Greetings-
The last couple of days I've noticed a rare occurrence of a suspicious browser hijack popping up a graphic page asking me to click to prove "I'm not a robot." I searched and it's apparently something called "mykiger". I know I have seen it on the PC I'm sitting at now (Win 10 Desktop) and I *think* I've seen it on my Win10 laptop too. This particular incident is for the desktop.
So far I've been able to "escape" it by just closing the tab and moving on, but I have no idea how deep its hooks have gotten. I hunted around for my last logs from a PC several builds ago and found I still had a login for GeekstoGo, from 2012. So here I am again at last.
(additional probably unrelated info: I discovered I had some sort of "hiccup" back on 10/15/2021 that moved some files from a directory in my D: to some "found" directories. Probably corrupt, I probably need a new drive. But it's the only other blip I've experienced recently.)
Thanks!
-dale
---------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-11-2021
Ran by dalem (administrator) on DESKTOP-OQ73F3L (11-11-2021 22:06:41)
Running from C:\Users\dalem\Desktop
Loaded Profiles: dalem
Platform: Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareService.exe
(Adaware Software (Lavasoft Software Canada Inc.) -> ) C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareTray.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0346830.inf_amd64_f723e13ffb3b2652\B345901\atiesrxx.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotification.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Discord Inc. -> Discord Inc.) C:\Users\dalem\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <3>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_21_9\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MQS\QcShm.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MSC\MfeBrowserHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.1001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952096 2020-03-10] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareTray.exe [4882168 2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-02-22] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [STUISpeedLauncher] => C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe [411136 2015-02-09] () [File not signed]
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [Discord] => C:\Users\dalem\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\dalem\AppData\Local\WebEx\ciscowebexstart.exe [4934984 2021-10-29] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\...\Windows x64\Print Processors\us005PC: C:\Windows\System32\spool\prtprocs\x64\us005pc.dll [43520 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\us005 Langmon: C:\WINDOWS\system32\us005lm.dll [22528 2017-06-14] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-10-28] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {011F71FA-0437-411B-A5BC-56E6FEC69F83} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (No File)
Task: {13D904CB-937C-4C33-AA26-A59E79D94E1D} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe [1889696 2021-01-07] (McAfee, Inc. -> McAfee, LLC.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {2DFB9BB0-3F66-4E56-ABE4-9FB2F7779AFA} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {32F7EBBB-2048-4417-97E5-1428F2A7E4F8} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)
Task: {4B659983-D679-40BD-95FA-AB98C706CC31} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4695104 2021-10-01] (McAfee, LLC -> McAfee, LLC)
Task: {5C43EB5C-A64D-4D32-A167-2E5493836295} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (No File)
Task: {5D06F9B1-7928-4924-9F2F-F4C3FDD60529} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [757944 2021-05-06] (McAfee, LLC -> McAfee, LLC)
Task: {6D6A7DFC-2EA5-4E00-B56B-7312DC518E62} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [890248 2019-05-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {71A42A9C-4873-4454-B3D7-4B92BF07427F} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {8BF25168-2659-42B5-973A-79B526A0E582} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {9221330E-5538-415D-B37C-CA52DF4E7758} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-05-22] (Advanced Micro Devices, Inc.) [File not signed]
Task: {9D85908A-AD18-4FD3-A327-B9D638699AB4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1032448 2021-08-02] (McAfee, LLC -> McAfee, LLC)
Task: {9D8E9D60-D599-4F3B-BC57-F7CF740A72BA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {AB9CF8CC-E324-4D33-AD02-3802999DA56C} - System32\Tasks\EPM Preload => C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2DotNetHandler.exe [752200 2018-05-20] (HP Inc. -> )
Task: {D31CE78D-B65F-438F-8F82-7ABDA3284064} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [4119992 2021-10-07] (McAfee, LLC -> McAfee, LLC)
Task: {E20D8F6C-C4FB-45EA-8D91-B21FACC1C304} - System32\Tasks\AMDInstallUEP => C:\Program Files\AMD\InstallUEP\AMDInstallUEP.exe (No File)
Task: {E94CD4E2-878D-4AA2-B81A-A1DABD016E2D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
Task: {F4B14C95-DA58-40AA-B871-A55C0DA8DAB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-01] (Google LLC -> Google LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a3ecad54-bb73-4810-b02c-3e8cac2386fa}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Edge:
=======
DownloadDir: C:\Users\dalem\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> hxxps://pjmedia.com/instapundit/
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-11]
Edge DownloadDir: Default -> C:\Users\dalem\Downloads
Edge HomePage: Default -> hxxps://pjmedia.com/instapundit/
Edge StartupUrls: Default -> "hxxps://pjmedia.com/instapundit/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Session Restore: Default -> is enabled.
Edge Extension: (Cisco Webex Extension) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2021-08-13]
Edge Extension: (Scener – Virtual Movie Theater) - C:\Users\dalem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lkhjgdkpibcepflmlgahofcmeagjmecc [2021-09-25]
FireFox:
========
FF DefaultProfile: wbr9n80g.default-1521393837949
FF ProfilePath: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 [2021-11-11]
FF Homepage: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://www.scabard.com/pbs/
FF NewTab: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=BT170902&iDate=2019-02-01 03:35:20&bName=
FF HomepageOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF NewTabOverride: Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949 -> Disabled: web@TV
FF Extension: (YouTube™ Flash® Player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\
[email protected] [2018-10-06]
FF Extension: (TV) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\
[email protected] [2019-06-15] [UpdateUrl:hxxps://dadrz7o8a3etj.cloudfront.net/WebExtensions/all-exts/update.json]
FF Extension: (Open in VLC™ media player) - C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\Extensions\{6b954d17-d17c-4a19-8fe6-ee8052a562d6}.xpi [2019-10-12]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF SearchPlugin: C:\Users\dalem\AppData\Roaming\Mozilla\Firefox\Profiles\wbr9n80g.default-1521393837949\searchplugins\Search Now.xml [2020-12-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2021-11-09] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF HKLM\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2021-10-29] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2021-10-22] (McAfee, LLC -> )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dalem\AppData\Roaming\mozilla\plugins\npatgpc.dll [2021-06-25]
Chrome:
=======
CHR Profile: C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default [2020-11-29]
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Bing®
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D020119-N0630A2D586A4510&form=CONMHP&conlogo=CT3335800
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (Slides) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-01]
CHR Extension: (Docs) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-01]
CHR Extension: (Google Drive) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-01]
CHR Extension: (YouTube) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-01]
CHR Extension: (Sheets) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-01]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-01]
CHR Extension: (Search Manager) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmgebopaejnjlncllgmcenbbflikfjd [2020-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-01]
CHR Extension: (Gmail) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\dalem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKU\S-1-5-21-3599443798-625604178-375638978-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareService.exe [587104 2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-05-22] (AMD) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-11-09] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_21_9\McApExe.exe [797576 2021-10-22] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\4.7.101.0\\McCSPServiceHost.exe [2845608 2021-10-11] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [1242112 2021-09-24] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1677024 2021-10-23] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4288832 2021-08-31] (McAfee, LLC -> McAfee, LLC)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2019-02-17] (Samsung Electronics CO., LTD. -> )
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-02-22] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [74752 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [97696 2021-07-27] (McAfee, LLC -> McAfee, LLC)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [574464 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [390656 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [90048 2021-09-28] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [526336 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1088512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [638464 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [110080 2021-09-16] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [118784 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [256512 2021-09-28] (McAfee, Inc. -> McAfee, LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [641736 2021-08-27] (Bitdefender SRL -> Bitdefender)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-11 22:06 - 2021-11-11 22:07 - 000026933 _____ C:\Users\dalem\Desktop\FRST.txt
2021-11-11 22:05 - 2021-11-11 22:05 - 000000000 ____D C:\Users\dalem\Desktop\FRST-OlderVersion
2021-11-11 22:04 - 2021-11-11 22:07 - 000000000 ____D C:\FRST
2021-11-11 22:03 - 2021-11-11 22:05 - 002312192 _____ (Farbar) C:\Users\dalem\Desktop\FRST64.exe
2021-11-11 22:01 - 2021-11-11 22:01 - 002299904 _____ (Farbar) C:\Users\dalem\Downloads\FRST64.exe
2021-11-11 21:40 - 2021-11-11 21:40 - 000000000 ____D C:\Users\dalem\AppData\Roaming\adaware
2021-11-11 21:40 - 2021-11-11 21:40 - 000000000 ____D C:\Users\dalem\AppData\Local\AdAwareDesktop
2021-11-11 21:39 - 2021-11-11 21:39 - 000002399 _____ C:\Users\Public\Desktop\Adaware Antivirus.lnk
2021-11-11 21:39 - 2021-11-11 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2021-11-11 21:39 - 2021-11-11 21:39 - 000000000 ____D C:\Program Files\adaware
2021-11-11 21:38 - 2021-11-11 21:38 - 017663736 _____ C:\Users\dalem\Downloads\Adaware_Installer_UM.exe
2021-11-11 21:38 - 2021-11-11 21:38 - 000000000 ____D C:\ProgramData\adaware
2021-11-11 01:45 - 2021-11-11 01:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-10 20:44 - 2021-11-10 20:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-10 20:44 - 2021-11-10 20:44 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-10 20:39 - 2021-11-10 20:39 - 000000000 ___HD C:\$WinREAgent
2021-11-10 13:44 - 2021-11-10 13:44 - 007570553 _____ C:\Users\dalem\Downloads\bb.zip
2021-11-10 13:43 - 2021-11-10 13:43 - 024789008 _____ C:\Users\dalem\Downloads\cccc.zip
2021-11-04 12:25 - 2021-11-11 01:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-04 00:21 - 2021-11-04 00:21 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-04 00:21 - 2021-11-04 00:21 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-02 20:35 - 2021-11-05 20:40 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-10-31 10:47 - 2021-10-31 10:48 - 275218658 _____ C:\Users\dalem\Downloads\TheWolfWorldsStenSeriesBook2_ep6.aax
2021-10-29 22:38 - 2021-11-11 01:44 - 000000000 ____D C:\ProgramData\McInstTemp0262821635568702
2021-10-25 19:47 - 2021-10-25 19:47 - 006580877 _____ C:\Users\dalem\Downloads\Calculating character sheet - NBA v1_13.pdf
2021-10-24 19:04 - 2021-10-24 19:05 - 130894753 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_linked.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004711904 _____ C:\Users\dalem\Downloads\Zalozhniy_Quartet_Sampler.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 004183454 _____ C:\Users\dalem\Downloads\Double_Tap_Sample.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 002303634 _____ C:\Users\dalem\Downloads\The_Dracula_Dossier_Directors_Handbook_preview.pdf
2021-10-24 19:04 - 2021-10-24 19:04 - 001429934 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.epub
2021-10-24 19:04 - 2021-10-24 19:04 - 001153956 _____ C:\Users\dalem\Downloads\Nights_Black_Agents_-_Kenneth_Hite.mobi
2021-10-22 15:49 - 2021-10-22 15:49 - 006409918 _____ C:\Users\dalem\Downloads\Time_Sensitive_Onboarding_Documents_for_Signa.pdf
2021-10-21 07:13 - 2021-10-21 07:13 - 001751736 _____ ( ) C:\Users\dalem\Downloads\videosolo-blu-ray-player-1.1.10 (2).exe
2021-10-15 09:22 - 2021-10-15 09:22 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-15 09:22 - 2021-10-15 09:22 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-12 08:30 - 2021-10-12 08:30 - 001751736 _____ ( ) C:\Users\dalem\Downloads\videosolo-blu-ray-player-1.1.10 (1).exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-11-11 22:06 - 2018-01-22 14:35 - 000000000 ____D C:\Program Files (x86)\Steam
2021-11-11 22:02 - 2020-04-01 10:54 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-11 22:01 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-11 21:46 - 2018-12-30 00:09 - 000000000 ____D C:\Users\dalem\AppData\Roaming\discord
2021-11-11 21:45 - 2020-09-19 15:47 - 000000000 ____D C:\Users\dalem\AppData\Local\Discord
2021-11-11 21:40 - 2018-06-10 11:51 - 000000000 ____D C:\Users\dalem\AppData\Local\D3DSCache
2021-11-11 21:05 - 2020-09-15 02:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-11 18:00 - 2018-01-21 19:36 - 000000000 ____D C:\Users\dalem\AppData\Roaming\.minecraft
2021-11-11 13:14 - 2020-09-15 02:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-11-11 01:50 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-11 01:48 - 2020-09-15 02:58 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-11 01:48 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-11 01:45 - 2020-11-29 11:00 - 000000000 __RSD C:\Users\dalem\Documents\McAfee Vaults
2021-11-11 01:45 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-11 01:45 - 2018-01-21 19:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-11 01:45 - 2018-01-21 19:06 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\Mozilla
2021-11-11 01:45 - 2018-01-21 19:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-11 01:44 - 2020-09-15 02:59 - 000003112 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-11-11 01:44 - 2020-09-15 02:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-11 01:44 - 2020-09-15 02:52 - 000450984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-11 01:44 - 2020-09-15 02:52 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-11 01:44 - 2018-01-21 17:40 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-11 01:43 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-11 01:43 - 2019-02-17 19:20 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-11 01:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-11 01:42 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-11 00:33 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\Local\WebEx
2021-11-11 00:21 - 2018-01-21 18:58 - 000000000 ____D C:\Users\dalem\AppData\Roaming\vlc
2021-11-10 20:46 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 20:39 - 2018-01-22 22:15 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 20:37 - 2018-01-22 22:15 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-08 23:08 - 2021-08-24 12:23 - 000000000 ____D C:\Program Files\dotnet
2021-11-08 23:08 - 2018-03-17 20:33 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-07 16:11 - 2020-09-15 02:59 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3599443798-625604178-375638978-1001
2021-11-07 16:11 - 2020-09-15 00:50 - 000002379 _____ C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-07 10:34 - 2020-06-24 01:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-06 15:42 - 2021-06-22 06:24 - 000000000 ____D C:\Users\dalem\valorandvictory
2021-11-04 14:59 - 2019-12-07 03:03 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2021-11-02 22:11 - 2018-02-05 18:27 - 000000000 ____D C:\Users\dalem\AppData\Local\PlaceholderTileLogoFolder
2021-11-02 20:41 - 2018-01-21 18:33 - 000000000 ____D C:\Users\dalem\AppData\Local\Packages
2021-11-02 20:35 - 2018-06-20 15:02 - 000000000 ____D C:\ProgramData\Packages
2021-10-29 22:39 - 2020-09-15 02:59 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2021-10-29 22:39 - 2018-01-21 22:12 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-10-28 17:03 - 2020-04-01 10:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-28 17:03 - 2020-04-01 10:54 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-10-28 09:29 - 2020-09-15 02:59 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2021-10-25 19:17 - 2020-10-28 00:33 - 000000000 ____D C:\Users\dalem\Calibre Library
2021-10-24 14:25 - 2021-06-25 05:27 - 000000000 ____D C:\Users\dalem\AppData\LocalLow\WebEx
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-10-19 08:15 - 2018-08-23 08:52 - 000000000 ____D C:\Program Files (x86)\Java
2021-10-19 08:14 - 2018-08-23 08:52 - 000164696 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2021-10-18 14:09 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-16 01:24 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-16 01:14 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-13 17:18 - 2019-08-12 19:52 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2021-02-28 13:18 - 2021-02-28 13:18 - 000004903 _____ () C:\Users\dalem\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2021
Ran by dalem (11-11-2021 22:07:47)
Running from C:\Users\dalem\Desktop
Microsoft Windows 10 Home Version 21H1 19043.1348 (X64) (2020-09-15 08:59:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3599443798-625604178-375638978-500 - Administrator - Disabled)
dalem (S-1-5-21-3599443798-625604178-375638978-1001 - Administrator - Enabled) => C:\Users\dalem
DefaultAccount (S-1-5-21-3599443798-625604178-375638978-503 - Limited - Disabled)
Guest (S-1-5-21-3599443798-625604178-375638978-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3599443798-625604178-375638978-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\uTorrent) (Version: 3.5.5.45291 - BitTorrent Inc.)
adaware antivirus (HKLM-x32\...\{6C5EEACE-A287-4510-93EF-4AD407892429}_AdAwareInstaller) (Version: 12.10.181.0 - adaware)
AdAwareInstaller (HKLM\...\{6C5EEACE-A287-4510-93EF-4AD407892429}) (Version: 12.10.181.0 - adaware) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Amazon Amazon Music) (Version: 7.6.0.1902 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.5.2 - Advanced Micro Devices, Inc.)
AntimalwareEngine (HKLM\...\{7045914E-E799-4061-A4FE-E58FB40CB0C1}) (Version: 3.1.280.0 - adaware) Hidden
Armored Brigade (HKLM-x32\...\Armored Brigade) (Version: 1.000 - Matrix Games)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BrLauncher (HKLM-x32\...\{C332FFD4-D911-4429-B071-DE2D2F2A9040}) (Version: 2.0.13.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother IPPoverUSB Driver (HKLM-x32\...\{59079CC5-EF18-4F31-B6CC-8276EB4053AE}) (Version: 1.1.0.0 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{055AD757-30D5-4689-B378-FAE12E7D28F0}) (Version: 1.2.0.0 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{D0F69DE9-EE0B-4A7A-8248-6D5EC97D171C}) (Version: 1.0.23.0 - Brother Industries Ltd.) Hidden
calibre 64bit (HKLM\...\{E3517FE8-B504-4D1D-94DE-EF326AEF314F}) (Version: 5.3.0 - Kovid Goyal)
Cisco Webex Meetings (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
Combat Mission Afrika Korps (HKLM-x32\...\Combat Mission Afrika Korps v1.0_is1) (Version: - Battlefront.com, Inc.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Field of Glory (HKLM-x32\...\Field of Glory) (Version: 2.5.02.1042 - Slitherine)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient)
Hoyle Casino Games (HKLM-x32\...\{0DB17436-91DB-4BE0-A9F2-6955BA9D6CE2}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Slots (HKLM-x32\...\{FF82A507-7891-4A7E-90D1-79AB5969840E}) (Version: 1.00.0000 - Encore Software, Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iPod Support (HKLM\...\{4B5933A1-A781-400E-B4A2-3ECC375375E4}) (Version: 120.7.3.55 - Apple Inc.)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R40 - McAfee, LLC)
Microsoft .NET Runtime - 5.0.12 (x64) (HKLM-x32\...\{5bd6ae15-bcab-4509-86af-c5dfc54b60d7}) (Version: 5.0.12.30622 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.44 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Reader (HKLM-x32\...\{B6F7DBE7-2FE2-458F-A738-B10832746036}) (Version: - )
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Minutor (HKLM-x32\...\{4F34B0A4-1E8A-436E-9616-B1F715583A74}) (Version: 2.1.0 - Sean Kasun)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.1 (x64 en-US)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{96CEE8C3-B934-48A4-ADA6-91B7CE8A5002}) (Version: 1.2.17.0 - Brother Industries, Ltd.) Hidden
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
OneUpdater (HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\OneUpdater) (Version: 1.0.0.0 - VOMPT Limited)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.28 - Samsung Electronics Co., Ltd.) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{C2430580-570A-48D4-BF61-FA55E35BD052}) (Version: 1.0.8.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{D42470A0-E4C3-41C9-9A92-B1B23FD13F8C}) (Version: 1.21.6.0 - Brother Insutries Ltd.) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TextPad 8 (HKLM\...\{6437A18A-5868-4510-8057-62EBEA5231D8}) (Version: 8.1.2 - Helios)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.67 - Samsung Electronics CO., LTD.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VASSAL (3.2.17) (HKLM\...\VASSAL (3.2.17)) (Version: 3.2.17 - vassalengine.org)
VideoSolo Blu-ray Player 1.0.32 (HKLM-x32\...\{3FE47865-D020-4666-92D2-40322D48E361}_is1) (Version: 1.0.32 - VideoSolo Studio)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Web Companion (HKLM-x32\...\{4da205e4-46cd-4e62-abeb-cb8f39d4e4eb}) (Version: 7.0.2417.4248 - Lavasoft)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.648 - McAfee, LLC)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Packages:
=========
AccuWeather - Weather for Life -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.348.1000_x64__8zz2pj9h1h1d8 [2021-10-09] (AccuWeather) [MS Ad]
Add Music To Videos -> C:\Program Files\WindowsApps\39691Videopix.AddMusicToVideos_1.1.15.0_x64__dxz7h1qnd1pge [2021-04-14] (Videopix)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-11] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2021-10-09] (Plex)
Quarrel -> C:\Program Files\WindowsApps\38062AvishaiDernis.DiscordUWP_20.7.5.0_x64__q72k3wbnqqnj6 [2021-10-09] (Adam Dernis) [MS Ad]
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2018-03-29] (Samsung Electronics Co. Ltd.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0 [2021-10-29] (Spotify AB) [Startup Task]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-3599443798-625604178-375638978-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareShellExtension.dll [2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.181.0\AdAwareShellExtension.dll [2021-10-07] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-3599443798-625604178-375638978-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2017-03-07] (Helios Software Solutions Ltd -> )
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-12-05 19:25 - 2018-01-18 15:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-08-04 10:55 - 2017-12-22 12:53 - 000180224 _____ () [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2017-12-05 19:25 - 2018-01-18 15:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 03:47 - 2018-03-13 03:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2014-09-08 13:38 - 2014-09-08 13:38 - 000051200 _____ () [File not signed] C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2019-08-16 11:37 - 2019-08-16 11:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\WINDOWS\SYSTEM32\amdihk64.dll
2018-05-12 14:41 - 2017-10-27 10:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2017-11-08 00:35 - 2017-11-08 00:35 - 000123904 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020119-N0700A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D020119-N0700A2D586A4510&form=CONBDF&conlogo=CT3335800&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3599443798-625604178-375638978-1001 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyB0ByEyEyB0CzyyEtByD0E0ByC0BtN0D0Tzu0StBzzyCyDtN1L2XzuyEtFyDyBtFtDtFyDyBtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyD0C0E0E0AyBzztBtGyEtD0D0BtGtBzz0FzztGtD0DtCyBtG0BtCzy0CyC0D0FtAyC0CtCtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD1TtB1OyB1RzzzytGzytByCtDtGyE1RyC1OtG1S1O1OzztG1R1Rzz1PzyyByDtA1RtA1P1R2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAtDtDzytAtAyB%26cr%3D1938799620%26a%3Dwny_iouweqrlz2ontegikmoq799x1b8e_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2021-11-09] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2021-10-22] (McAfee, LLC -> McAfee, LLC)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-18 15:03 - 2017-03-18 15:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-3599443798-625604178-375638978-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dalem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3599443798-625604178-375638978-1001\...\StartupApproved\Run: => "uTorrent"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A4C9CA3E-1CEC-4773-8865-31510CA92A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{82E19896-E698-4329-9CCC-08E06A605A90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spirit Island\SpiritIsland.exe () [File not signed]
FirewallRules: [{0BD47CD0-53C6-468B-AD34-FA30AFB4C47D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{4961841F-AAD7-461B-ACBF-5BBC12AC8412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iwo Jima\IwoJima.exe () [File not signed]
FirewallRules: [{E50A75BF-1018-464B-B1CF-1FBF8AAA0179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{49E77D7A-42F8-4279-BF72-DD3E5181D78F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rebel Inc Escalation\Rebel Inc. Escalation.exe () [File not signed]
FirewallRules: [{091563F7-B347-4947-AB2A-0AFB3E13E71C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{637D6DC0-1D97-4C36-A66B-06D0A444841D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{717080A2-E3D6-4DF5-B700-2EDC1FA48138}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{EF2286F6-DEDF-43A6-A7DF-5E539F0B1E78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RebelGalaxy\SteamLauncher.exe (Double Damage Games Inc.) [File not signed]
FirewallRules: [{50DE897F-F4DC-4E04-9099-DCD11F04ACF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{2425B39F-D4F2-477F-AFBB-D794038667C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Defcon\Defcon.exe (Introversion Software) [File not signed]
FirewallRules: [{E724D557-1D0E-4754-9DB3-85856BE82854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{3326BB17-F98C-4D92-8F42-9CAF5198591B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe (Microsoft) [File not signed]
FirewallRules: [{1E15B93F-81EE-4D61-A9CB-C82E70B33241}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{F6FF3AAB-F2EF-4445-8E5B-DEA86DD163C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Bureau\Binaries\Win32\TheBureau.exe (Valve Corp. -> 2K Marin, Inc.) [File not signed]
FirewallRules: [{2FCB2CDE-FEA6-4E22-80A6-D30449F4FF66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{65C191ED-70B7-4731-9AE5-8D3CD30F725F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Panzer Corps\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{2F78CA3C-2B0C-407B-AB3A-DDBD00D36836}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{9F1D7A1F-F967-46BA-9B74-0896630D3026}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{82570A68-5C3A-4B5C-9F60-37382E7369D2}] => (Allow) LPort=54955
FirewallRules: [{A60A3585-8E79-4553-89C3-EFE51F3F3DFA}] => (Allow) LPort=54950
FirewallRules: [{85730F1A-1CB0-4EB6-90FD-1251B963569D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{2AD96524-1A61-4945-94DB-D17DF31EDD39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\autorun.exe => No File
FirewallRules: [{A8FF0EAD-41DA-46EC-AF1A-63D0C924ABDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{8DD92079-9EFD-45E6-9D8A-7ED81C80477F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Drive on Moscow\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E42CB51A-17C7-4CD2-A1FD-8E70F89C53E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{CB38BEF0-C51E-451F-AE13-955ADBF8B119}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle of the Bulge\autorun.exe (Slitherine Ltd -> Matrix Publishing Ltd.)
FirewallRules: [{E988CF1A-4BB2-4206-82AD-5430EEBBA5B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{EAED4AF9-FB81-4B37-B373-3D078735F7E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Axis & Allies Online\AxisAndAlliesOnline.exe => No File
FirewallRules: [{40384A16-867A-4F5A-8B48-3BCD4244A9BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{1F2C2545-4E97-4E51-81F9-C849381A787A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HardWest\HardWest.exe () [File not signed]
FirewallRules: [{67E485AE-0EAF-431B-B0AF-504A62B0A263}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{39C2EFF7-4FA7-4D92-8D0F-D4FAA720CF1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Space Hulk\game.exe () [File not signed]
FirewallRules: [{6A2F5372-AF1D-42FF-BE16-83FF99FF4B1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{7BD7C20D-B389-493F-AF0D-5DE3F60D03E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NOBUNAGA'S AMBITION Sphere of Influence\N14PKLauncher.exe (KOEI TECMO GAMES CO., LTD. -> KOEI TECMO GAMES CO., LTD.)
FirewallRules: [{0FC01B86-AC75-4429-8DAE-54DDBC75B330}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{3950B385-0F0A-4436-8D54-23746221D5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe () [File not signed]
FirewallRules: [{12AAF236-4504-47B7-8CD4-F3033ABABB29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{6B05BD90-8918-4CFD-B125-6ADB71463E00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles 2\GSB2.exe () [File not signed]
FirewallRules: [{B4F39558-70B1-48E0-B84A-86F698E891A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{33109564-9D32-4684-A161-3691FE4C3478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stars in Shadow\sis64.exe (Ashdar Games Inc. -> )
FirewallRules: [{89A25041-9676-4D00-909B-0B8259867919}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{900A83F0-983C-4573-A1FD-7CA0CA498E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gratuitous Space Battles\GSB.exe () [File not signed]
FirewallRules: [{05D7FBB3-DA71-4028-8607-278D0BB2CADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{E2897A40-2881-421A-9838-0A7AC0FE53CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{0E55C94F-942A-40E3-8C62-9083580C4187}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{DF48AAD2-A023-462A-A404-F4EF919347CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Close Combat Panthers in the Fog\autorun.exe (Slitherine Ltd. -> Matrix Games)
FirewallRules: [{088D10E2-DABF-4111-8349-726B8F1AABE4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{948B648B-B323-4F3C-83C2-CED43A62A1FA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1FF46CD6-57E2-43AF-AAEB-CD88D00ECF22}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{EBAE541E-FCEE-4F6E-835B-F1B37797C110}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{DA2064EA-9E39-4B0F-B48F-605F9FE53402}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{310D2F4F-BEA7-46C5-998C-FB6B96C795B8}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{970447B1-219D-4CC8-A6EE-33E7AB85A3D4}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{3C75B2D2-5273-4CAE-822E-86B2B11320D4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F6AA9459-B0D4-44D7-B55D-E5F7E5AA623A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2FC2F3F0-A38E-4DBB-85B0-FFCFD1DA6D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{9DAECDA0-CCB4-484A-8DE8-A7CBDA675A88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Race for the Galaxy\Race.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{72AEC3A7-4F36-4A7B-8BAD-4282072BFB42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{4C1DEA1C-0D90-404E-AA89-0381F78CF2E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Desktop Dungeons\DesktopDungeons.exe () [File not signed]
FirewallRules: [{119E2071-795A-4065-888D-E9D9AABDBC8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{D80EA7A6-F395-4C4E-9AA4-5D25EB87733E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{F2B600F2-823B-4834-8E18-13B2E7B5C666}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7700F605-CCE0-4401-8977-01428544FBAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{47C06BE2-7101-416C-973C-5F2F72318A3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{F8663787-374C-4625-9C22-D459B0B63C92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aggressors Ancient Rome\autorun.exe (Slitherine Ltd -> Slitherine Publishing Ltd.)
FirewallRules: [{E5E5AC8E-4442-4074-845A-481ACB76F665}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{9E2AE1FD-F827-4B07-A996-1BB0FE58D3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{5CD1CBE2-DDB5-44F8-9ED1-6C70674EFCD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{BF41656D-1812-490D-BD26-CD4FF3D493CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraforming Mars\TerraformingMars.exe () [File not signed]
FirewallRules: [{8DAD25DA-13A6-441B-B4E8-C762F05BCCAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{4CBBD028-26E2-40D7-AB7B-F871563B7634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tharsis\tharsis.exe () [File not signed]
FirewallRules: [{89AF9E33-3229-4CE9-875A-D340EA43CC8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{ECFDB7DB-7583-45C3-8030-F1D8D53C0628}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Order of Battle Pacific\autorun.exe (Slitherine Software UK Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{E1342BFF-2526-44CE-9EE1-EDD4A009D0AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{B91F188B-CD9B-4EAA-A726-FCFB32CAFC4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{4F6130E7-62F4-432A-9998-FBE92FA59276}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{516AB0E8-2240-4404-A163-9A633630DD1B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{BFF2C298-2455-4502-BC5F-0E75786B1DB3}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0FC1E2B9-C0F2-43F9-8F0C-6FC45EC07058}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{45D9D03D-6DBF-4D98-8179-BDC532D95431}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4AD0DA7B-41B9-482E-86C3-66A1D8182778}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{1B6B11B6-24B4-4FC9-9E4F-F5A0FAB9B26D}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0428C9E6-DCBC-438E-81A6-850E2DBA9F88}] => (Allow) C:\Users\dalem\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4D31C5DF-228D-4F44-A52C-F2631E5C9F28}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{5977B9E0-C55B-42D3-B4AD-FE73764046C3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{C03B41D3-6DF1-4599-BD12-67F6C98A8C81}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{A5905CDA-489A-4069-9F42-F53427E766CF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{9B647C46-4D7D-4C4E-A6B4-1EF40EFC0389}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{80916E14-1953-4697-9074-FF041BA6EA49}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{08C70099-0FB4-4300-9239-90D2F07EECA9}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{ECEE5C6A-5B84-41E3-8CD3-1F0F3B70F962}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{A4474B7F-76DD-4A48-959D-BBE05535D43B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{4314CAB6-60A5-4042-BFCB-D757232AB093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{6FF64FB1-699C-4966-BF89-76E8B6E05A4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Into the Breach\Breach.exe () [File not signed]
FirewallRules: [{30D6F85B-31D5-4F0A-906E-24785B16E82E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{17A4207B-2090-4DA5-A89B-EEA4E9ADF5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Starfighter\Starfighter.exe () [File not signed]
FirewallRules: [{9804197B-8DC3-42FD-8D65-C80C4628906A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{D599A3BC-C738-4868-A061-647AA00A6F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe (Maxis) [File not signed]
FirewallRules: [{3D1D9085-4A5A-4EA2-BB5B-6AF80B9CF76D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{3E8C78CA-2C4A-459B-9FE8-6904C9166143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\makehist.exe => No File
FirewallRules: [{BF0B7368-719E-4B1C-AFFD-ED2965FBD503}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{720B4A8A-786E-48B4-8BD6-7D09032B7B58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Making History Gold\bin\ed.exe => No File
FirewallRules: [{F4211D51-DC0A-424F-8901-A75E371A4B00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{E042D7FF-F6BD-467C-A29E-068A3EF0C3BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{F71AC68D-C110-45F2-9BE1-B0332037E79F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{C7D5396A-591F-4733-A179-5D3E5CC2D7AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{3988456F-B38B-45DC-820D-65C8290D27A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{83F3CE13-62D9-4185-90C8-D5B47E5F779C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fort Sumter\FortSumter.exe () [File not signed]
FirewallRules: [{19BB8468-6A7D-47B7-8A33-D2F9805C35A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{2EC1EBAA-8806-4F80-9FFE-719671B9B73F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Between the Stars\BetweenTheStars.exe () [File not signed]
FirewallRules: [{C99A6F24-7B0C-4337-8F24-A06DECCD11DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{17E75E5B-9111-493E-A85E-6E6504159167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{ED6833FB-8979-46B7-AFAB-8AB92585F82D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{BEABA52E-C74B-4B94-B4ED-2E003A72341A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Labyrinth The War on Terror\Labyrinth.exe () [File not signed]
FirewallRules: [{316A38B2-49BB-493B-8263-E4553D795583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{82F81DA8-2453-487E-948D-26FDACA8DD15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fantasy General II\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{094488BB-290B-430C-AB35-21ECA9E6B5E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{8325BDA7-B635-4E2A-AC1B-17D4BB84DC3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [File not signed]
FirewallRules: [{0288E1AE-CF15-4968-8099-82818A741FAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{315156DE-07BE-4453-B722-7DA2662391CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{B2D84E78-2196-4C24-B14A-95F5FD2704E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{C8C9FB74-22ED-4B5E-A365-253E32A7D1E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carrier Battles 4 Guadalcanal\CarrierBattles4Guadalcanal.exe () [File not signed]
FirewallRules: [{AB4250E0-F0CA-43A1-8D41-9E3D91CEE1B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{F5059D73-2819-4472-897F-7E6178D6D029}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roll for the Galaxy\Roll.exe (Temple Gates Games LLC) [File not signed]
FirewallRules: [{27C1BBA2-1C02-4B6A-AAC6-378C04E8F323}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{5D570449-71E7-47E8-869D-1AFC59E67270}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{15B89EFF-C1CE-4B74-9811-D5F8BAE9DBD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{097EC5D7-0517-47A2-B136-8929FE05F795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battle Brothers\win32\BattleBrothers.exe () [File not signed]
FirewallRules: [{F260384B-8CD4-4270-BAF3-691D38506C06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{406E230E-BB64-4685-BC0B-8A34BD8BF828}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces (Prologue)\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{5DBBFDD8-501A-40A7-9EF2-0028218A9256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{0F0B8933-C93B-491F-B08C-6F7C19132597}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fights in Tight Spaces\FightsInTightSpaces.exe () [File not signed]
FirewallRules: [{35664D0A-B671-43EB-9E31-3F05E06EAF13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{F139791B-4EA9-4402-B2F0-1E08A509006A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yomi\Yomi.exe () [File not signed]
FirewallRules: [{EDBC52B2-8484-4B7A-BD7D-856A823D05B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{560CD5AF-0605-4F98-BA96-C89F439EAA91}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civil War II\autorun.exe (Slitherine Ltd. -> Matrix Publishing Ltd.)
FirewallRules: [{C4A58B91-4FA4-464E-A96C-720296C74D0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{34BD72EC-AEAD-4497-9C0F-3253CE9F7179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Barbarossa\Cauldrons of War.exe () [File not signed]
FirewallRules: [{6931784C-B430-401F-B0B1-C9E48B14239C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{236DC0DE-0ACB-4F2A-B40F-34AADF07FA1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cauldrons of War - Stalingrad\Cauldrons of War Stalingrad.exe () [File not signed]
FirewallRules: [{EB5100C6-5C15-487E-B174-1C9E64507BA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{4A353A3E-5334-4878-BE0D-26FCD0ED8DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KARDS\kards.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A1ED21C3-EE2F-499F-946C-2D6172D164A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{BF846BB0-DDBC-4B6D-8602-03B5F5A18BFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline World War II\Frontline World War II.exe () [File not signed]
FirewallRules: [{71C146F0-E372-45DA-898D-9A77B88CECBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{C7E588DA-FB08-4040-BD64-AAF888D38883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Western Front\Frontline Western Front.exe () [File not signed]
FirewallRules: [{B6818CD8-6EDE-4670-9E82-5D5BE73B4D40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{8E70E6AE-0E40-4F09-A6D3-09CAEAE3D096}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline The Great Patriotic War\PW.exe () [File not signed]
FirewallRules: [{3A0C7294-3036-49EB-8F3E-489A1BC9AE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{B835739F-B2FB-4886-8865-44442B8B1F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Frontline Blitzkrieg!\Game.exe () [File not signed]
FirewallRules: [{E0201CB1-DD2B-4A3C-995E-384324BD5AE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{478F2866-EDDB-4B2D-AB90-92F19513EAF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Valor and Victory\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{E01A6333-8D84-4A70-904D-4CDCE17C1CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{D2D77DF2-4B09-4592-BD4F-8428F81C9BDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [{5EB05C02-8589-4C4D-8FD1-4D60AF9DC2C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{A8AC9023-BF1D-4F35-AFD4-2826F9AEB89F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ogre\Ogre.exe () [File not signed]
FirewallRules: [{2BC02A41-8472-40A9-8FC8-766482D9494B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{6A2760AC-C808-4476-81A2-159A6CF09CCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio Demo\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{2E26ED2F-6B5F-41A8-A548-ED7898A65FC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{F4B5C197-216F-4FBA-B777-4DF79585B08A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\CmdOps.exe () [File not signed]
FirewallRules: [{A7D84937-0C46-4F79-8931-D7D3FB2AD324}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{4DBF6A60-D6CD-41B2-8F95-23C97B535F9B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\MapMaker.exe () [File not signed]
FirewallRules: [{31F284FE-CB65-48AF-87EF-0F22E32E94C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C8A32E50-67E5-4046-8EF6-51F3467BD915}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\ScenMaker.exe () [File not signed]
FirewallRules: [{C6E471D5-DA64-4E26-8C06-36FB6422F28D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{038FC860-81BB-421D-87AF-DDF6AFD759C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EstabEditor.exe () [File not signed]
FirewallRules: [{C8E95729-1379-4CDE-AD97-3DB085D90499}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{6279C4E2-ABF1-41EE-B4A1-90E2E5C25D66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\EM.exe () [File not signed]
FirewallRules: [{F91F1408-4E86-4800-83A5-18F8FF36998C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{1C27F52F-8C66-4F64-8716-44F90F12DAEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command Ops 2\WorkshopManager.exe () [File not signed]
FirewallRules: [{C1BDC899-9060-4B7A-B887-AE22F44BBFDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{51D15B7E-6141-4A12-8B4B-9A0DCCAACD0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4D989036-2827-4832-9417-5587E8776545}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D44128C5-4137-44BF-BF56-2225AD7B9D29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B2A37D3-AB56-4068-AE52-609C3B518673}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{86CA54E0-BF68-43E8-A3DB-E426F7C03235}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47ED3AF8-D72B-461B-831D-FCDE35349291}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA87B7EC-9791-43FF-8D3C-7CB7FB432D39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{883B3EC1-6A66-44DB-AD76-D8ED648F5F70}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.171.560.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F23BA3D-B3AC-4012-AA53-A4F122FC9947}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AFECC72E-B166-449B-A0E1-FA740096A1AE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7188B239-8F07-425A-8E57-F492FEB8FE73}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{973DC6F6-D506-4168-8701-81718833C1E2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{89B6C70A-53D5-4069-859D-FAFA5D162A97}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AD63EA97-C16A-41F4-89C1-7422D5CA285B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{246F4DE5-B0AD-4264-AC67-BA54AD3DE093}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{954057B6-318D-4CFE-A983-43858129CB89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{652B73A4-6631-485E-8005-63C42267E5AB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3B2F3B25-4566-4027-B5E0-28E3D4A60DFF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CCCDF852-4AAC-4C25-B794-02BB16E42FA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{51B0CB12-E1DF-4430-A6E2-A4A8CC607376}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0894DDC2-19AA-4241-8D33-4F4B02314961}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
==================== Restore Points =========================
28-10-2021 06:57:41 Scheduled Checkpoint
06-11-2021 04:27:13 Scheduled Checkpoint
08-11-2021 00:36:42 Windows Modules Installer
10-11-2021 20:39:15 Windows Modules Installer
11-11-2021 21:39:24 AA11
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/11/2021 09:13:40 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (11/11/2021 02:14:02 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (11/11/2021 01:46:22 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
Error: (11/11/2021 01:44:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TouchBasedUI.dll, version: 1.1.74.0, time stamp: 0x54d8a958
Faulting module name: V4PrinterDesktopUINative.dll, version: 1.2.56.0, time stamp: 0x54cfc0e1
Exception code: 0xc0000005
Fault offset: 0x0000000000003ef4
Faulting process id: 0x1354
Faulting application start time: 0x01d7d6d004d47025
Faulting application path: C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.dll
Faulting module path: C:\Program Files\Samsung\Stylish UI Pack\V4PrinterDesktopUINative.dll
Report Id: 9af3d0ae-47d8-44ed-a328-05be6925844d
Faulting package full name:
Faulting package-relative application ID:
Error: (11/11/2021 01:44:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TouchBasedUI.dll
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
at TouchBasedUI.Common.FeatureHandlerService..ctor(StartupContext, TouchBasedUI.Common.CConfigurationFilePath)
at TouchBasedUI.Common.AggregatorBuilder..ctor(StartupContext, TouchBasedUI.Common.CConfigurationFilePath)
at TouchBasedUI.MainWindow..ctor(StartupContext)
at TouchBasedUI.App.OnCreateWindow(StartupContext)
at TouchBasedUI.Common.BaseApplication.CreateMainWindowCommon(StartupContext)
at TouchBasedUI.Common.BaseApplication.OnStartup(System.Windows.StartupEventArgs)
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at TouchBasedUI.Program.RunApp(System.String[])
at TouchBasedUI.Program.Main(System.String[])
Error: (11/11/2021 01:44:18 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
Error: (11/11/2021 01:44:18 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
Error: (11/11/2021 01:44:18 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
System errors:
=============
Error: (11/11/2021 08:41:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Samsung - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1.
Error: (11/11/2021 01:43:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s).
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (11/11/2021 01:42:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OQ73F3L)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (11/10/2021 09:03:41 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (11/10/2021 08:39:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Samsung - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1.
Error: (11/09/2021 02:00:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: ApplicationSet-9PB2MZ1ZMB1S-AppleInc.iTunes.
CodeIntegrity:
===============
Date: 2021-11-11 21:13:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee.com\Agent\WSCLLCGlobalSign.exe that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-11-11 21:13:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-11-11 21:13:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 1203 12/25/2017
Motherboard: ASUSTeK COMPUTER INC. TUF Z270 MARK 2
Processor: Intel® Core i5-7600K CPU @ 3.80GHz
Percentage of memory in use: 92%
Total physical RAM: 8133.76 MB
Available physical RAM: 582.96 MB
Total Virtual: 27589.76 MB
Available Virtual: 16511.5 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.03 GB) (Free:103.8 GB) NTFS
Drive d: (Data) (Fixed) (Total:1397.26 GB) (Free:548.32 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:571.65 GB) NTFS
\\?\Volume{30748c3d-54a7-42cd-932e-0104cd4b876e}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{de9868d4-1430-4cfb-8747-81db6d6babb5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 0D1C6D57)
Partition 1: (Active) - (Size=1397.3 GB) - (Type=06)
==========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================