Fix result of Farbar Recovery Scan Tool (x64) Version: 23-05-2022 Ran by Marie (25-05-2022 21:26:47) Run:1 Running from C:\Users\Marie\Desktop Loaded Profiles: Marie Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2964040095-1466076873-307546714-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank FirewallRules: [{9DA19C3F-7562-46CB-9B04-8E0034598E2D}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File FirewallRules: [{F137624A-DBE4-46D3-964B-CAFCAC7D2BA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File FirewallRules: [{47E65306-9BFC-4229-B37E-2B2510380843}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => No File FirewallRules: [UDP Query User{9157C0EF-FEAB-4F90-AD1A-4C9A4C90B58D}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe] => (Allow) C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe => No File FirewallRules: [TCP Query User{E63FA332-9178-48B2-85CE-072DD3D2FB3E}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe] => (Allow) C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe => No File FirewallRules: [UDP Query User{35A67AAE-5964-4DAF-94FD-ED6B3E6C38B0}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe => No File FirewallRules: [TCP Query User{3B28BC87-997C-4D35-AB70-F2EF685087CB}C:\program files (x86)\valve\half-life\hl.exe] => (Allow) C:\program files (x86)\valve\half-life\hl.exe => No File FirewallRules: [UDP Query User{94B5D445-BBDC-4368-A86C-FF8FDC0AE98A}C:\gog games\shadowrun hong kong extended edition\srhk.exe] => (Allow) C:\gog games\shadowrun hong kong extended edition\srhk.exe => No File FirewallRules: [TCP Query User{F43788DE-83ED-4619-A9DB-C3896C4CED55}C:\gog games\shadowrun hong kong extended edition\srhk.exe] => (Allow) C:\gog games\shadowrun hong kong extended edition\srhk.exe => No File FirewallRules: [{3D4BC587-495B-4263-AB71-ABDDA23EE4AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File FirewallRules: [{0AB1A933-A620-4467-917C-22489567617F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File FirewallRules: [{04733B03-BD48-48FF-AF0F-B19548F69A5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File FirewallRules: [{149DB85A-30F1-4560-9D32-8693DFD5DC62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File FirewallRules: [UDP Query User{C4B9FF35-0E9B-4828-83EB-CA37955AE3BF}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe] => (Allow) C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe => No File FirewallRules: [TCP Query User{94D0D0F1-6F42-48F2-B012-452E01595270}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe] => (Allow) C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe => No File FirewallRules: [{6D4C50A0-6DBD-44D4-B1BA-6F4D69A5269E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File FirewallRules: [{C72BC142-B600-4309-A656-DEE2DF738059}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File FirewallRules: [{D637D393-5EFB-4F68-9177-D5D9550CE17B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe => No File FirewallRules: [{CBCEAF9A-5E51-4971-8AFA-58C185175D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe => No File FirewallRules: [{66E6AA2E-5208-4B0D-B878-E965F54BB1D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File FirewallRules: [{0B52DA8F-076D-4935-B5FF-60023D6476DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe => No File FirewallRules: [{D4E0DB3B-D416-4425-807A-15033926880E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File FirewallRules: [{59021CD3-CCF2-476D-9B39-C3D618DC40D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hylics\Game.exe => No File FirewallRules: [{42F5F655-9A24-4A96-A613-C6F15056823D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hylics\Game.exe => No File FirewallRules: [{F4D295AA-CBB4-4AD0-9744-A3266CEDF26B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File FirewallRules: [{DC3C219B-F2CD-4442-8B87-F42C4EF05C3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => No File FirewallRules: [{4BF7BB51-D08A-4713-844E-F538ED3AB544}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File FirewallRules: [{71265262-6C56-4087-A472-C97A8BEDFE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File FirewallRules: [UDP Query User{68A4B211-A6AD-4003-A5A0-ED5635EEC0F2}C:\users\marie\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\marie\appdata\roaming\utorrent web\utweb.exe => No File FirewallRules: [TCP Query User{C1ECB21B-D5C9-49F7-8470-C20739FDC21E}C:\users\marie\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\marie\appdata\roaming\utorrent web\utweb.exe => No File FirewallRules: [{3D43AFD2-E5C0-439C-8B68-EDFA79B0E842}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe => No File FirewallRules: [{1942E64B-322B-43A9-B88B-E08570E0B4C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora III\Momodora3.exe => No File FirewallRules: [{AC14D700-00A7-4A43-B82C-0E8A33DE0375}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{6CEA770F-B4F9-456F-9B42-96D68032ABDA}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File FirewallRules: [{349422F6-C616-41C5-91BC-5F0CAAE0DD7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{DD1A0923-7E95-456C-99B7-47FF317EA91E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{711FDEEF-B510-4133-9C34-81F1A0686771}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe => No File FirewallRules: [{2566CD25-F04E-4F1A-A3BC-A23E0CAF71DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gone Home\GoneHome.exe => No File FirewallRules: [{5BCAD969-125F-480A-8889-017E507B042D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File FirewallRules: [{DCE6D5A3-09A3-42DE-8C2F-6C0DFBC3C51B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File FirewallRules: [{B67ECDFD-9C58-452E-86C2-AE9D792AE669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Our Asias\All Our Asias.exe => No File FirewallRules: [{F99743CA-D186-4E1A-B468-9D91D82CFDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Our Asias\All Our Asias.exe => No File FirewallRules: [{61A7D82F-A2E2-4FB2-8E25-1DB5DF022193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe => No File FirewallRules: [{EA1889EC-8F00-4AB4-8744-C99D4672C2A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hook\hook.exe => No File FirewallRules: [{B0B9867A-98F2-455A-A1CA-299AAF5AD844}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Engare\Engare.exe => No File FirewallRules: [{D74A4762-A7B0-4399-BFAE-841A65468FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Engare\Engare.exe => No File FirewallRules: [{57EB884D-7C27-4006-B77A-A16ABDCFFBFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe => No File FirewallRules: [{F740F60E-3029-46CB-8F31-0A9A6C5233BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mountain\Mountain.exe => No File FirewallRules: [{D8EF20DC-6E92-4A93-86D7-894AC74A17F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe => No File FirewallRules: [{0B8B652A-1420-4FA5-BE71-ED4B6B8AD080}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HER STORY\HerStory.exe => No File FirewallRules: [{C9E922BB-B8B4-49AB-926B-7B3A012D3FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe => No File FirewallRules: [{4840A2DE-9C68-4981-9726-D35961EEBFAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe => No File FirewallRules: [TCP Query User{E8AE2D59-5EBD-473F-B822-B867AB82C869}C:\program files\fox\no one lives forever\ereg\navbrowser.exe] => (Block) C:\program files\fox\no one lives forever\ereg\navbrowser.exe => No File FirewallRules: [UDP Query User{26DF90D8-B9F9-40DF-8AD9-46605D9AE9DF}C:\program files\fox\no one lives forever\ereg\navbrowser.exe] => (Block) C:\program files\fox\no one lives forever\ereg\navbrowser.exe => No File FirewallRules: [TCP Query User{BD5A5C88-C536-4F93-A9FA-8BB199CF97C4}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe => No File FirewallRules: [UDP Query User{E8B9DF46-CCA8-4D99-856A-DB86E3FF3EE2}C:\program files (x86)\halo combat evolved\halo.exe] => (Allow) C:\program files (x86)\halo combat evolved\halo.exe => No File FirewallRules: [TCP Query User{7599CEC9-651C-4CCC-AB6D-BAE0E45A2DDB}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\marie\appdata\local\temp\ss2tool\rsync.exe => No File FirewallRules: [UDP Query User{DB5CCA03-D5D5-49E9-BFD9-3D792C7C3FF2}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe] => (Allow) C:\users\marie\appdata\local\temp\ss2tool\rsync.exe => No File FirewallRules: [TCP Query User{D21F674E-3017-4C98-B800-B780EEC27CA2}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\bin\eocapp.exe => No File FirewallRules: [UDP Query User{F77F8FFA-C3F5-4AD3-9FEA-16F6E42B0840}C:\gog games\divinity - original sin 2\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\bin\eocapp.exe => No File FirewallRules: [{BC3AA50D-CF7D-4386-B513-12BB81AF071E}] => (Allow) C:\Users\Marie\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{623B99CE-5E9D-42FC-B6F5-3C6F1B3725AB}] => (Allow) C:\Users\Marie\AppData\Roaming\Zoom\bin\airhost.exe => No File GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {007E68DB-3748-4377-B376-7A912DB9AFE4} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION Task: {15FD9887-A193-41B2-BA32-6960FF15FE88} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe -o pool.supportxmr.com:80 -u 882cATBK88FMXFcfkV834JHatxbTxUpyBVbp4cvVqR6ojKPhASUPc4M2ZyYXqjFKABDEzZERmxzhsXuz4btNkygo39ELM2C -p x (No File) <==== ATTENTION Task: {625F736A-F3D7-44DA-A23F-C6688F50299B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe /startup (No File) <==== ATTENTION Task: {97ABF0F7-3FB7-48E3-B609-92282B3B6D3A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {D67ADCA9-5E1D-4709-A17F-43DD6E401DA1} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] CHR HomePage: Default -> mysearch.avg.com CHR StartupUrls: Default -> "hxxp://capitadiscovery.co.uk/gsa","hxxp://www.google.co.uk/","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.google.com/" CHR StartupUrls: Profile 1 -> "hxxp://www.google.co.uk/","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.1.2.1&pid=safeguard&sg=&sap=hp","hxxp://www.google.co.uk/|hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 13:14:56&v=17.2.0.38&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=17.3.1.204&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.5.512&pid=safeguard&sg=0&sap=hp","hxxp://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.7.598&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.786&pid=safeguard&sg=0&sap=hp","hxxps://mysearch.avg.com?cid={CAEB7B4F-C0D1-4087-A406-7A6A2F19F971}&mid=ba7031927b5947d39dc1314fa046d54b-fb3ef3b01386b7a64a45bfec614b38a473486cd1&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-09 08:03:09&v=18.1.9.799&pid=safeguard&sg=0&sap=hp","hxxp://www.google.com/" cmd: netsh advfirewall reset EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully HKU\S-1-5-21-2964040095-1466076873-307546714-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DA19C3F-7562-46CB-9B04-8E0034598E2D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F137624A-DBE4-46D3-964B-CAFCAC7D2BA0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47E65306-9BFC-4229-B37E-2B2510380843}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9157C0EF-FEAB-4F90-AD1A-4C9A4C90B58D}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E63FA332-9178-48B2-85CE-072DD3D2FB3E}C:\users\marie\downloads\disco.elysium.v29.09.2020-goldberg\disco elysium\disco.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35A67AAE-5964-4DAF-94FD-ED6B3E6C38B0}C:\program files (x86)\valve\half-life\hl.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3B28BC87-997C-4D35-AB70-F2EF685087CB}C:\program files (x86)\valve\half-life\hl.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{94B5D445-BBDC-4368-A86C-FF8FDC0AE98A}C:\gog games\shadowrun hong kong extended edition\srhk.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F43788DE-83ED-4619-A9DB-C3896C4CED55}C:\gog games\shadowrun hong kong extended edition\srhk.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D4BC587-495B-4263-AB71-ABDDA23EE4AA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AB1A933-A620-4467-917C-22489567617F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04733B03-BD48-48FF-AF0F-B19548F69A5B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{149DB85A-30F1-4560-9D32-8693DFD5DC62}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C4B9FF35-0E9B-4828-83EB-CA37955AE3BF}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{94D0D0F1-6F42-48F2-B012-452E01595270}C:\users\marie\downloads\iv.rar\isabella valentine\treegame\treegame.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D4C50A0-6DBD-44D4-B1BA-6F4D69A5269E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C72BC142-B600-4309-A656-DEE2DF738059}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D637D393-5EFB-4F68-9177-D5D9550CE17B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBCEAF9A-5E51-4971-8AFA-58C185175D59}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66E6AA2E-5208-4B0D-B878-E965F54BB1D1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B52DA8F-076D-4935-B5FF-60023D6476DC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4E0DB3B-D416-4425-807A-15033926880E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59021CD3-CCF2-476D-9B39-C3D618DC40D9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42F5F655-9A24-4A96-A613-C6F15056823D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4D295AA-CBB4-4AD0-9744-A3266CEDF26B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC3C219B-F2CD-4442-8B87-F42C4EF05C3B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BF7BB51-D08A-4713-844E-F538ED3AB544}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{71265262-6C56-4087-A472-C97A8BEDFE27}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{68A4B211-A6AD-4003-A5A0-ED5635EEC0F2}C:\users\marie\appdata\roaming\utorrent web\utweb.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C1ECB21B-D5C9-49F7-8470-C20739FDC21E}C:\users\marie\appdata\roaming\utorrent web\utweb.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D43AFD2-E5C0-439C-8B68-EDFA79B0E842}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1942E64B-322B-43A9-B88B-E08570E0B4C9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC14D700-00A7-4A43-B82C-0E8A33DE0375}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CEA770F-B4F9-456F-9B42-96D68032ABDA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{349422F6-C616-41C5-91BC-5F0CAAE0DD7C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD1A0923-7E95-456C-99B7-47FF317EA91E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{711FDEEF-B510-4133-9C34-81F1A0686771}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2566CD25-F04E-4F1A-A3BC-A23E0CAF71DB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5BCAD969-125F-480A-8889-017E507B042D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DCE6D5A3-09A3-42DE-8C2F-6C0DFBC3C51B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B67ECDFD-9C58-452E-86C2-AE9D792AE669}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F99743CA-D186-4E1A-B468-9D91D82CFDBD}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61A7D82F-A2E2-4FB2-8E25-1DB5DF022193}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA1889EC-8F00-4AB4-8744-C99D4672C2A5}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B0B9867A-98F2-455A-A1CA-299AAF5AD844}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D74A4762-A7B0-4399-BFAE-841A65468FAD}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{57EB884D-7C27-4006-B77A-A16ABDCFFBFE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F740F60E-3029-46CB-8F31-0A9A6C5233BB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8EF20DC-6E92-4A93-86D7-894AC74A17F0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B8B652A-1420-4FA5-BE71-ED4B6B8AD080}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9E922BB-B8B4-49AB-926B-7B3A012D3FFA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4840A2DE-9C68-4981-9726-D35961EEBFAC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E8AE2D59-5EBD-473F-B822-B867AB82C869}C:\program files\fox\no one lives forever\ereg\navbrowser.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{26DF90D8-B9F9-40DF-8AD9-46605D9AE9DF}C:\program files\fox\no one lives forever\ereg\navbrowser.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BD5A5C88-C536-4F93-A9FA-8BB199CF97C4}C:\program files (x86)\halo combat evolved\halo.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E8B9DF46-CCA8-4D99-856A-DB86E3FF3EE2}C:\program files (x86)\halo combat evolved\halo.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7599CEC9-651C-4CCC-AB6D-BAE0E45A2DDB}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DB5CCA03-D5D5-49E9-BFD9-3D792C7C3FF2}C:\users\marie\appdata\local\temp\ss2tool\rsync.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D21F674E-3017-4C98-B800-B780EEC27CA2}C:\gog games\divinity - original sin 2\bin\eocapp.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F77F8FFA-C3F5-4AD3-9FEA-16F6E42B0840}C:\gog games\divinity - original sin 2\bin\eocapp.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC3AA50D-CF7D-4386-B513-12BB81AF071E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{623B99CE-5E9D-42FC-B6F5-3C6F1B3725AB}" => removed successfully C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{007E68DB-3748-4377-B376-7A912DB9AFE4}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{007E68DB-3748-4377-B376-7A912DB9AFE4}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15FD9887-A193-41B2-BA32-6960FF15FE88}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15FD9887-A193-41B2-BA32-6960FF15FE88}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Winlogui => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Winlogui" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{625F736A-F3D7-44DA-A23F-C6688F50299B}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{625F736A-F3D7-44DA-A23F-C6688F50299B}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\winrmsrv" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97ABF0F7-3FB7-48E3-B609-92282B3B6D3A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97ABF0F7-3FB7-48E3-B609-92282B3B6D3A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D67ADCA9-5E1D-4709-A17F-43DD6E401DA1}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D67ADCA9-5E1D-4709-A17F-43DD6E401DA1}" => removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI\SrvHost => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\SrvHost" => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully "Chrome HomePage" => removed successfully "Chrome StartupUrls" => removed successfully "Chrome StartupUrls" => removed successfully ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 1310720 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 101291713 B Java, Discord, Steam htmlcache => 394979502 B Windows/system/drivers => 6277691 B Edge => 843726 B Chrome => 1006802208 B Firefox => 232198909 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B ProgramData => 6656 B Public => 6656 B systemprofile => 6656 B systemprofile32 => 6656 B LocalService => 13312 B NetworkService => 39806 B Marie => 30293836 B RecycleBin => 15866318101 B EmptyTemp: => 16.4 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:30:31 ====