5D5D83-C688-4176-8568-0EE62292DC16}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B806C4EB-5E67-4E56-AD29-7F2300225B24}C:\program files (x86)\steam\steamapps\common\titanfall2\titanfall2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E872E941-E2DB-4FB2-A828-D9FAAEE6FAE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36C72715-1205-47E3-B9F8-0A860BCB4B85}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{78C8BD44-1ECF-4E2C-B68A-493C8D528047}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B4464B8-4ABC-40E8-848E-DD575E53CE6C}C:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{00EFDF6D-F003-4F07-9144-FC0E01376C22}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C9901599-28C5-41B5-BD9D-453031BC84E7}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{237939B1-8713-411F-81EA-395CD9E98F77}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B268E5BC-BF0E-41C2-B438-5E07B1E9DAFC}D:\steamlibrary\steamapps\common\total war warhammer ii\warhammer2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA5E5D74-32E7-40F4-8899-AAE43710903C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DEEE736-B1FC-4DB6-AD2B-F14F03982907}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF42D8D1-74A9-4900-BA34-03CF650B7747}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8796E1B7-E896-4045-9D7B-55CB64001DF1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27A8887D-E209-4D2F-B658-B76A95E5D405}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49838A58-60FE-4D9C-8EAC-77145FD17DD1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C70BA01-13EC-4A02-9E9C-DD0D936679BA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E93C050-287A-4A95-B061-1819A89C90D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E425BF8A-1DC1-4E46-AEB2-DED9ADC39E5C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEBF4DF9-7A11-48A9-8380-E1576D316842}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7A26BBB-9B90-477B-85FC-E47BBAE3E700}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0632BC39-EB51-4126-8E27-7E87059FD07E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E47FE40-F81B-48CA-8092-22B549BAC092}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B821B783-F176-438F-8BB5-605EF2293A4A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D1D35CF-1952-474F-BB8E-91B4EF9F39DD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0A401A0-8D26-4BCC-ABF7-730236680252}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3079EB29-2A86-41F1-BAB0-F04C5F0223D2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C2051989-C55B-45E6-90F5-E46B00CA3A3E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C539AF7-45C6-41BA-94A3-D446A0291554}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{13301CC3-701E-458B-B8D3-301537699BA6}D:\steamlibrary\steamapps\common\theouterworlds\indiana\binaries\win64\indiana-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4B401781-C833-4C6E-AC11-8FA63424641F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66146324-8DB6-4F09-A53A-8FFC4D29E500}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A261CF33-1CCF-4566-AA50-6C229D2BE6B4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2CDF3437-AD1A-44B0-8F30-F1D9446DAB6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{52F98834-E55E-451A-B905-46512BA2CADF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D3F8A5F-71CD-4C7F-B7B8-B24847E00AA7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D6797E9-EBA8-403C-8A4F-1074011181C2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F39552C2-D007-4FD3-B8D0-776E0B12B2B0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F74B14DF-AE23-4101-9AB3-44BF252BACD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C92DB223-2811-432D-AAEA-D12E001CD01D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6ED4459-D174-41C0-ACCC-F2BF20620FD3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9F15509-E237-476A-AD36-47A81B4B5D1C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F4EFADC-6C98-4956-B17A-5C348E2A3342}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71AFBD8D-B919-440B-A19F-3A47B98766B5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CA6C30E-0D4A-4FBD-AAAC-306436739249}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39FF1A2-B43E-4D20-9630-A43775061232}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D725FFAB-BF58-42F1-8160-3C4C29B5CBD0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54DDC373-48C0-43AE-8081-43E52A2789D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80ED353C-F2CB-488E-9F79-E0AC739B49AC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00242C50-4B6E-497E-9987-CBFCD6B7D608}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{028C13B8-34F1-42B4-A55F-B0D2697CA2F8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F91DFB4-3E6A-4EF5-820C-52DB7586F551}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFBD3AE6-8E6B-4323-AEAE-E27DD99A3C88}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E398828-8C74-4B78-A2B4-EACA06FE89A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D8E8C9C-B742-4006-8275-A56D95040080}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE253542-D507-46FE-9DE5-262ADF4781E0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AE5F2C61-8EF3-46A7-A768-8C7DF31C13B5}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C4F7100C-4A34-4190-A774-C2F29E4F7D3E}D:\steamlibrary\steamapps\common\the dark pictures anthology - man of medan\smg019\binaries\win64\manofmedan-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F3106DE0-E3AC-4C41-8834-785109D61AFB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CA16405-8A18-4AEE-B02F-6BEF4D34008B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FA326A1-158D-4A8D-A0AF-60B908644661}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64A032D5-E018-4F3F-81BD-388962BD1A6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{276C9354-E192-4D09-B7EE-F994206B622B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB26165E-2EAD-488A-9F18-6BDD737D2E3C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD889A56-6920-4590-8C0F-7EEF8BBD176C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01F6ED4D-C8F4-4B82-A591-0D51946994BF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{758A3EBB-BADC-4C42-8CB9-F35C8D07E05A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AE24683D-1651-49E7-9F74-6A05FCD2300A}D:\steamlibrary\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{720ACA5A-A845-4227-9416-91A891925399}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A8C487F-6C55-42C2-A790-24D45B8CC637}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{869C9FD0-F91C-4164-A503-5CEDEB2AE7BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AAB42C1-ADBB-47B2-9981-C39389BA85CA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C894A485-4B21-4BB8-AA15-B84A2F3F02A7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C152555-17E9-4E49-AF98-7B1A4AF1D045}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D0063132-7DB4-4CC5-837C-FE8BAFDDFD64}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{924B2581-9B41-4981-9E6C-EF64BDE143F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D79337C-B756-4517-9DEB-7BCB6B052F1E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{83F34E30-EF72-4823-BDF4-A144BF8143F8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A04F679-0DFC-4B11-8399-BB6487797461}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7FAE89F-9C4B-4C84-8FDD-8A1005C9DE3B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97448B4A-555D-4CA8-983C-91AD23AE63B5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E28B77BD-92A5-4B43-B1CD-F5F7A6DA4AF0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28D8B84D-4884-45E1-AB5A-1171A45783C3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C99513D-D41B-4174-9A55-775C87C10A96}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F39E1024-53AF-4F52-837E-8B2E955C1277}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3EE6C0E6-ADEB-4738-A69C-33CD48344261}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C253DC7-FA50-4D0F-AE59-FED2E11E4569}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{22F50013-8121-4C7F-B255-5646E03793DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5C48D4F-C0D4-4F48-A643-6465FF319C44}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F897FF3-5836-422F-9C3C-27D5A40A4029}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62E39975-F803-4F92-84B3-86EF246FEA3E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC99CE6D-A1F0-4172-AAC9-6B3F05603497}" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
"HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
"HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Weather" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13B700C7-8397-4A8D-B7CB-0BDBAA30B5E0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13B700C7-8397-4A8D-B7CB-0BDBAA30B5E0}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G6 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G6" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15EE891E-21AD-42CB-9E4B-32F39947C9D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15EE891E-21AD-42CB-9E4B-32F39947C9D7}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedWindowsManager #6 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager #6" => removed successfully
C:\Program Files (x86)\AdvancedWindowsManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{183C5E42-ECBA-47A9-A27F-F65AE864355B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{183C5E42-ECBA-47A9-A27F-F65AE864355B}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1" => removed successfully
C:\Program Files (x86)\Microleaves => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D0CB678-50B3-4856-BF13-69ED5D81727D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D0CB678-50B3-4856-BF13-69ED5D81727D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{223F24CD-498E-4ADA-91AD-0FB56D7CE485}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{223F24CD-498E-4ADA-91AD-0FB56D7CE485}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedWindowsManager #4 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager #4" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23343E61-70C7-42EF-94E4-930B734B7A8A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23343E61-70C7-42EF-94E4-930B734B7A8A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\winrmsrv" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A3FF56B-64E1-428C-B71C-EFEAC2DA8AC0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3FF56B-64E1-428C-B71C-EFEAC2DA8AC0}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedUpdater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedUpdater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{467C1A21-20E8-46C6-813E-FEB5E1237360}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{467C1A21-20E8-46C6-813E-FEB5E1237360}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G5 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G5" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{476A68C5-4C66-4E3E-B777-E12E5463D130}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{476A68C5-4C66-4E3E-B777-E12E5463D130}" => removed successfully
C:\WINDOWS\System32\Tasks\Updater_Online_Application => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61C9ECD3-0C65-481A-8CF2-FCC66370A7EE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61C9ECD3-0C65-481A-8CF2-FCC66370A7EE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B2DBB5F-5353-449B-95DE-D304B2666A1D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B2DBB5F-5353-449B-95DE-D304B2666A1D}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedWindowsManager => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7480ECD9-F0C1-457E-874F-663935E6EC7F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7480ECD9-F0C1-457E-874F-663935E6EC7F}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Winlogui => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Winlogui" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C171133-CAE9-4179-8F3D-E23107DC0A82}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C171133-CAE9-4179-8F3D-E23107DC0A82}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G3 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE05780A-2EAD-48C5-97CA-3E783054FB8F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE05780A-2EAD-48C5-97CA-3E783054FB8F}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedWindowsManager #5 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager #5" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFE8648C-0DEC-482D-B596-D7E4EF066F32}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE8648C-0DEC-482D-B596-D7E4EF066F32}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedWindowsManager #3 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager #3" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6EF075B-766C-46F9-9111-3BF040C8321F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6EF075B-766C-46F9-9111-3BF040C8321F}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedWindowsManager #1 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager #1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE717321-4795-48C4-A94F-54DA0D6F5005}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE717321-4795-48C4-A94F-54DA0D6F5005}" => removed successfully
C:\WINDOWS\System32\Tasks\AdvancedWindowsManager #2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdvancedWindowsManager #2" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5E15249-5708-4E9F-94AF-D513AF35CB3C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5E15249-5708-4E9F-94AF-D513AF35CB3C}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G4 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G4" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBBF449E-ED59-4FD4-BB12-DF531E2876F1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBBF449E-ED59-4FD4-BB12-DF531E2876F1}" => removed successfully
C:\WINDOWS\System32\Tasks\Online Application V2G2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2" => removed successfully
C:\WINDOWS\Tasks\Online Application V2G1.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G2.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G3.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G4.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G5.job => moved successfully
C:\WINDOWS\Tasks\Online Application V2G6.job => moved successfully
C:\WINDOWS\Tasks\Updater_Online_Application.job => moved successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
C:\Program Files\mozilla firefox\defaults\pref\bauddlpcdew.js => moved successfully
C:\Program Files\mozilla firefox\defaults\pref\rulr5djffog.js => moved successfully
C:\Program Files\mozilla firefox\defaults\pref\uvt2wwvynov.js => moved successfully
C:\Program Files\mozilla firefox\bauddlpcdew.cfg => moved successfully
C:\Program Files\mozilla firefox\rulr5djffog.cfg => moved successfully
C:\Program Files\mozilla firefox\uvt2wwvynov.cfg => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
McAfee WebAdvisor => service not found.
WCAssistantService => service not found.
HKLM\System\CurrentControlSet\Services\wuauserv => removed successfully
wuauserv => service removed successfully
wuauserv => service not found.
C:\Program Files (x86)\Falco.ico => moved successfully
C:\Program Files (x86)\Falco.url => moved successfully
C:\Program Files (x86)\FalcoGo.ico => moved successfully
C:\Program Files (x86)\FalcoGo.url => moved successfully
C:\Program Files (x86)\FalconLine.ico => moved successfully
C:\Program Files (x86)\FalconLine.url => moved successfully
C:\Program Files (x86)\FalcoSpace.ico => moved successfully
C:\Program Files (x86)\FalcoSpace.url => moved successfully
C:\Program Files\McAfee => moved successfully
"C:\Program Files (x86)\Lavasoft" => not found
C:\Users\samue\AppData\Roaming\Weather => moved successfully
C:\Windows\System32\StartupCheckLibrary.dll => moved successfully
C:\Windows\System32\winrmsrv.exe => moved successfully
C:\Windows\System32\winscomrssrv.dll => moved successfully
C:\Program Files (x86)\1I_6BR0W53I3 => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1I_6BR0W53I3_is1 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Inlog WebBrowser 5.3 => removed successfully
HKEY_USERS\S-1-5-21-1443207549-266473185-1957000176-1003\Inlog Productions => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\winlogui.exe => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BCCD539-F152-4CA7-9BB8-749E2DEF24F7}" => removed successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 156263964 B
Java, Flash, Steam htmlcache => 242350947 B
Windows/system/drivers => 20068659 B
Edge => 1252420 B
Chrome => 109864817 B
Firefox => 1169072656 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 205112 B
NetworkService => 263248 B
samue => 198465074 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:14:23 ====

 

 

2:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    01-19-2022
# Duration: 00:00:05
# OS:       Windows 10 Home
# Scanned:  32023
# Detected: 22


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.OnlineIO                 C:\ProgramData\Microleaves
Adware.OnlineIO                 C:\Users\samue\AppData\Roaming\Microleaves
PUP.Optional.AdvancedWindowsManager C:\ProgramData\AdvancedWindowsManager
PUP.Optional.OnlineIO           C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ Files ] *****

PUP.Optional.OnlineIO           C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.OnlineIO                 HKLM\Software\Wow6432Node\Microleaves
PUP.Optional.Conduit            HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Conduit            HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
PUP.Optional.Legacy             HKLM\System\Setup\FirstBoot\Services\WCAssistantService
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.Microleaves        HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves        HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.WebCompanion       HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion       HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

 

 

3:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/19/22
Scan Time: 6:25 PM
Log File: 13c605d0-797f-11ec-bbac-548d5ac0cd20.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.50025
License: Trial

-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: DESKTOP-VMR9NA7\samue

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 325506
Threats Detected: 32
Threats Quarantined: 0
Time Elapsed: 3 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 7
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, No Action By User, 3647, 398592, 1.0.50025, , ame, , ,
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\AdvancedWindowsManager, No Action By User, 4953, 787645, 1.0.50025, , ame, , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 181, 236865, , , , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, 181, 236865, , , , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-1443207549-266473185-1957000176-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, 181, 236865, 1.0.50025, , ame, , ,
Adware.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\Microleaves, No Action By User, 1371, 716215, 1.0.50025, , ame, , ,
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{13499434-9821-4E2D-B7DF-7C0867EB1504}, No Action By User, 4953, 787647, 1.0.50025, , ame, , ,

Registry Value: 5
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, No Action By User, 3647, 333852, 1.0.50025, , ame, , ,
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, No Action By User, 3647, 321304, 1.0.50025, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-1443207549-266473185-1957000176-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, 181, 236865, 1.0.50025, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-1443207549-266473185-1957000176-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, No Action By User, 181, 236865, 1.0.50025, , ame, , ,
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{13499434-9821-4E2D-B7DF-7C0867EB1504}|INSTALLLOCATION, No Action By User, 4953, 787647, 1.0.50025, , ame, , ,

Registry Data: 4
PUP.Optional.Conduit, HKU\S-1-5-21-1443207549-266473185-1957000176-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, 181, 293058, 1.0.50025, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, 14055, 293294, 1.0.50025, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, 14055, 293295, 1.0.50025, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, 14055, 293296, 1.0.50025, , ame, , ,

Data Stream: 0
(No malicious items detected)

Folder: 8
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, No Action By User, 3647, 391425, 1.0.50025, , ame, , ,
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application\updates, No Action By User, 1371, 399763, , , , , ,
Adware.OnlineIO, C:\ProgramData\Microleaves\Online Application, No Action By User, 1371, 399763, , , , , ,
Adware.OnlineIO, C:\PROGRAMDATA\MICROLEAVES, No Action By User, 1371, 399763, 1.0.50025, , ame, , ,
Adware.OnlineIO, C:\Users\samue\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, No Action By User, 1371, 399763, , , , , ,
Adware.OnlineIO, C:\Users\samue\AppData\Roaming\Microleaves\Online Application 2.7.0\install, No Action By User, 1371, 399763, , , , , ,
Adware.OnlineIO, C:\Users\samue\AppData\Roaming\Microleaves\Online Application 2.7.0, No Action By User, 1371, 399763, , , , , ,
Adware.OnlineIO, C:\USERS\SAMUE\APPDATA\ROAMING\MICROLEAVES, No Action By User, 1371, 399763, 1.0.50025, , ame, , ,

File: 8
PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, No Action By User, 3647, 391431, 1.0.50025, , ame, , 850D660F63417825527C54EEE056A06C, 6237099FF03B2D2ACD7BA53783069AF89AA5946C6CD044ECE0C531E93DBFA6BB
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, No Action By User, 3647, 391425, , , , , 9DD9EC86D8E45F11F44B14F243664E59, 6BF09C573E64635C5CF4AD63DDCB2FB6CEAAE8E8874377078A305CE9C68B69C2
PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, No Action By User, 3647, 391425, , , , , C2649AD15118FD46780D6FCBC38447D0, F0F4D5BF1DE9D2463031520AFF51FEB1E7D432ECEA447534A91CBBD79832AC89
Adware.OnlineIO, C:\Users\samue\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, No Action By User, 1371, 399763, , , , , 7686DC70FDB1FF0ACECF3B8212FED39B, E71673E05139AA4A7D30F96D2AD6BAB8F868E68FEE16E767E55A9037A53AFD94
Malware.AI.4207690491, C:\USERS\SAMUE\DESKTOP\DOWNLOADS\CLIP_STUDIO_PAINT_EX_1.8.2.FIX\CRACK.RAR, No Action By User, 1000000, 0, 1.0.50025, 3B098126008926D0FACC42FB, dds, 01605495, 780E26A9828A4AD3A269ED381112C931, 9C2E0623FD8407348B827C04D1A28E64532F447D93EFAAEAD08D423BA6F3E7A2
Malware.AI.4207690491, C:\USERS\SAMUE\DESKTOP\CRACK\KEYGEN-1.8.2.EXE, No Action By User, 1000000, 0, 1.0.50025, 3B098126008926D0FACC42FB, dds, 01605495, 047FA4F016D7CA76214BBF3C299931E9, 05BE4C622805D60CF9E29B009B4BD7F577CA2E3C7B67ABE99DED3CE874180D70
PUP.Optional.OfferCore, C:\USERS\SAMUE\DOWNLOADS\CHEATENGINE73.EXE, No Action By User, 542, 997029, 1.0.50025, , ame, , 7ED6B58360D0D7E033237F37DD314F47, 9B8480581FFD010C93C4504D0BB5DCD8C2EBA5C57812E399DA8C6C58024A4903
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.3\STANDALONEPHASE1.DAT, No Action By User, 7766, 393793, 1.0.50025, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


  • 0

#11
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,310 posts

Hi, Mallow2:)

 

We have to clean many things. I hope you are ready! 

1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Run Malwarebytes (Clean mode)

  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

4. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.

 

 

In your next reply please post:

  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The eset.txt
  4. The fresh FRST logs, Addition and FRST

  • 0

#12
mallowmallow

mallowmallow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

1

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-20-2022
# Duration: 00:00:01
# OS:       Windows 10 Home
# Cleaned:  22
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\AdvancedWindowsManager
Deleted       C:\ProgramData\Microleaves
Deleted       C:\Users\samue\AppData\Roaming\Microleaves
Deleted       C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ Files ] *****

Deleted       C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Microleaves
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted       HKLM\System\Setup\FirstBoot\Services\WCAssistantService
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3784 octets] - [19/01/2022 18:17:44]
AdwCleaner[S01].txt - [3845 octets] - [20/01/2022 08:26:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

 

 

2

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/20/22
Scan Time: 8:33 AM
Log File: 8fd0731a-79f5-11ec-92fc-548d5ac0cd20.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.50055
License: Trial

-System Information-
OS: Windows 10 (Build 19042.867)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 324064
Threats Detected: 10
Threats Quarantined: 10
Time Elapsed: 3 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 2
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\AdvancedWindowsManager, Quarantined, 4953, 787645, 1.0.50055, , ame, , ,
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{13499434-9821-4E2D-B7DF-7C0867EB1504}, Quarantined, 4953, 787647, 1.0.50055, , ame, , ,

Registry Value: 1
PUP.Optional.OnlineIO.E, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{13499434-9821-4E2D-B7DF-7C0867EB1504}|INSTALLLOCATION, Quarantined, 4953, 787647, 1.0.50055, , ame, , ,

Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, 14055, 293294, 1.0.50055, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, 14055, 293295, 1.0.50055, , ame, , ,
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, Replaced, 14055, 293296, 1.0.50055, , ame, , ,

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.OfferCore, C:\USERS\SAMUE\DOWNLOADS\CHEATENGINE73.EXE, Quarantined, 542, 997029, 1.0.50055, , ame, , 7ED6B58360D0D7E033237F37DD314F47, 9B8480581FFD010C93C4504D0BB5DCD8C2EBA5C57812E399DA8C6C58024A4903
Malware.AI.4207690491, C:\USERS\SAMUE\DESKTOP\CRACK\KEYGEN-1.8.2.EXE, Quarantined, 1000000, 0, 1.0.50055, 3B098126008926D0FACC42FB, dds, 01606264, 047FA4F016D7CA76214BBF3C299931E9, 05BE4C622805D60CF9E29B009B4BD7F577CA2E3C7B67ABE99DED3CE874180D70
Malware.AI.4207690491, C:\USERS\SAMUE\DESKTOP\DOWNLOADS\CLIP_STUDIO_PAINT_EX_1.8.2.FIX\CRACK.RAR, Quarantined, 1000000, 0, 1.0.50055, 3B098126008926D0FACC42FB, dds, 01606264, 780E26A9828A4AD3A269ED381112C931, 9C2E0623FD8407348B827C04D1A28E64532F447D93EFAAEAD08D423BA6F3E7A2
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.3\STANDALONEPHASE1.DAT, Quarantined, 7766, 393793, 1.0.50055, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

3

 

1/20/2022 9:24:49 AM
Files scanned: 505793
Detected files: 15
Cleaned files: 14
Total scan time 00:32:26
Scan status: Finished
C:\FRST\Quarantine\C\Program Files (x86)\AdvancedWindowsManager\Windows Installer\AdvancedWindowsManager.exe    Win64/Microleaves.A potentially unwanted application    cleaned by deleting

C:\FRST\Quarantine\C\Program Files (x86)\AdvancedWindowsManager\Windows Installer\Windows Updater.exe    a variant of Win32/Microleaves.A potentially unwanted application    cleaned by deleting

C:\FRST\Quarantine\C\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe    a variant of Win32/Adware.OnlineIO.B application    cleaned by deleting

C:\FRST\Quarantine\C\WINDOWS\System32\StartupCheckLibrary.dll.xBAD    a variant of Win64/Agent.RL trojan    cleaned by deleting

C:\FRST\Quarantine\C\WINDOWS\System32\winrmsrv.exe.xBAD    Win64/Agent.WP trojan    cleaned by deleting

C:\FRST\Quarantine\C\WINDOWS\System32\winscomrssrv.dll.xBAD    Win64/Agent.NK trojan    deleted

C:\Program Files\Windows Defender\MSASCuiL.exe    a variant of MSIL/Agent.UPS trojan    error while cleaning (Access denied)

C:\Program Files (x86)\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]\GetSoftwares.net.URL    LNK/Agent.CH trojan    cleaned by deleting

C:\Program Files (x86)\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]\kCrack.com.URL    LNK/Agent.CH trojan    cleaned by deleting

C:\Program Files (x86)\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]\SadeemPC.com.URL    LNK/Agent.CH trojan    cleaned by deleting

C:\Users\samue\AppData\LocalLow\IGDump\fgeqdlrjjpoawzsipdadjedumpqwspyb\flbwzcmzykakudaiiurzcgisljcncwbi.ext    a variant of Win32/Keygen.ADI potentially unsafe application    cleaned by deleting

C:\Users\samue\Desktop\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]\GetSoftwares.net.URL    LNK/Agent.CH trojan    cleaned by deleting

C:\Users\samue\Desktop\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]\kCrack.com.URL    LNK/Agent.CH trojan    cleaned by deleting

C:\Users\samue\Desktop\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]\SadeemPC.com.URL    LNK/Agent.CH trojan    cleaned by deleting

C:\Users\samue\Downloads\CheatEngine71.exe    Win32/FusionCore.BB potentially unwanted application,a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application,a variant of Win32/FusionCore.BB potentially unwanted application    cleaned by deleting


 

 

4

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by samue (administrator) on DESKTOP-VMR9NA7 (20-01-2022 09:29:56)
Running from C:\Users\samue\Desktop
Loaded Profiles: samue
Platform: Microsoft Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͡901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͡901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(Discord Inc. -> Discord Inc.) C:\Users\samue\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) C:\Program Files (x86)\MaskVPN\mask_svc.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.188.0.22\OverwolfHelper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.188.0.22\OverwolfHelper64.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.188.0.22\OverwolfBrowser.exe <3>
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(Wacom Co., Ltd. -> ) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\wdsync.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe <4>
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files\WD Desktop App\kdd.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18389960 2018-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1312040 2018-12-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81379600 2022-01-17] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Discord] => C:\Users\samue\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2495672 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13799776 2022-01-05] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1802072 2022-01-13] (Overwolf Ltd -> Overwolf Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-06] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00C8B98D-6312-4F71-A68B-468BDBC0BFCD} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {0738FF8C-B2DB-4557-BF14-6AA032B8A753} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {078FBA31-9C80-4A43-AEC5-88E74F136F28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-27] (Google LLC -> Google LLC)
Task: {0BC7E0D8-4C01-465D-B5B3-5F32828DEF73} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {150BB8A6-3FBF-4C66-8E92-F17BF8D23CA0} - System32\Tasks\WD Discovery Service Task samue => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [78608 2022-01-17] (Western Digital Technologies, Inc. -> )
Task: {1E409E1B-58B1-4380-88B1-B766EDCB8B7D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1EA0E6E3-46C9-406E-A9E2-7D3A2DA6A44F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\samue\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2022-01-20] (ESET, spol. s r.o. -> ESET)
Task: {2BFEE421-016B-478B-984D-BFF278196D39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {30D4F409-292D-4B26-B0D6-2655D56AD3FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DA0675D-3FCC-4BD6-A21E-0D03108CE074} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {3DE2B95F-0A7A-447F-A6AB-D3119F3A74FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-27] (Google LLC -> Google LLC)
Task: {572F8315-0B42-4B4C-BE01-0716A435CACA} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5FE26B08-4934-477E-9D79-0B9DACE3EDA2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {61C41951-2C74-4357-9B3E-9D8A8EE5DD05} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\samue\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2022-01-20] (ESET, spol. s r.o. -> ESET)
Task: {7809B2BC-1799-43D3-9C09-2B695FA52517} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {8C591FB3-CA4D-4498-813F-3916D8D9AF48} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2539864 2022-01-13] (Overwolf Ltd -> Overwolf LTD)
Task: {9A699171-4AE3-4057-A9F5-2D9AC10FD510} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9D4EAA9A-8F8E-4BD5-90B6-EB1E12F784F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9D5E980D-B2E6-4054-ABB3-C992721B7A9B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1443207549-266473185-1957000176-500 => C:\Users\samue\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {AAEBCE61-B9B4-440C-94B6-B582684935F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF13FDA5-4AB9-4F54-B720-EF13EDAC884B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B2BB9FF9-D0A7-43C8-9330-1E0C99E65748} - System32\Tasks\WD Device Agent Task samue => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [723728 2022-01-17] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {C20F474F-9C9A-4472-A087-2A0503985E60} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F4DF1DC4-68F6-4C44-8909-B5A9E719DCB7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F5A92030-10EC-435D-A825-8069428DC71C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6C699AB-1705-42FD-BA7F-25F85E3B5315} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{67e5bc1d-4207-4265-9467-7b7f63a4081d}: [DhcpNameServer] 10.0.1.1 10.0.1.3
Tcpip\..\Interfaces\{f633f7ab-56bb-4545-a271-410c006b76dc}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\samue\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-20]

FireFox:
========
FF DefaultProfile: 9rbtgwa0.default
FF ProfilePath: C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\9rbtgwa0.default [0000-00-00]
FF NewTab: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF ProfilePath: C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release [0000-00-00]
FF DownloadDir: C:\Users\samue\Desktop
FF Extension: (Dark Reader) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-12-07]
FF Extension: (Clear Cache) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2020-12-31]
FF Extension: (Tomato Clock) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-09-06]
FF Extension: (SponsorBlock for YouTube - Skip Sponsorships) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-19]
FF Extension: (TinEye Reverse Image Search) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-10-29]
FF Extension: (Tree Style Tab) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-12]
FF Extension: (uBlock Origin) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-13]
FF Extension: (Flagfox) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2022-01-03]
FF Extension: (Halo-4-wallpaper-unsc) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{192fc524-b327-4258-a129-bac739726340}.xpi [2020-12-31]
FF Extension: (ANIMATED Neutron Stars by candelora) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{2c216ba1-594a-4039-a389-b954f42ff809}.xpi [2021-07-12]
FF Extension: (Blue and Black Stamped Metal) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{3cda8d03-de1b-47b2-9075-9050cb300ee6}.xpi [2020-12-31]
FF Extension: (Psychedelic Glass Squared) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{52b92fe9-753c-4514-851f-63689f4427f2}.xpi [2020-12-31]
FF Extension: (Dark) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{6341c2d3-7376-4d9b-847c-d4679d341d87}.xpi [2020-12-31]
FF Extension: (Misty dark forest II) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{ac92fc5a-c8cd-4f87-b75c-7a4268e9b5cc}.xpi [2020-12-31]
FF Extension: (Video DownloadHelper) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-01]
FF Extension: (Dark Carbon Fiber 1) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{c8b661e4-148d-4fa7-8cfb-81818fd98feb}.xpi [2020-12-31]
FF Extension: (Summerwood) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{fb7d2936-bd43-4dcd-ae06-bf7a15401808}.xpi [2020-12-31]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-10-06] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [61832 2020-12-04] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-07-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 EQU8_36; C:\ProgramData\EQU8\Splitgate\bin\anticheat.x64.equ8.exe [6161552 2021-09-01] (Int3 Software AB -> Int3 Software AB)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1959776 2022-01-05] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-16] (GOG Sp. z o.o. -> GOG.com)
R2 MaskVPNService; C:\Program Files (x86)\MaskVPN\mask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-01-19] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2539864 2022-01-13] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1934744 2021-06-30] (Rockstar Games, Inc. -> Rockstar Games)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 EQU8_HELPER_36; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_36.sys [38032 2021-09-22] (Int3 Software AB -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [79872 2020-09-17] (Microsoft Windows Hardware Compatibility Publisher -> FTDI Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-01-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-01-20] (Malwarebytes Inc -> Malwarebytes)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [131288 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [29368 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2018-06-04] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-20 09:24 - 2022-01-20 09:24 - 000004994 _____ C:\Users\samue\Desktop\save scan log.txt
2022-01-20 09:24 - 2022-01-20 09:24 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-01-20 09:24 - 2022-01-20 09:24 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-01-20 08:48 - 2022-01-20 09:26 - 000001385 _____ C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-01-20 08:48 - 2022-01-20 09:26 - 000001279 _____ C:\Users\samue\Desktop\ESET Online Scanner.lnk
2022-01-20 08:48 - 2022-01-20 08:48 - 000000000 ____D C:\Users\samue\AppData\Local\ESET
2022-01-20 08:46 - 2022-01-20 08:46 - 013311448 _____ (ESET) C:\Users\samue\Desktop\esetonlinescanner.exe
2022-01-20 08:46 - 2022-01-20 08:46 - 000003018 _____ C:\Users\samue\Desktop\mal curr.txt
2022-01-20 08:28 - 2022-01-20 08:28 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-01-20 08:28 - 2022-01-20 08:28 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-01-20 08:28 - 2022-01-20 08:28 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-01-20 08:26 - 2022-01-20 08:26 - 000003629 _____ C:\Users\samue\Desktop\AdwCleaner[C01] curr.txt
2022-01-19 18:29 - 2022-01-19 18:29 - 000006976 _____ C:\Users\samue\Desktop\maware bytes.txt
2022-01-19 18:22 - 2022-01-20 08:34 - 000000000 ____D C:\Users\samue\AppData\LocalLow\IGDump
2022-01-19 18:22 - 2022-01-19 18:22 - 000000000 ____D C:\Users\samue\AppData\Local\mbam
2022-01-19 18:21 - 2022-01-19 18:21 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-19 18:21 - 2022-01-19 18:21 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-01-19 18:21 - 2022-01-19 18:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-19 18:21 - 2022-01-19 18:21 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-19 18:20 - 2022-01-19 18:20 - 002911928 _____ (Malwarebytes) C:\Users\samue\Desktop\MBSetup.exe
2022-01-19 18:17 - 2022-01-20 08:26 - 000000000 ____D C:\AdwCleaner
2022-01-19 18:16 - 2022-01-19 18:17 - 008540344 _____ (Malwarebytes) C:\Users\samue\Desktop\AdwCleaner.exe
2022-01-19 17:59 - 2022-01-19 18:14 - 000074136 _____ C:\Users\samue\Desktop\Fixlog.txt
2022-01-19 06:46 - 2022-01-19 07:37 - 000003117 _____ C:\Users\samue\Desktop\Search.txt
2022-01-17 19:44 - 2022-01-17 19:44 - 104833009 _____ C:\Users\samue\Desktop\my_digital_oil_painting_brushes_by_martinapalazzese_dcisknh.abr
2022-01-17 18:51 - 2022-01-17 18:51 - 000001687 _____ C:\Users\Public\Desktop\Toon Boom Storyboard Pro 20.lnk
2022-01-17 18:51 - 2022-01-17 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Storyboard Pro 20
2022-01-17 18:50 - 2022-01-17 18:50 - 337618776 _____ (Toon Boom Animation) C:\Users\samue\Desktop\SBP20-win-16823.exe
2022-01-17 18:49 - 2022-01-20 08:29 - 000000000 ____D C:\Users\samue\AppData\Roaming\WD Discovery
2022-01-17 18:49 - 2022-01-17 18:49 - 000003236 _____ C:\WINDOWS\system32\Tasks\WD Discovery Service Task samue
2022-01-17 18:49 - 2022-01-17 18:49 - 000003172 _____ C:\WINDOWS\system32\Tasks\WD Device Agent Task samue
2022-01-17 18:49 - 2022-01-17 18:49 - 000001306 _____ C:\Users\Public\Desktop\WD Discovery.lnk
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\Users\samue\AppData\Roaming\WDDesktop
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\Program Files\WD Desktop App
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\Program Files (x86)\Western Digital
2022-01-17 18:49 - 2017-11-21 12:03 - 000468112 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdfsconnect2017.sys
2022-01-17 18:49 - 2017-11-21 12:03 - 000020624 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdvpnpbus.sys
2022-01-17 18:49 - 2017-11-10 12:51 - 000223744 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\SysWOW64\wdfsconnectNetRdr2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000180224 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000154112 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000118272 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectNetRdr2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000002560 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectevtmsg.dll
2022-01-17 18:48 - 2022-01-20 08:29 - 000000000 ____D C:\Users\samue\.wdc
2022-01-17 18:48 - 2022-01-17 18:48 - 000000000 ____D C:\Users\samue\AppData\Roaming\com.wdc.softwareInstaller
2022-01-17 17:31 - 2022-01-20 09:30 - 000028190 _____ C:\Users\samue\Desktop\FRST.txt
2022-01-17 17:31 - 2022-01-17 17:32 - 000088012 _____ C:\Users\samue\Desktop\Addition.txt
2022-01-17 17:30 - 2022-01-17 17:30 - 000000000 ____D C:\Users\samue\Desktop\FRST-OlderVersion
2022-01-17 17:23 - 2022-01-17 17:30 - 002311680 _____ (Farbar) C:\Users\samue\Desktop\FRST64(1).exe
2022-01-17 17:21 - 2022-01-20 09:30 - 000000000 ____D C:\FRST
2022-01-17 17:21 - 2022-01-17 17:21 - 000000000 ____D C:\Users\samue\Downloads\FRST-OlderVersion
2022-01-16 15:27 - 2022-01-16 15:27 - 337791096 _____ (Toon Boom Animation) C:\Users\samue\Downloads\SBP20-win-17538(2).exe
2022-01-16 01:28 - 2022-01-16 01:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-16 00:54 - 2022-01-19 17:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-01-15 15:11 - 2022-01-15 15:11 - 021736720 _____ C:\Users\samue\Downloads\thumbnails goblin_girl_2022 jan_15_2022.sbbkp
2022-01-14 15:11 - 2022-01-14 15:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2022-01-12 15:17 - 2022-01-12 15:17 - 009365290 _____ C:\Users\samue\Downloads\thumbnails goblin_girl_2022 its a backup.sbbkp
2022-01-12 00:54 - 2022-01-12 00:54 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2022.lnk
2022-01-08 13:03 - 2022-01-08 13:04 - 000375625 _____ C:\Users\samue\Downloads\MB_TextureBrushes.xml
2022-01-08 12:35 - 2022-01-08 12:35 - 000000000 ____D C:\Users\samue\Desktop\Goblin Girl Boards
2022-01-03 14:11 - 2022-01-03 14:11 - 000083682 _____ C:\Users\samue\Downloads\magnificent_2.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000602099 _____ C:\Users\samue\Downloads\the_centurion.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000192289 _____ C:\Users\samue\Downloads\ruritania.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000052615 _____ C:\Users\samue\Downloads\cardinal.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000020918 _____ C:\Users\samue\Downloads\seagram_tfb.zip
2022-01-03 14:09 - 2022-01-03 14:09 - 000328104 _____ C:\Users\samue\Downloads\enchanted_land.zip
2021-12-29 20:03 - 2022-01-19 00:02 - 000000000 ____D C:\Users\samue\Documents\The Witcher 3
2021-12-29 18:24 - 2021-12-29 18:24 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk
2021-12-28 19:59 - 2021-12-28 20:04 - 000000000 ____D C:\Users\samue\AppData\Local\Ori and the Will of The Wisps
2021-12-28 19:59 - 2021-12-28 19:59 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Moon Studios
2021-12-27 18:13 - 2021-12-27 18:13 - 000000000 ____D C:\Users\samue\AppData\LocalLow\adamgryu
2021-12-27 18:03 - 2021-12-27 18:03 - 000000000 ____D C:\Users\samue\AppData\Local\TheAscent
2021-12-27 12:01 - 2021-12-27 12:01 - 3436665791 _____ C:\WINDOWS\MEMORY.DMP
2021-12-27 12:01 - 2021-12-27 12:01 - 003138716 _____ C:\WINDOWS\Minidump\122721-15015-01.dmp
2021-12-27 09:47 - 2021-12-27 09:47 - 000000000 ____D C:\Users\samue\Documents\DARKSiDERS
2021-12-27 09:47 - 2021-12-27 09:47 - 000000000 ____D C:\Users\samue\AppData\Roaming\milkfactory

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-20 09:30 - 2020-09-01 18:42 - 000000000 ____D C:\Users\samue\AppData\Roaming\discord
2022-01-20 09:30 - 2020-06-28 00:24 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Mozilla
2022-01-20 09:28 - 2020-09-01 18:42 - 000000000 ____D C:\Users\samue\AppData\Local\Discord
2022-01-20 09:23 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-20 09:09 - 2020-12-29 23:19 - 000000000 ____D C:\Users\samue\Desktop\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]
2022-01-20 09:05 - 2020-12-23 12:36 - 000000000 ____D C:\Program Files (x86)\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]
2022-01-20 08:55 - 2020-10-27 18:12 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-20 08:48 - 2021-07-17 15:06 - 000000000 ____D C:\Users\samue\AppData\Local\CrashDumps
2022-01-20 08:44 - 2020-06-28 00:17 - 000000000 ____D C:\Users\samue\AppData\Local\D3DSCache
2022-01-20 08:43 - 2021-11-28 20:15 - 000000000 ____D C:\Program Files\Cheat Engine 7.3
2022-01-20 08:43 - 2020-12-28 20:16 - 000000000 ____D C:\Users\samue\Desktop\Crack
2022-01-20 08:39 - 2021-03-26 00:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-20 08:32 - 2021-03-26 00:21 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-20 08:32 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-20 08:28 - 2021-07-17 15:06 - 000000000 ___RD C:\Users\samue\Creative Cloud Files
2022-01-20 08:28 - 2021-07-10 13:03 - 000000000 ____D C:\Users\samue\AppData\Local\Overwolf
2022-01-20 08:28 - 2021-03-26 00:21 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-01-20 08:28 - 2021-03-26 00:21 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-01-20 08:28 - 2021-03-26 00:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-20 08:28 - 2021-03-26 00:18 - 000000000 ____D C:\Users\samue
2022-01-20 08:28 - 2021-03-26 00:17 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-20 08:28 - 2020-12-16 23:13 - 000000000 ____D C:\Users\samue\AppData\Roaming\WTablet
2022-01-20 08:28 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-20 08:25 - 2020-12-15 17:41 - 000000000 ____D C:\Program Files\Adobe
2022-01-19 18:21 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-19 18:15 - 2021-03-26 00:17 - 000636440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-19 10:31 - 2021-07-17 15:03 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-01-19 06:34 - 2021-08-29 20:55 - 000000000 ____D C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-01-18 20:03 - 2021-11-06 12:11 - 000000000 ____D C:\Users\samue\Desktop\goblins
2022-01-17 23:37 - 2021-04-29 17:46 - 000000000 ____D C:\Users\samue\AppData\Roaming\Toon Boom Animation
2022-01-17 23:34 - 2021-03-26 00:21 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-17 23:34 - 2021-03-26 00:21 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-17 18:49 - 2020-03-13 13:21 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-17 17:37 - 2020-06-28 00:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-16 23:04 - 2021-12-08 17:41 - 000000000 ____D C:\Users\samue\Desktop\gobelins work
2022-01-16 01:28 - 2020-06-28 00:24 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-15 16:26 - 2021-06-29 05:20 - 000000084 _____ C:\WINDOWS\system32\perfdish001.dat
2022-01-15 10:24 - 2020-07-19 01:16 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-15 10:24 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-15 10:24 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-15 07:52 - 2020-01-08 16:49 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-14 15:11 - 2020-12-16 23:12 - 000000000 ____D C:\Program Files\Tablet
2022-01-14 10:45 - 2021-07-10 13:04 - 000000000 ____D C:\Program Files (x86)\Overwolf
2022-01-12 00:57 - 2020-12-10 23:26 - 000000000 ____D C:\Users\samue\AppData\Local\AMD_Common
2022-01-12 00:54 - 2020-12-16 23:05 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-01-12 00:53 - 2021-03-08 18:38 - 000000000 ____D C:\Users\samue\AppData\Roaming\audacity
2022-01-06 20:55 - 2020-10-27 18:13 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-06 20:55 - 2020-10-27 18:13 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-06 13:06 - 2021-09-09 18:04 - 000001456 _____ C:\Users\samue\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-01-05 22:20 - 2020-10-14 19:51 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2021-12-30 14:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-28 18:42 - 2020-09-15 22:17 - 000000000 ____D C:\Users\samue\AppData\Roaming\RenPy
2021-12-27 12:01 - 2021-12-16 10:08 - 000000000 ____D C:\Users\samue\AppData\Roaming\Apple Computer
2021-12-27 12:01 - 2021-04-16 10:12 - 000000000 ____D C:\WINDOWS\Minidump
2021-12-27 09:47 - 2020-07-21 23:37 - 000000000 ____D C:\Games

==================== Files in the root of some directories ========

2021-09-09 18:04 - 2022-01-06 13:06 - 000001456 _____ () C:\Users\samue\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-01-06 02:13 - 2021-01-07 20:12 - 000025282 _____ () C:\Users\samue\AppData\Local\digikamrc
2021-07-17 15:16 - 2021-07-17 15:16 - 000000000 _____ () C:\Users\samue\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

5

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by samue (20-01-2022 09:30:39)
Running from C:\Users\samue\Desktop
Microsoft Windows 10 Home Version 20H2 19042.867 (X64) (2021-03-26 05:21:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1443207549-266473185-1957000176-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1443207549-266473185-1957000176-503 - Limited - Disabled)
Guest (S-1-5-21-1443207549-266473185-1957000176-501 - Limited - Disabled)
samue (S-1-5-21-1443207549-266473185-1957000176-1003 - Administrator - Enabled) => C:\Users\samue
WDAGUtilityAccount (S-1-5-21-1443207549-266473185-1957000176-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Animate 2022 (HKLM-x32\...\FLPR_22_0_2) (Version: 22.0.2 - Adobe Inc.)
Adobe Bridge 2022 (HKLM-x32\...\KBRG_12_0_1) (Version: 12.0.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788.2 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe InDesign 2022 (HKLM-x32\...\IDSN_17_0_1) (Version: 17.0.1 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_11_1) (Version: 11.1 - Adobe Inc.)
Adobe Media Encoder 2022 (HKLM-x32\...\AME_22_1_1) (Version: 22.1.1 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_1) (Version: 23.1.0.143 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{1774a753-7604-40a0-adbd-e3dc95bea5a8}) (Version: 2.04.04.111 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{4fedae1b-6980-4848-9ba0-229c946a3dac}) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Aurora (HKLM-x32\...\{A65BAA2D-2281-4DEE-93E0-34F323527587}) (Version: 1.0.3 - Aurora)
Batman - The Telltale Series (HKLM-x32\...\2140144872_is1) (Version: byefbpatch - GOG.com)
Batman The Enemy Within - The Telltale Series (HKLM-x32\...\2135854393_is1) (Version: episode 5 - GOG.com)
Blacksad: Under the Skin (HKLM-x32\...\1772238447_is1) (Version: 1.0.2_11546.2810.2019111301_Hotfix1 - GOG.com)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Capture One 20 (HKLM\...\CaptureOne13_is1) (Version: 13.0.0.155 - Phase One A/S)
Cheat Engine 7.3 (HKLM\...\Cheat Engine_is1) (Version:  - Cheat Engine)
CLIP STUDIO 1.8.0 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.8.0 - CELSYS)
CLIP STUDIO PAINT 1.8.2 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.8.2 - CELSYS)
Dead Cells (HKLM-x32\...\1237807960_is1) (Version: 1.0 - GOG.com)
digiKam 7.1.0 (HKLM-x32\...\digiKam) (Version: 7.1.0 - The digiKam team)
Discord (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Discord) (Version: 0.0.311 - Discord Inc.)
Documentation Manager (HKLM\...\{1C8E0D25-2AD1-4A5B-885E-03256A0ED8B6}) (Version: 21.70.0.6 - Intel Corporation) Hidden
DRAGON QUEST BUILDERS 2 (HKLM-x32\...\DRAGON QUEST BUILDERS 2_is1) (Version:  - )
Epson Event Manager (HKLM-x32\...\{15F081E3-93FF-4FF3-B447-42CC458C4F79}) (Version: 3.11.0021 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Genshin Impact (HKLM\...\Genshin Impact Beta) (Version: 2.3.3.0 - miHoYo Co.,Ltd)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.11.2.0 - miHoYo Co.,Ltd)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC)
Her Story (HKLM-x32\...\1435240365_is1) (Version: gog-1 - GOG.com)
Human - Fall Flat (HKLM-x32\...\{E8D22FE1-AB5F-42CA-2662-6F70B96DDD90}_is1) (Version: 0.6.0 - FreeTP.Org)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000070-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.70.0.3 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{9be285a1-83bf-4416-853d-015017626f25}) (Version: 21.70.0.6 - Intel Corporation) Hidden
Kentucky Route Zero (HKLM-x32\...\1207660653_is1) (Version: 2.3.0.9 - GOG.com)
LibreOffice 7.0.4.2 (HKLM\...\{B3171B83-4945-43E0-A101-841638C05506}) (Version: 7.0.4.2 - The Document Foundation)
LOOT version 0.15.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.15.1 - LOOT Team)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
MaskVPN (HKLM-x32\...\{4A4ACF2E-4A98-4D18-80E3-5A5E5706F81E}_is1) (Version: 1.1.0.31 - Global Media (Thailand) Co., Ltd)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.1 (x64 en-US)) (Version: 96.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 77.0.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenToonz version 1.4.0 (HKLM\...\{DF519282-600D-4E03-9190-6046329B1CB4}_is1) (Version: 1.4.0 - DWANGO Co., Ltd.)
OPPAI Academy Big Bouncy Booby Babes (HKLM-x32\...\OPPAI Academy Big Bouncy Booby Babes) (Version:  - DARKSiDERS)
Origin (HKLM-x32\...\Origin) (Version: 10.5.92.46430 - Electronic Arts, Inc.)
Overcooked 2 (HKLM-x32\...\Overcooked 2_is1) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.188.0.22 - Overwolf Ltd.)
Paradox Launcher v2 (HKLM\...\{A92DB5D9-A24D-4678-9F91-B4FA6D895718}) (Version: 2.0.4.0 - Paradox Interactive)
Photo Mechanic Full (HKLM\...\{342310B8-3A44-49AB-9B22-0CC4968DA410}) (Version: 6.0.2818 - Camera Bits, Inc.)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
PSD Repair Kit 2.3 (HKLM-x32\...\PSD Repair Kit_is1) (Version:  - File Master LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8522 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.42.369 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games)
Sekiro Shadows Die Twice (HKLM-x32\...\Sekiro Shadows Die Twice_is1) (Version:  - )
SketchUp 2020 (HKLM-x32\...\{522800F1-9FCE-44F2-8D2E-2CEC5B25A9C2}) (Version: 20.2.172 - Trimble, Inc.)
SketchUpPro (HKLM\...\{5778f9a3-781e-16f1-a6bf-08fd59dfa77b}) (Version: 20.2.172.37 - SketchUp) Hidden
Spelunky (HKLM-x32\...\1207659257_is1) (Version: 2.1.0.9 - GOG.com)
TakeMyFile (HKLM-x32\...\{21AC19EB-58FC-43D8-984F-008619E193D6}_is1) (Version: 1.02 - US-Media-Capital)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Thunderstore Mod Manager (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Overwolf_ahpflogoookodlegojjphcjpjaejgghjnfcdjdmi) (Version: 1.6.0 - Overwolf app)
Toon Boom Storyboard Pro 20 (HKLM-x32\...\{650D991F-8103-1014-B1D7-AEA1A0CDC13C}) (Version: 20.10.1.16823 - Toon Boom Animation)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.45-1 - Wacom Technology Corp.)
WD Desktop App 2.1.0.322 (HKLM-x32\...\{9478cae3-730b-4ffe-b22b-ae8b7787f5d5}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.322 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.336 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
Weather (HKLM-x32\...\Weather) (Version: 9.1.0A - Weather)
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Driver Package - Phase One A/S (WinUSB) USBDevice  (12/14/2018 1.15.0.0) (HKLM\...\9398055CF8BEEF1D6FCF147047450F15A1C7AF2A) (Version: 12/14/2018 1.15.0.0 - Phase One A/S)
WTSilver version 0.0 (HKLM-x32\...\{13B6C361-A725-475B-96F5-5871177F4B14}_is1) (Version: 0.0 - )
Zoom (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)

Packages:
=========
7-Zip File Manager (Unofficial) -> C:\Program Files\WindowsApps\HaukeGtze.7-ZipFileManagerUnofficial_1.1900.3.0_x64__6bk20wvc8rfx2 [2020-08-21] (Hauke Hasselberg)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-07-17] (Adobe Systems Incorporated)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220 [2021-03-19] (Dolby Laboratories)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.38.0.0_x64__ypmq2qh89vmny [2021-03-18] (Turnipsoft)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-11-28] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-18] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0D62594C70D7} -> [Creative Cloud Files] => C:\Users\samue\Creative Cloud Files [2021-07-17 15:06]
CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
SSODL: WDFSMountNotificator-wdfsconnect2017 - {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ContextMenuHandlers1: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PMShellExt] -> {D33CAA34-6010-4798-A3A3-11600C03EDDB} => C:\Program Files\Camera Bits\Photo Mechanic\PMShellMenu\PMShellMenu.dll [2019-04-05] (Camera Bits, Inc.) [File not signed]
ContextMenuHandlers4: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-19] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-01-17 18:49 - 2022-01-17 18:49 - 001987072 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll
2022-01-17 18:49 - 2022-01-17 18:49 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libegl.dll
2022-01-17 18:49 - 2022-01-17 18:49 - 002250240 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libglesv2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2021-07-26 02:54 - 2021-07-26 02:54 - 002637985 _____ () [File not signed] C:\Program Files\WD Desktop App\libfusewdfs.dll
2020-12-04 06:51 - 2020-12-04 06:51 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-01-08 16:49 - 2020-01-08 16:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-01-08 16:49 - 2020-01-08 16:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2017-02-13 13:54 - 2017-02-13 13:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 16:39 - 2009-10-21 16:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2020-06-28 13:39 - 2020-06-28 13:39 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-06-28 13:39 - 2020-06-28 13:39 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-06-28 13:39 - 2020-06-28 13:39 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-02-14 20:09 - 2020-06-28 13:39 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-04 07:02 - 2020-12-04 07:02 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: No Name -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A}' -> No File
BHO-x32: No Name -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A}' -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\samue\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\the_roses_of_heliogabalus.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{6724CE91-2CCA-4CBB-A498-80FB345D87FB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [UDP Query User{894B3385-DA6F-43A9-96E7-7D6F956E79F0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== Restore Points =========================

15-01-2022 01:32:57 Scheduled Checkpoint
16-01-2022 15:24:09 Removed Toon Boom Storyboard Pro 20.
17-01-2022 18:47:51 Removed Toon Boom Storyboard Pro 20.
19-01-2022 06:43:00 Removed Java 8 Update 301
19-01-2022 06:43:12 Removed Java 8 Update 301 (64-bit)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/20/2022 08:48:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.28.0, time stamp: 0x6176c73b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004000
Faulting process id: 0x14c4
Faulting application start time: 0x01d80e045fd0ef5c
Faulting application path: C:\Users\samue\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: unknown
Report Id: a9c984e7-ee01-477b-a383-c0bb8a84a22d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/20/2022 08:30:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1213, time stamp: 0x61dc568d
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x292c
Faulting application start time: 0x01d80e01a23fd1a3
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 4dc054ab-ccd7-493b-90ac-8db42c7d48dc
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2022 05:59:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/17/2022 05:39:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinStore.App.exe version 12101.1001.14.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1bcc

Start Time: 01d80bf300b50dd8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe

Report Id: 43b3606f-7df5-4c6b-926d-d667bd6bc373

Faulting package full name: Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Cross-process

Error: (01/17/2022 05:37:20 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-VMR9NA7)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/15/2022 06:26:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/15/2022 06:25:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Faulting module name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Exception code: 0xc000041d
Fault offset: 0x0000000000232446
Faulting process id: 0x35c8
Faulting application start time: 0x01d80a49dc92c1d1
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Report Id: 72d4cdb4-cf2c-442d-accc-336e0d5940e9
Faulting package full name:
Faulting package-relative application ID:

Error: (01/15/2022 06:25:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Faulting module name: Wacom_Tablet.exe, version: 6.3.45.1, time stamp: 0x6197e722
Exception code: 0xc0000005
Fault offset: 0x0000000000232446
Faulting process id: 0x35c8
Faulting application start time: 0x01d80a49dc92c1d1
Faulting application path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Faulting module path: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Report Id: 5d06c215-d7ae-410f-90b6-a613f65f040c
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (01/20/2022 09:23:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VMR9NA7)
Description: DCOM got error "87" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/20/2022 09:23:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wuauserv service failed to start due to the following error:
The parameter is incorrect.

Error: (01/20/2022 09:23:19 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VMR9NA7)
Description: DCOM got error "87" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/20/2022 09:23:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wuauserv service failed to start due to the following error:
The parameter is incorrect.

Error: (01/20/2022 08:58:46 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VMR9NA7)
Description: DCOM got error "87" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/20/2022 08:58:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wuauserv service failed to start due to the following error:
The parameter is incorrect.

Error: (01/20/2022 08:58:46 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-VMR9NA7)
Description: DCOM got error "87" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/20/2022 08:58:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wuauserv service failed to start due to the following error:
The parameter is incorrect.


Windows Defender:
================
Date: 2021-04-14 19:36:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-13 12:24:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-11 10:05:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-10 10:58:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-08 11:05:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-11-28 23:42:03
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\amdpcidev.inf_amd64_4e064472fc95e244\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:49
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:49
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\W7x64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:47
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\IODriver\PCI\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:47
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\IODriver\PCI\PCI Driver\W7x64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:46
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.50 10/14/2019
Motherboard: ASRock B450M Gaming
Processor: AMD Ryzen 7 3700X 8-Core Processor
Percentage of memory in use: 42%
Total physical RAM: 16313.94 MB
Available physical RAM: 9317.46 MB
Total Virtual: 32185.94 MB
Available Virtual: 22369.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.88 GB) (Free:209.46 GB) NTFS

\\?\Volume{aafe6565-c049-4b41-bf82-d2ddefc2acc6}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{743177cf-dafe-4a84-a588-20a0f7ad96e8}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 190CD766)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

#13
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,310 posts

Hello.
 
The logs are much better now, but I have some questions for you.
 
1. Firefox Home Page
 
It appears that the New Tab in Firefox (for Profile ), this page opens: hxxps://segoonow.com/homepage
 
Is it your choice? If no, please change it.
 
 
2. Programs in question

  • Eset revealed and deleted this folder:

             Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen
 
             It seems that the program Capture One 20 Pro is not legally activated. Please uninstall.

  • You mentioned in your first post here that you are not aware of a process called Weather. You have installed the program Weather. If you didn't install it intentionally, please uninstall.
  • I see in your logs that 3 days ago you uninstalled Toom Boom StoryBoard Pro 20, but it is still shown in your installed programs list. If you don't want it, please uninstall.
  • Are you aware about this program?  WTSilver version 0.0  If not, please uninstall. 

 

3. Crack file
 
Are you aware of this folder? C:\Users\samue\Desktop\Crack
 
If it is something to illegally activate a program, please uninstall the program and remove the folder. 
 
 
4. Not legally activated programs
 
Having such programs is the best and easier way to install malware in your computer. Please uninstall any program not legally activated.
 
 
After you remove any of the programs above, please download and run FSS tool. I would like to check your Services, since it seems there is a problem with at least wuauserv.

  • Please download Farbar Service Scanner and save it on your Desktop. 
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

  • 0






Similar Topics

1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    mallowmallow

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP