Hello,
I think some malicious software has been installed on my computer and is either keylogging or sending my passwords out to someone. In the past week my facebook, instagram, gmail and other accounts have been logged into. I change the passwords on my phone and things are good for a few days but the moment I log into them on the home PC they're all compromised again. Gmail suggested the windows device has also been compromised. I ran a malware bytes but it didn't find anything, the pc seems to be running fine with no popups or anything but I keep getting compromised. Help!
Thanks a million.
________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2022 01
Ran by GERTY (administrator) on DESKTOP-33JOO9N (Gigabyte Technology Co., Ltd. Default string) (24-06-2022 07:33:34)
Running from C:\Users\GERTY\OneDrive\Desktop
Loaded Profiles: GERTY
Platform: Microsoft Windows 10 Home Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Elite Gamer\Elite Gamer.exe ->) (The CefSharp Authors) [File not signed] C:\Program Files (x86)\Elite Gamer\CefSharp.BrowserSubprocess.exe <4>
(C:\Program Files (x86)\Elite Gamer\Elite Gamer.exe ->) (WTFast -> ) C:\Program Files (x86)\Elite Gamer\gpnc\gpnc.exe
(C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe ->) (NETGEAR TAIWAN CO., LTD -> NETGEAR) C:\Program Files (x86)\NETGEAR\A7000\A7000.EXE
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(C:\Users\GERTY\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe ->) (Skype Software Sarl -> ) C:\Users\GERTY\AppData\Local\Temp\is-1J8B8.tmp\Skype-Setup.tmp
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Corsair Components, Inc. -> Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Discord Inc. -> Discord Inc.) C:\Users\GERTY\AppData\Local\Discord\app-1.0.9005\Discord.exe <6>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(explorer.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(explorer.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(explorer.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(explorer.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(explorer.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (WTFast -> ) C:\Program Files (x86)\Elite Gamer\Elite Gamer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <12>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel® Intel Network Drivers -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nalpeiron LTD -> Nalpeiron Ltd.) [File not signed] C:\Windows\SysWOW64\nlssrv32.exe
(services.exe ->) (NETGEAR -> Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(services.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(services.exe ->) (Wacom Technology Corp. -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(services.exe ->) (ZeroTier, Inc. -> ) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Users\GERTY\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
(svchost.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\GERTY\AppData\Local\Microsoft\OneDrive\22.111.0522.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\consent.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe <2>
(svchost.exe ->) (Ring.com) C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\Ring.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2017-04-19] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942744 2018-12-17] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [21430992 2018-03-27] (Corsair Components, Inc. -> Corsair Components, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11186440 2022-06-22] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2022-05-09] (Intel Corporation -> Intel)
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4282328 2022-06-06] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Run: [EADM] => E:\Origin\Origin.exe [3137816 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Run: [EpicGamesLauncher] => E:\Ghost Recon Breakpoint\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32648144 2022-06-10] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Run: [Discord] => C:\Users\GERTY\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Run: [GogGalaxy] => E:\GOG Galaxy\GalaxyClient.exe [13926752 2021-10-05] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Run: [Megatron] => C:\Program Files (x86)\Elite Gamer\Elite Gamer.exe [1428176 2021-08-24] (WTFast -> )
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [116060024 2022-05-17] (Skype Software Sarl -> Skype Technologies S.A.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX410 series XPS: C:\Windows\system32\CNMXLMAL.DLL [385024 2012-03-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\HP D711 Status Monitor: C:\Windows\system32\hpinkstsD711LM.dll [393352 2017-03-27] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.53\Installer\chrmstp.exe [2022-06-22] (Google LLC -> Google LLC)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A7000 Genie.lnk [2019-05-03]
ShortcutTarget: NETGEAR A7000 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe (NETGEAR -> Realtek Semiconductor Corp.)
Startup: C:\Users\GERTY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-09-03]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\Users\GERTY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-04-04]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\GERTY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-12-09]
ShortcutTarget: Twitch.lnk -> C:\Users\GERTY\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02EA87DB-AB26-4E99-B8CF-7572AA32265A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {123E7A0D-0C7B-426B-BFD1-2FE6488A02A0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {250063C0-7A5F-40B9-8FD7-9183E2C7AEE6} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [67472 2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {3863F8D8-0909-4666-8FCA-ABEA619ED687} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {38D43559-1D2B-4570-853C-61895D80E151} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {3A9F3FAB-55DA-4C45-9B3D-F3AD847C4C04} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23246768 2022-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {3CD6DACD-2D3B-4DBE-A91A-505CD3B4F908} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)
Task: {445DA7CA-E069-47D4-9E5D-36520F2E66C6} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {491B5635-7A77-42E3-BDF3-7E66D3FB78A4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CD02494-B4DD-4913-BEBB-28DA6198BA6C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5DD528ED-4A61-4F55-8F45-268A82ECA4E0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5FFBCEA0-FDA7-401C-8B81-AFC589C0DEEB} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {77995065-714C-4E38-A878-E676AAD59DC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-19] (Google Inc -> Google Inc.)
Task: {79747058-377F-4DFF-95C4-B0E3C1FC3C4C} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8101E796-2AA7-4C53-900A-BC19AD6AC633} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {899DA326-1307-4F08-9B8B-575181DB4F96} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8DB97AA2-D0FC-4184-A500-BD7396D22F2E} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {903651D4-D6F0-45C0-8F03-3CA5D878CB39} - System32\Tasks\{C9C2676D-349D-4FD5-87EE-E1F74959C239} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002
Task: {914907A2-2F1B-4540-8A62-C276EF969953} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)
Task: {99EFFE0E-252D-44AC-8135-F86506220840} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {A3E8DFD6-7A7A-43CA-87DA-A88123F597FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {A6E241A7-199C-4246-BEF3-90A46BD03B54} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD451E11-32A2-4F75-A7CA-1030A9E5FB95} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144800 2022-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {AD84D997-9098-4C4E-8F5E-D4350BE06795} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AE9D3A2B-58C7-4D1A-B961-0EEDA72C74E9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B1EB247A-832E-48DC-A8AA-57FC8A727BD8} - System32\Tasks\{831B2018-0F28-4055-982D-4F026E5C38FF} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002
Task: {B2063C23-7176-4805-A334-B179FF74419E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF8772F8-642F-4C5C-9D12-61F104CF5530} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {CE3FCD76-1E52-4C9F-B2BB-9A07CA2B6C17} - System32\Tasks\{217A3AE5-AF5C-41FD-8C3F-DBF7E16FDBC5} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.26.0.101&LastError=12002
Task: {DF15D288-973B-438C-927F-BE5B1002AF96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-01-19] (Google Inc -> Google Inc.)
Task: {E6920B5E-D23E-4107-85E9-7438DBB98DC7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E7D5E6B7-2D89-4917-A642-AFB03D9A7715} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {EE6A2547-08E9-4B03-8E98-23252482D7EE} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F48F0EB8-0966-4F09-B9C3-18D1ED07E0D9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-04] (Dropbox, Inc -> Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0ab1f5be-ef7a-44aa-a7c2-4b486ed98046}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{4e999797-9664-4c73-a597-a4d40ad98a93}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{55d1c91e-8a6c-4169-94e5-6b23f5c4ae58}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{72f42264-1a93-420f-931c-dbbeaaac671b}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{b10c1023-c31c-4566-9ee5-24cda4bfadf1}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\GERTY\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-24]
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\GERTY\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-12]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: spvnkvcx.default-1528494074254
FF ProfilePath: C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254 [2022-06-24]
FF Notifications: Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254 -> hxxps://www.rabb.it; hxxps://www.facebook.com; hxxps://www.instagram.com; hxxps://www.pcgamer.com; hxxps://www.gamesradar.com; hxxps://www.fashionnova.com
FF Extension: (Honey) - C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254\Extensions\[email protected] [2021-06-23]
FF Extension: (To Google Translate) - C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254\Extensions\[email protected] [2022-03-01]
FF Extension: (RetailMeNot Deal Finder™️) - C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254\Extensions\[email protected] [2022-06-17]
FF Extension: (FxIF) - C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254\Extensions\{6e0746af-fa34-4e33-a478-0a0a8785b8a1}.xpi [2021-01-22]
FF Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2022-05-23]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-06-07]
FF Extension: (Safe Search powered by Yahoo) - C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Profiles\spvnkvcx.default-1528494074254\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi [2021-08-06] [UpdateUrl:hxxps://addons.safetybrowsing.com/gyff/updates.json]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\GERTY\AppData\Local\Google\Chrome\User Data\Default [2022-06-21]
CHR Notifications: Default -> hxxps://ww5.0123movie.net; hxxps://www.reddit.com
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\GERTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\GERTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-21]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\GERTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-14]
CHR Extension: (Skype) - C:\Users\GERTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2022-05-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\GERTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-14]
CHR Profile: C:\Users\GERTY\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-30]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0315601655649074mcinstcleanup; C:\ProgramData\McInstTemp0315601655649074\McInst.exe [939432 2018-12-16] (McAfee, Inc. -> McAfee, Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-09-03] (Adobe Systems) [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-05-24] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11988384 2022-06-17] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2022-01-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46872 2022-06-22] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [39352 2022-05-09] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [184248 2022-05-09] (Intel Corporation -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-04-10] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-04-30] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 GalaxyClientService; E:\GOG Galaxy\GalaxyClientService.exe [1990496 2021-10-05] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-15] (GOG Sp. z o.o. -> GOG.com)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-19] (Malwarebytes Inc. -> Malwarebytes)
R2 NetgearA7000; C:\Program Files (x86)\NETGEAR\A7000\RtlService.exe [45784 2013-07-03] (NETGEAR -> Realtek Semiconductor Corp.)
S3 NGS; C:\WINDOWS\NGService.exe [2994248 2018-10-10] (NEXON Korea Corporation. -> NEXON Korea Corporation)
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [66560 2012-12-21] (Nalpeiron LTD -> Nalpeiron Ltd.) [File not signed]
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2466608 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3344176 2019-11-19] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2020-10-14] (Even Balance, Inc. -> )
R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-10-09] (Realtek Semiconductor Corp -> Realtek)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2584528 2022-04-14] (Rockstar Games, Inc. -> Rockstar Games)
S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-10-09] (Realtek Semiconductor Corp -> Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2020-06-02] (Realtek Semiconductor Corp -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH -> TeamViewer GmbH)
S3 TwitchService; C:\Program Files\Common Files\Twitch\TwitchService.exe [331648 2020-12-10] (Twitch Interactive, Inc. -> )
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc. -> Reason Software Company Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZeroTierOneService; C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe [1788400 2019-09-04] (ZeroTier, Inc. -> )
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 A7000; C:\WINDOWS\system32\DRIVERS\A7000.sys [7957576 2019-05-03] (NETGEAR TAIWAN CO., LTD -> Realtek Semiconductor Corporation)
S3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudioamd64.sys [95184 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Components, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45528 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21968 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 gdrv; C:\Windows\gdrv.sys [26192 2016-05-09] (Giga-Byte Technology -> Windows ® Server 2003 DDK provider)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-10-05] (Logitech -> Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-10-31] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
S4 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-10-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\system32\DRIVERS\wireguard.sys [165384 2021-10-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R2 WtfEngineDrv; C:\WINDOWS\system32\Drivers\WtfEngineDrv.sys [41704 2021-08-24] (Initeks, OOO -> AAA Internet Publishing, Inc.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2017-01-05] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (Splitmedialabs Limited -> SplitmediaLabs Limited)
S3 XSpltVid; C:\WINDOWS\system32\DRIVERS\XSpltVid.sys [118800 2020-09-16] (Microsoft Windows Hardware Compatibility Publisher -> SplitmediaLabs Limited)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-06-24 07:19 - 2022-06-24 07:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-06-22 04:14 - 2022-06-22 04:14 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-06-22 04:14 - 2022-06-22 04:14 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-06-22 04:14 - 2022-06-22 04:14 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-06-22 04:14 - 2022-06-22 04:14 - 000046872 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-06-19 07:34 - 2022-06-19 07:34 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-06-19 07:34 - 2022-06-19 07:34 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-06-19 07:31 - 2022-06-19 07:31 - 000000000 ____D C:\ProgramData\McInstTemp0315601655649074
2022-06-18 17:07 - 2022-06-18 17:07 - 000000000 _____ C:\ProgramData\R3X8UXYKO0WH0IB1E3EE.exe
2022-06-16 09:36 - 2022-06-16 09:36 - 000001434 _____ C:\WINDOWS\system32\default_error_stack-000051-000000.txt
2022-06-16 08:19 - 2022-06-16 08:19 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-16 08:18 - 2022-06-16 08:18 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-16 08:18 - 2022-06-16 08:18 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-16 08:18 - 2022-06-16 08:18 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-06-16 08:18 - 2022-06-16 08:18 - 000011787 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-16 08:11 - 2022-06-16 08:11 - 000000000 ___HD C:\$WinREAgent
2022-06-14 08:29 - 2022-06-14 08:29 - 000001379 _____ C:\Users\Public\Desktop\Skype.lnk
2022-06-14 08:29 - 2022-06-14 08:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-06-12 14:07 - 2022-06-12 14:07 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000050-000000.txt
2022-06-11 17:08 - 2022-06-12 14:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-05-25 08:19 - 2022-05-25 08:19 - 000001427 _____ C:\WINDOWS\system32\default_error_stack-000049-000000.txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-06-24 07:34 - 2017-12-13 17:04 - 000000000 ____D C:\FRST
2022-06-24 07:33 - 2016-05-13 15:21 - 000000000 ____D C:\Program Files (x86)\Steam
2022-06-24 07:31 - 2020-10-16 13:45 - 000000000 ____D C:\Users\GERTY\AppData\Roaming\discord
2022-06-24 07:28 - 2022-02-08 11:57 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-06-24 07:27 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-06-24 07:27 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-06-24 07:27 - 2016-11-21 10:54 - 000000000 ___DC C:\Users\GERTY\AppData\LocalLow\Mozilla
2022-06-24 07:26 - 2020-06-25 13:47 - 000000000 ____D C:\ProgramData\Rosetta Stone
2022-06-24 07:20 - 2022-03-02 16:07 - 000000000 ____D C:\Users\GERTY\AppData\Roaming\DropboxElectron
2022-06-24 07:20 - 2022-01-04 10:03 - 000000000 ____D C:\Users\GERTY\AppData\Local\Dropbox
2022-06-24 07:20 - 2021-03-18 19:20 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{778C475F-F1FB-425D-9A2E-CDC0EBAC6A8C}
2022-06-24 07:19 - 2022-01-04 10:03 - 000000000 ____D C:\Program Files (x86)\Dropbox
2022-06-24 07:19 - 2017-05-02 15:24 - 000000000 ____D C:\ProgramData\NVIDIA
2022-06-24 07:19 - 2017-01-19 17:33 - 000000000 ____D C:\Program Files (x86)\Google
2022-06-24 07:17 - 2021-12-21 16:49 - 000000000 ___RD C:\Users\GERTY\iCloudDrive
2022-06-24 07:17 - 2021-12-21 15:22 - 000000000 ___RD C:\Users\GERTY\iCloudPhotos
2022-06-24 07:17 - 2021-03-04 11:35 - 000000000 ____D C:\Users\GERTY\AppData\Local\Discord
2022-06-24 07:17 - 2016-05-13 15:02 - 000000000 ___RD C:\Users\GERTY\OneDrive
2022-06-23 12:15 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-06-23 10:36 - 2021-03-18 19:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-06-23 10:16 - 2018-02-23 20:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-22 14:46 - 2017-01-19 17:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-06-20 11:37 - 2016-05-13 15:06 - 000000000 ___DC C:\Users\GERTY\AppData\Local\CrashDumps
2022-06-19 07:34 - 2021-10-12 18:17 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-19 07:34 - 2021-10-12 18:17 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-06-19 07:34 - 2019-12-04 20:14 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-19 07:34 - 2019-12-04 20:14 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-06-19 07:34 - 2019-12-04 20:14 - 000000000 ____D C:\Program Files\Malwarebytes
2022-06-19 07:34 - 2016-10-17 18:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-06-19 07:31 - 2021-10-14 13:36 - 000000000 ____D C:\Users\GERTY\AppData\Roaming\Proton Technologies AG
2022-06-19 07:31 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2022-06-19 07:31 - 2017-12-07 13:20 - 000000000 ___DC C:\Users\GERTY\AppData\Local\Packages
2022-06-19 07:31 - 2017-05-18 21:38 - 000000000 ____D C:\ProgramData\McAfee
2022-06-17 15:23 - 2016-03-03 12:51 - 000000000 ____D C:\Program Files\Microsoft Office
2022-06-17 15:20 - 2020-06-16 12:22 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-17 15:20 - 2020-06-16 12:22 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-06-16 15:05 - 2021-03-18 19:18 - 001454788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-16 15:05 - 2021-03-18 14:11 - 000487952 _____ C:\WINDOWS\system32\perfh011.dat
2022-06-16 15:05 - 2021-03-18 14:11 - 000133178 _____ C:\WINDOWS\system32\perfc011.dat
2022-06-16 15:01 - 2021-03-18 19:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-06-16 15:01 - 2021-03-18 19:11 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-16 15:01 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-06-16 09:38 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-06-16 09:37 - 2021-03-18 19:11 - 000541552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-16 09:36 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-16 09:36 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-16 08:20 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-06-16 08:18 - 2021-03-18 19:12 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-16 08:10 - 2016-05-14 14:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-16 08:07 - 2020-10-07 13:15 - 000000000 ____D C:\Program Files\dotnet
2022-06-16 08:07 - 2016-05-14 14:30 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-16 08:07 - 2016-03-03 12:49 - 000000000 ____D C:\ProgramData\Package Cache
2022-06-16 08:05 - 2021-04-27 18:03 - 000003442 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71c66220d4fc2
2022-06-16 08:05 - 2021-03-18 19:20 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-14 08:28 - 2017-03-22 13:22 - 000000000 ___RD C:\Program Files (x86)\Skype
2022-06-14 08:28 - 2016-05-13 15:15 - 000000000 ____D C:\ProgramData\Skype
2022-06-13 16:54 - 2021-12-11 09:36 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1050297925-20334412-4027152003-1003
2022-06-13 16:54 - 2021-03-18 19:20 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1050297925-20334412-4027152003-1003
2022-06-13 16:54 - 2021-03-18 14:35 - 000002379 ____C C:\Users\GERTY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-13 13:50 - 2018-06-15 17:29 - 000000000 ___DC C:\Users\GERTY\AppData\Local\D3DSCache
2022-06-12 14:08 - 2016-05-13 15:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-12 10:29 - 2021-09-10 12:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-12 10:29 - 2016-05-13 15:13 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-06-07 10:16 - 2018-07-10 11:35 - 000000000 ____D C:\ProgramData\Packages
2022-05-25 16:19 - 2021-03-18 14:35 - 000000000 ____D C:\Users\GERTY
2022-05-25 08:24 - 2022-05-24 12:14 - 000000000 ___RD C:\Users\GERTY\OneDrive\Documents\Scanned Documents
==================== Files in the root of some directories ========
2022-06-18 17:07 - 2022-06-18 17:07 - 000000000 _____ () C:\ProgramData\R3X8UXYKO0WH0IB1E3EE.exe
2018-08-13 20:26 - 2019-04-14 18:36 - 000000191 _____ () C:\Program Files (x86)\Please READ.txt
2021-02-23 12:33 - 2021-02-23 12:33 - 000007605 _____ () C:\Users\GERTY\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2022 01
Ran by GERTY (24-06-2022 07:35:18)
Running from C:\Users\GERTY\OneDrive\Desktop
Microsoft Windows 10 Home Version 21H2 19044.1766 (X64) (2021-03-19 02:20:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1050297925-20334412-4027152003-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1050297925-20334412-4027152003-503 - Limited - Disabled)
GERTY (S-1-5-21-1050297925-20334412-4027152003-1003 - Administrator - Enabled) => C:\Users\GERTY
Guest (S-1-5-21-1050297925-20334412-4027152003-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1050297925-20334412-4027152003-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-1033-0000-0000-000000000001}) (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (HKLM-x32\...\{8EDBA74D-0686-4C99-BFDD-F894678E5B39}) (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Help Center 1.0 (HKLM-x32\...\{E9787678-1033-0000-8E67-000000000001}) (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (HKLM-x32\...\{786C5747-1033-0000-B58E-000000000001}) (Version: 001.000.000 - Adobe Systems) Hidden
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.0.6 - Electronic Arts, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.43.4 - Bethesda Softworks)
Call of Duty Black Ops 4 (HKLM-x32\...\Call of Duty Black Ops 4) (Version: - Blizzard Entertainment)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CM Storm Mizar Gaming Mouse (HKLM-x32\...\{9E070A33-9857-4A95-9F10-0C5EA92D6D9F}_is1) (Version: 1.0.8 - Cooler Master)
Corsair Utility Engine (HKLM-x32\...\{BB25387A-061E-42E9-AB2F-64073B3E3180}) (Version: 2.24.50 - Corsair)
Destiny 2 (HKLM-x32\...\Destiny 2) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{D1259A1F-3E93-452F-8F61-9F63F41C91D8}) (Version: 22.130.0.5 - Intel Corporation) Hidden
Drawpile 2.1.17 (HKLM\...\{DC47B534-E365-4054-85F0-2E7C6CCB76CC}_is1) (Version: 2.1.17 - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 151.4.4304 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
Elite Gamer 5.3.6 (HKLM-x32\...\{548D713D-EA8D-4117-A74A-93E9592C1480}_is1) (Version: 5.3.6.0 - Cox Communications)
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 76 (HKLM-x32\...\Fallout 76) (Version: - Bethesda Softworks)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.53 - Google LLC)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: - Rockstar Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
iCloud Outlook (HKLM\...\{F054257C-600A-4918-B730-F6829E491781}) (Version: 13.0.0.201 - Apple Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{19B7322D-268B-4D88-AA3E-938F36F9DCE9}) (Version: 22.3.20.6 - Intel) Hidden
Intel® Chipset Device Software (HKLM\...\{C965318A-AA36-4F94-9ED5-AE5391F452B2}) (Version: 10.1.2.9 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{5fa248d9-79b2-48fb-9add-72660adaed4e}) (Version: 10.1.2.9 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D17293BC-1678-4281-B94E-DBCF66AE7611}) (Version: 2.4.08919 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{60DC6F22-D268-44F0-8720-200033508384}) (Version: 11.0.0.1158 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{DF17C0DB-76D8-4A45-B26E-674F8455B803}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Network Connections 20.2.3001.0 (HKLM\...\{638A518B-0D2E-4143-ACF8-F3D83D822E85}) (Version: 20.2.3001.0 - Intel) Hidden
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.16.1063 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{9503AD68-6198-4081-9F57-1F346D7B58D4}) (Version: 14.8.16.1063 - Intel Corporation) Hidden
Intel® SUR QC Software Asset Manager (HKLM\...\{B3804557-9824-4918-AA88-0DFAC94CD3B5}) (Version: 3.5.5033 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000130-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.130.0.2 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{0f33739d-b6ed-44b0-9a0d-6b87544be7c0}) (Version: 22.3.20.6 - Intel)
Intel® Software Installer (HKLM-x32\...\{85cb0eee-e264-4335-ac48-f589f2d69657}) (Version: 22.130.0.5 - Intel Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 6.0.5.2 (HKLM\...\{9645CDEF-085C-45F7-A3CD-B4B7046EF78C}) (Version: 6.0.5.2 - The Document Foundation)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft .NET Core Host - 3.1.26 (x64) (HKLM\...\{8CD96F46-64AC-41C6-89B7-550211EF09BC}) (Version: 24.104.31323 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.26 (x64) (HKLM\...\{719B5BF9-FD92-4C36-A33E-E4F4C7171979}) (Version: 24.104.31323 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.26 (x64) (HKLM\...\{DCDE73DC-A733-4712-8A04-4343372D21E8}) (Version: 24.104.31323 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15225.20288 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 102.0.1245.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 102.0.1245.44 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\OneDriveSetup.exe) (Version: 22.111.0522.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.26 (x64) (HKLM\...\{22CD266C-7B5C-4399-8020-8F6CB12AAB9D}) (Version: 24.104.31323 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.26 (x64) (HKLM-x32\...\{24e939f4-9eb3-4ccf-9175-d491a44a9d78}) (Version: 3.1.26.31323 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 101.0.1 (x64 en-US)) (Version: 101.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 101.0.1.8194 - Mozilla)
MSVCRT Redists (HKLM\...\{52116C70-79F9-11E6-9541-BB95F5A309BD}) (Version: 1.0 - MAGIX Computer Products Intl. Co.) Hidden
NETGEAR A7000 Genie (HKLM-x32\...\{E34F424D-99BB-4176-8BCB-F0A749D744B4}) (Version: 1.0.0.15 - NETGEAR) Hidden
NETGEAR A7000 Genie (HKLM-x32\...\InstallShield_{E34F424D-99BB-4176-8BCB-F0A749D744B4}) (Version: 1.0.0.15 - NETGEAR)
Neverwinter Nights Diamond Edition (HKLM-x32\...\1207658890_is1) (Version: 2.1.0.21 - GOG.com)
Neverwinter Nights Diamond Edition (HKLM-x32\...\GOGPACKNWNDIAMOND_is1) (Version: 2.0.0.15 - GOG.com)
NJStar Japanese WP6 (HKLM-x32\...\NJStar Japanese WP6) (Version: 6.20 - NJStar Software Corp.)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 472.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 472.12 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20288 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.56.33908 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Realtek USB Wireless LAN Driver (HKLM-x32\...\InstallShield_{DBCC4C27-F949-482b-B786-7B3B67587CD2}) (Version: Drv_3.00.0018 - REALTEK Semiconductor Corp.)
Realtek USB Wireless LAN Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: UI_1.00.0287 - REALTEK Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
Revo Uninstaller 2.1.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.1 - VS Revo Group, Ltd.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.57.785 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.3.2 - Rockstar Games)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.83 (HKLM-x32\...\Skype_is1) (Version: 8.83 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
TP-Link Archer T2U Driver (HKLM-x32\...\{95EF5DBB-C2DA-48AF-93B4-533333227486}) (Version: 1.0.0 - TP-Link)
Twitch (HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Twitch Studio (HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372B0}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 103.2 - Ubisoft)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.00 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.1 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
ZeroTier One (HKLM-x32\...\{80CEE5C9-4DF0-43F5-B232-484D6455978E}) (Version: 1.4.6 - ZeroTier, Inc.) Hidden
ZeroTier One (HKLM-x32\...\ZeroTier One 1.4.6) (Version: 1.4.6 - ZeroTier, Inc.)
ZeroTier One Virtual Network Port (HKLM\...\{4AFE4740-C680-40FE-B6B0-0C15EB0176F1}) (Version: 1.0.0 - ZeroTier) Hidden
Zoom (HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\ZoomUMX) (Version: 5.9.6 (3799) - Zoom Video Communications, Inc.)
Packages:
=========
Any DVD -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.2.6.0_x64__y5c4dfz5b21fm [2021-11-29] (Any DVD & Office App)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-15] (Autodesk Inc.)
Duolingo - Learn Languages for Free -> C:\Program Files\WindowsApps\D5EA27B7.Duolingo-LearnLanguagesforFree_2017.112.1.0_x64__yx6k7tf7xvsea [2022-02-03] (Duolingo Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-29] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa [2021-12-21] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-07] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-18] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-02] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-02] (Adobe Systems Incorporated)
Ring - Always Home -> C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm [2021-10-08] (Ring.com)
Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.111.459.2_x64__8wekyb3d8bbwe [2022-06-24] (ms-resource:PublisherDisplayName)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-10] (Twitter Inc.)
Xbox Insider Hub -> C:\Program Files\WindowsApps\Microsoft.FlightDashboard_477.2102.26001.0_x64__8wekyb3d8bbwe [2021-03-03] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1050297925-20334412-4027152003-1003_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-1050297925-20334412-4027152003-1003_Classes\CLSID\{30282DFC-EFD6-4D64-9A72-6C7E79B92FB5} -> [iCloud Drive] => C:\Users\GERTY\iCloudDrive [2021-12-21 16:49]
CustomCLSID: HKU\S-1-5-21-1050297925-20334412-4027152003-1003_Classes\CLSID\{D53F2B23-E37B-460D-82C7-5CDAA0A3BD66} -> [iCloud Photos] => C:\Users\GERTY\iCloudPhotos\Photos [2021-12-21 16:49]
CustomCLSID: HKU\S-1-5-21-1050297925-20334412-4027152003-1003_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1050297925-20334412-4027152003-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\GERTY\Dropbox [2022-01-04 10:07]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-10-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-10-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-19] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_19c79fb6254e3b11\nvshext.dll [2021-09-15] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-19] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} => C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28] (Sysprogs OU) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-10-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-10-24] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\GERTY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
==================== Loaded Modules (Whitelisted) =============
2021-03-11 18:54 - 2020-10-25 03:07 - 000961536 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Elite Gamer\CefSharp.BrowserSubprocess.Core.dll
2021-03-11 18:54 - 2020-10-25 03:07 - 001441792 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Elite Gamer\CefSharp.Core.dll
2018-03-27 19:42 - 2018-03-27 19:42 - 000151040 _____ () [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairAudioDevice.dll
2017-10-02 08:54 - 2017-10-02 08:54 - 000013312 _____ () [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\libEGL.DLL
2017-10-02 08:54 - 2017-10-02 08:54 - 001950720 _____ () [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\libGLESv2.dll
2018-03-27 19:11 - 2018-03-27 19:11 - 000044544 _____ () [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\MacroRecording.dll
2018-03-27 19:18 - 2018-03-27 19:18 - 000197120 _____ () [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2018-03-27 19:11 - 2018-03-27 19:11 - 000097280 _____ () [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\zlib.dll
2021-03-11 18:55 - 2020-10-23 21:14 - 112890368 _____ () [File not signed] C:\Program Files (x86)\Elite Gamer\libcef.dll
2021-03-11 18:55 - 2020-10-23 19:41 - 000317440 _____ () [File not signed] C:\Program Files (x86)\Elite Gamer\libegl.dll
2021-03-11 18:55 - 2020-10-23 19:41 - 006949888 _____ () [File not signed] C:\Program Files (x86)\Elite Gamer\libglesv2.dll
2022-05-02 08:22 - 2022-05-02 08:22 - 005998080 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module_win32.dll
2014-04-17 09:54 - 2014-04-17 09:54 - 000126976 _____ () [File not signed] C:\Program Files (x86)\NETGEAR\A7000\EnumDevLib.dll
2018-08-28 18:28 - 2022-03-03 19:23 - 126965248 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-28 18:28 - 2021-11-17 04:38 - 000384000 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-08-28 18:28 - 2021-11-17 04:38 - 008006656 _____ () [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000540160 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\bctoolbox.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 003492352 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\bellesip.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000231936 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\belr.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000074240 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\bzrtp.dll
2019-12-07 02:53 - 2019-12-07 02:53 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\e_sqlite3.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 001842688 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\linphone.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000729088 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\mediastreamer.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000129536 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\ortp.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000133632 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\speex.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000102912 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\speexdsp.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000625152 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\sqlite3.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000068608 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\srtp2.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000861184 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\xml2.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 000077312 _____ () [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\zlib.dll
2021-10-08 13:35 - 2021-10-08 13:35 - 025764864 _____ (Bot Home Automation, Inc) [File not signed] C:\Program Files\WindowsApps\C9B3B423.RingDoorbell_2.5.12.0_x64__8wfdcxeq7xacm\Ring.dll
2017-08-07 17:35 - 2010-09-09 14:36 - 000319488 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2017-02-10 13:40 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2017-02-13 20:01 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMXLMAL.DLL
2020-04-09 17:39 - 2020-04-09 17:39 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-09 17:39 - 2020-04-09 17:39 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2022-05-05 17:44 - 2022-05-05 17:44 - 001582592 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2021-05-21 14:04 - 2021-05-21 14:04 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2022-05-05 17:44 - 2022-05-05 17:44 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2017-02-11 17:28 - 2015-09-28 11:08 - 000255488 _____ (Sysprogs OU) [File not signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
2021-03-11 18:54 - 2020-10-23 19:40 - 000824320 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Elite Gamer\chrome_elf.dll
2018-08-28 18:28 - 2022-03-03 19:23 - 000983552 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2014-04-17 09:54 - 2014-04-17 09:54 - 001122304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\NETGEAR\A7000\LIBEAY32.dll
2017-10-02 09:06 - 2017-10-02 09:06 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qgif.dll
2017-10-02 11:10 - 2017-10-02 11:10 - 000033280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qicns.dll
2017-10-02 09:05 - 2017-10-02 09:05 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qico.dll
2017-10-02 09:06 - 2017-10-02 09:06 - 000243712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qjpeg.dll
2017-10-02 11:11 - 2017-10-02 11:11 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qsvg.dll
2017-10-02 11:10 - 2017-10-02 11:10 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qtga.dll
2017-10-02 11:10 - 2017-10-02 11:10 - 000271872 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qtiff.dll
2017-10-02 11:10 - 2017-10-02 11:10 - 000019968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qwbmp.dll
2017-10-02 11:10 - 2017-10-02 11:10 - 000401408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\imageformats\qwebp.dll
2017-10-02 09:07 - 2017-10-02 09:07 - 001094656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\platforms\qwindows.dll
2018-03-27 19:42 - 2018-03-27 19:42 - 004770816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Core.dll
2017-10-02 08:59 - 2017-10-02 08:59 - 004963840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Gui.dll
2017-10-02 12:14 - 2017-10-02 12:14 - 000576512 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Multimedia.dll
2017-10-02 08:59 - 2017-10-02 08:59 - 000952832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Network.dll
2017-10-02 11:28 - 2017-10-02 11:28 - 002629632 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Qml.dll
2017-10-02 11:33 - 2017-10-02 11:33 - 002846720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Quick.dll
2017-10-02 11:11 - 2017-10-02 11:11 - 000265728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Svg.dll
2017-10-02 09:04 - 2017-10-02 09:04 - 004456448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Widgets.dll
2017-10-02 12:38 - 2017-10-02 12:38 - 000234496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5WinExtras.dll
2017-10-02 08:55 - 2017-10-02 08:55 - 000150528 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\Qt5Xml.dll
2017-10-02 12:12 - 2017-10-02 12:12 - 000041472 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2017-10-02 12:12 - 2017-10-02 12:12 - 000015872 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2017-10-02 11:36 - 2017-10-02 11:36 - 000015872 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\QtQuick.2\qtquick2plugin.dll
2017-10-02 12:34 - 2017-10-02 12:34 - 000257536 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-10-02 11:37 - 2017-10-02 11:37 - 000071680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\QtQuick\Layouts\qquicklayoutsplugin.dll
2017-10-02 11:37 - 2017-10-02 11:37 - 000015872 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Corsair\Corsair Utility Engine\QtQuick\Window.2\windowplugin.dll
2014-04-17 09:54 - 2014-04-17 09:54 - 000143360 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\NETGEAR\A7000\IpLib.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\GERTY\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [5632]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-06-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 00:24 - 2022-06-16 15:01 - 000003384 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
2021-10-22 14:06 - 2022-04-27 12:30 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\GERTY\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1050297925-20334412-4027152003-1003\...\StartupApproved\Run: => "GogGalaxy"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{A9B503D4-7538-4650-BCC2-765E32679DD8}E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [TCP Query User{CB8DB01F-9EC9-400E-968D-7C923062C997}E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{0EC04212-358F-4C8A-8BFB-73B29EF1998F}E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe] => (Allow) E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe () [File not signed]
FirewallRules: [TCP Query User{AB2F2343-CF3E-47BD-B331-E37591469E06}E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe] => (Allow) E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe () [File not signed]
FirewallRules: [UDP Query User{87BB3D65-5672-41AD-8C1A-A38A861CD00C}E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{CDAE0B56-0E7E-4C5E-B5C0-C8BF7A3C5B86}E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{A9EF383D-170E-498C-AB51-25144C1BD38F}] => (Allow) any => No File
FirewallRules: [{DF0197D0-77D3-44AF-9728-DC5123F86BE0}] => (Allow) any => No File
FirewallRules: [{BC487E40-AC15-4EA1-969D-D13EFC902593}] => (Allow) C:\Program Files (x86)\Elite Gamer\gpnc\gpnc.exe (WTFast -> )
FirewallRules: [UDP Query User{DC5F0DA4-6BA5-4BE8-912B-DBC80338CFD3}C:\program files\drawpile\drawpile.exe] => (Allow) C:\program files\drawpile\drawpile.exe () [File not signed]
FirewallRules: [TCP Query User{01B98EDE-E678-4D18-B9C4-A73DFFDF7CCE}C:\program files\drawpile\drawpile.exe] => (Allow) C:\program files\drawpile\drawpile.exe () [File not signed]
FirewallRules: [{EA06B3EE-206B-414C-AD5D-5A9DBA4C8C5A}] => (Allow) E:\Steam Games\steamapps\common\Our Life Beginnings And Always\OurLife.exe () [File not signed]
FirewallRules: [{9CED3F84-CBB5-4D68-87E6-EC5E0C7EA104}] => (Allow) E:\Steam Games\steamapps\common\Our Life Beginnings And Always\OurLife.exe () [File not signed]
FirewallRules: [UDP Query User{6C608232-17CC-432C-9EC8-1056DE8EB710}E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{709D3CA6-FF8C-4396-B45D-57FDDE559ADE}E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\steam games\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{FFC8653F-8A60-4B7C-AC52-BC0744EC7765}C:\users\gerty\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\gerty\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [TCP Query User{302D36C5-F795-43E4-A0A8-FBD93FE2F4F7}C:\users\gerty\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\gerty\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [{CD4F97C1-C990-4021-AF68-5AD1BF38C3BA}] => (Allow) E:\Steam Games\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{25585AC5-C60E-4BF4-97D2-6BC2EAF6620E}] => (Allow) E:\Steam Games\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{6D405D97-7691-4FCE-AA2B-85C4896E5A17}] => (Allow) E:\Steam Games\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{DD728E4F-054D-4FC8-84DB-896F3D10EDFB}] => (Allow) E:\Steam Games\steamapps\common\Phasmophobia\Phasmophobia.exe () [File not signed]
FirewallRules: [{3DC3F819-C6D6-4634-9680-04D693695E53}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{9C5676CA-9C96-4FE6-974B-E839012EA4C7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{70C91BF1-D9F3-416C-AA2F-0840DA1D64A5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{85C13FB4-5210-4B5D-92AC-DF9BCC9EE5F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{E04897E8-AE83-41D8-AC45-59B07F216BF6}] => (Allow) E:\Steam Games\steamapps\common\Assassin's Creed 3\AC3MP.exe () [File not signed]
FirewallRules: [{30DD9A03-BAB9-4A92-B008-60D72F33C0F4}] => (Allow) E:\Steam Games\steamapps\common\Assassin's Creed 3\AC3MP.exe () [File not signed]
FirewallRules: [{619CA6F0-B2AD-4DB1-BE6A-2BFB9120B17D}] => (Allow) E:\Steam Games\steamapps\common\Assassin's Creed 3\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [{B0D6E657-7D83-48A7-8A05-6BA3FC8FA07B}] => (Allow) E:\Steam Games\steamapps\common\Assassin's Creed 3\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [UDP Query User{CCFAA39A-648B-4B8D-A5EE-701131093D5F}E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [TCP Query User{10E70563-06FC-44EC-A7B9-FF91CD05A523}E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) E:\steam games\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [{D92596CF-44BA-4DB4-B8E6-622034A295EE}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{34398E84-F034-475E-8203-B7820C8EA2DF}] => (Allow) LPort=9993
FirewallRules: [{70CE0CB9-A03B-4208-982B-C5B260D496E4}] => (Allow) LPort=9993
FirewallRules: [{46F207C4-BC5F-48F9-A319-5420FB4DA158}] => (Allow) E:\Steam Games\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{D5BA39EF-E6BC-444E-91A8-406DF3DF0AA8}] => (Allow) E:\Steam Games\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{F64EEA6C-05F0-45C7-921E-9F3553592EBA}] => (Allow) E:\Steam Games\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [{09F1EA84-D914-47EF-84DD-FD186BD116AC}] => (Allow) E:\Steam Games\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [UDP Query User{45765127-BC93-496B-86F5-FA2505E282C2}E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{562C2E7F-0E29-47B0-9375-45D97C4A44C9}E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7CC0C86E-003F-49C4-9B48-1296C7FD9FB2}E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe] => (Allow) E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe () [File not signed]
FirewallRules: [TCP Query User{00C2B617-9E11-493B-AF50-87DDAF72C7A1}E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe] => (Allow) E:\ghost recon breakpoint\epic games\theescapists2\theescapists2.exe () [File not signed]
FirewallRules: [UDP Query User{BF25D04B-3C68-4A9B-9968-17AE1535ABB8}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{AFFB4DF3-0C7D-418D-A66E-EFDCD99C6C9A}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{C5EE8CD6-ADBA-434E-998D-2E8148018748}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe (Rosetta Stone, Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{D0614AAB-ED60-4969-8DE9-5AE2B683681A}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe (Rosetta Stone, Ltd -> Rosetta Stone Ltd.)
FirewallRules: [{3DB847DF-6A33-4930-AF1D-BAD1ED596C5C}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe (Multidmedia Limited) [File not signed]
FirewallRules: [{CD3D541D-CBBE-4591-B825-E4F9E12BB4C9}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe (Multidmedia Limited) [File not signed]
FirewallRules: [{4DE8E973-DA2E-4F98-B320-CE83FEFD0158}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{0431C31E-319F-4FC7-8458-2B5B4536C49A}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{FD26703F-2C9D-42AA-BD31-8C6D5B08D98D}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{CC5830BE-7D33-44A5-B3F6-F7075B940940}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{8D6EF81F-2808-4260-97F2-93E4A6248758}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{FA82C2E6-C48D-4370-B4BF-767B6CF5CD54}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{F8565B69-7979-457B-A325-E026D57A24BE}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{C0DAE235-4624-4AD2-ACC8-8766EDD7E2C6}] => (Allow) LPort=53
FirewallRules: [{A65C35E5-8223-4384-9977-03140C806616}] => (Allow) LPort=1542
FirewallRules: [{D76A4A15-9384-4BFD-A91D-F43A5403FB9A}] => (Allow) LPort=1542
FirewallRules: [{A99C2346-D66D-417E-8A20-FE7997A361EC}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
FirewallRules: [{DD4DFBC9-B891-4A21-9E3B-3ED9E3BF367F}] => (Allow) LPort=53
FirewallRules: [{4795DAE0-1C7E-4C4A-BD16-8475BBC5D204}] => (Allow) LPort=53
FirewallRules: [UDP Query User{FD9A5B44-8656-4EE8-8078-7DB9D1DE934C}C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe] => (Allow) C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe => No File
FirewallRules: [TCP Query User{5E2DD937-3EEB-4394-9EDC-76A73E40BC9F}C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe] => (Allow) C:\program files (x86)\tale of tales\the endless forest 3\forestviewer.exe => No File
FirewallRules: [{3CDA542A-9E6A-4EA9-9432-D7325EF2F11E}] => (Allow) E:\Ghost Recon Breakpoint\Epic Games\BreakpointDemo\GRB_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{11C9AAE7-22E2-481A-9A0C-3C4BC702E77E}] => (Allow) E:\Ghost Recon Breakpoint\Epic Games\BreakpointDemo\GRB_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{1367E74A-A420-46F9-AFC1-CBBC44E3CFBE}] => (Allow) C:\Users\GERTY\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F7D33F73-0E10-41DD-89FE-29E12F73F757}] => (Allow) C:\Users\GERTY\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{31456AE8-48AB-456F-9BBB-686DB6878F39}] => (Allow) E:\Steam Games\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{AF50636A-121D-4D52-84DA-0EA87C237629}] => (Allow) E:\Steam Games\steamapps\common\Destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [UDP Query User{1810BCFF-DA29-41F7-AF91-93B655C714BD}E:\overwatch\overwatch test\_ptr_\overwatch.exe] => (Allow) E:\overwatch\overwatch test\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8121CE03-D4AE-4B28-A8F4-E5107E46140B}E:\overwatch\overwatch test\_ptr_\overwatch.exe] => (Allow) E:\overwatch\overwatch test\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{33E26C7C-1AF8-4668-99FC-4FB0B75D170F}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{87745352-45D5-45A9-8E80-51FC6360F735}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{22BFA261-A11B-4F35-8F5A-7E124E39DD2E}E:\overwatch\overwatch\_retail_\overwatch.exe] => (Allow) E:\overwatch\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{46BFBA74-C0E1-4F1E-B1DF-08D740379035}E:\overwatch\overwatch\_retail_\overwatch.exe] => (Allow) E:\overwatch\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{96143B86-B94D-48B2-9D70-83CF42BC2DB2}] => (Allow) E:\Steam Games\steamapps\common\Mysterium\Mysterium.exe () [File not signed]
FirewallRules: [{7C587257-D034-4204-9806-13F8631DC8EB}] => (Allow) E:\Steam Games\steamapps\common\Mysterium\Mysterium.exe () [File not signed]
FirewallRules: [{D9007579-FB3C-4C19-A7DA-CDB2A2EDE2C0}] => (Allow) E:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{338100E5-C1D1-48A2-AEBE-67D86F4306B6}] => (Allow) E:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [UDP Query User{20C6E52F-D026-4C23-B100-B2A927F60653}E:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) E:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [TCP Query User{CB6B5500-36E3-4BBE-BD81-80C3E86B0849}E:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) E:\program files (x86)\origin games\apex\r5apex.exe (Electronic Arts, Inc. -> Respawn Entertainment)
FirewallRules: [{006EDB72-4643-4D3B-BE51-F20E9E992224}] => (Allow) E:\Steam Games\steamapps\common\ATLAS\ShooterGame\Binaries\Win64\AtlasGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{3DF99DB6-016E-49F2-94C9-3B6481821B67}] => (Allow) E:\Steam Games\steamapps\common\ATLAS\ShooterGame\Binaries\Win64\AtlasGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{791AFFED-CD23-431B-8687-0BA50E186CCE}] => (Allow) E:\Steam Games\steamapps\common\ATLAS\ShooterGame\Binaries\Win64\AtlasGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{D61A5871-7DFB-4EB4-80A1-3AFB2C7C5300}] => (Allow) E:\Steam Games\steamapps\common\ATLAS\ShooterGame\Binaries\Win64\AtlasGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [UDP Query User{4330C004-6AB7-408A-9F32-8A135D1EA0BE}E:\fallout76.exe] => (Allow) E:\fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [TCP Query User{0B13AE7A-09CA-408C-B8FB-1914272262B4}E:\fallout76.exe] => (Allow) E:\fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [UDP Query User{78769D88-600D-4673-B31E-577038C4272C}E:\fallout 76\fallout76.exe] => (Allow) E:\fallout 76\fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [TCP Query User{BC89A233-9424-4360-8A38-B47029B52182}E:\fallout 76\fallout76.exe] => (Allow) E:\fallout 76\fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{673D3F3F-CC58-4ADC-89B7-618871FEAA33}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A7DFFDD0-DA99-47F7-AFBF-CE40616CE33B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{2DCF31CA-E675-4B4F-8BBA-B8A11AFAEE62}E:\overwatch\call of duty black ops 4\blackops4.exe] => (Allow) E:\overwatch\call of duty black ops 4\blackops4.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [TCP Query User{80F544F5-50E1-4F78-BB94-96F0C015CF5F}E:\overwatch\call of duty black ops 4\blackops4.exe] => (Allow) E:\overwatch\call of duty black ops 4\blackops4.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [UDP Query User{1E662723-C01D-4461-895B-170886C9520A}E:\steam games\steam cmd\steamcmd.exe] => (Allow) E:\steam games\steam cmd\steamcmd.exe => No File
FirewallRules: [TCP Query User{6CD252C5-DC8B-4DB6-A8E6-8EE30103773D}E:\steam games\steam cmd\steamcmd.exe] => (Allow) E:\steam games\steam cmd\steamcmd.exe => No File
FirewallRules: [{B9F4BF9E-33B6-4A22-AA26-46CAB7B42759}] => (Allow) E:\Steam Games\steamapps\common\Life is Feudal Your Own Dedicated Server\ddctd_cm_yo_server.exe (Bitbox Ltd.) [File not signed]
FirewallRules: [{17480B78-0502-4F29-A1AC-86820DE728BF}] => (Allow) E:\Steam Games\steamapps\common\Life is Feudal Your Own Dedicated Server\ddctd_cm_yo_server.exe (Bitbox Ltd.) [File not signed]
FirewallRules: [UDP Query User{A052084F-EB4F-435A-892F-ACAC0CEE3944}E:\steam games\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => (Allow) E:\steam games\steamapps\common\life is feudal your own\server\cm_yo_server.exe => No File
FirewallRules: [TCP Query User{460159AD-16CB-44FC-AF90-BD19E6BBDCF9}E:\steam games\steamapps\common\life is feudal your own\server\cm_yo_server.exe] => (Allow) E:\steam games\steamapps\common\life is feudal your own\server\cm_yo_server.exe => No File
FirewallRules: [{E8659CAC-17DD-4219-8E52-BE29A2498E27}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{14825586-4E25-4A6D-9DE5-CA563F22520A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{88A3AE44-AC63-4EBD-B12A-C241CFB8CB34}] => (Allow) E:\Steam Games\steamapps\common\Monster Prom\MonsterProm.exe () [File not signed]
FirewallRules: [{C56CBAD6-C5B0-49F0-B854-CC75DB1C37EA}] => (Allow) E:\Steam Games\steamapps\common\Monster Prom\MonsterProm.exe () [File not signed]
FirewallRules: [UDP Query User{122F5D86-76E1-415C-8026-8604F16C4B96}E:\overwatch\overwatch test\overwatch.exe] => (Allow) E:\overwatch\overwatch test\overwatch.exe => No File
FirewallRules: [TCP Query User{6B9B9BA2-5EF8-4E18-B11F-68592B23C657}E:\overwatch\overwatch test\overwatch.exe] => (Allow) E:\overwatch\overwatch test\overwatch.exe => No File
FirewallRules: [UDP Query User{B841B5D7-BEAD-4040-A7C9-11547FA09C9D}E:\overwatch\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch\overwatch.exe => No File
FirewallRules: [TCP Query User{BCD049EC-92A7-4CF2-9AE2-C017325CD551}E:\overwatch\overwatch\overwatch.exe] => (Allow) E:\overwatch\overwatch\overwatch.exe => No File
FirewallRules: [{014CB464-5EB1-4737-B6BB-4F4D9C42FCA1}] => (Allow) E:\Steam Games\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe => No File
FirewallRules: [{7CD9F055-514D-45AB-A457-52BC1D434109}] => (Allow) E:\Steam Games\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe => No File
FirewallRules: [UDP Query User{77715599-4F1C-4044-A9DF-4A708F902F45}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{459C16E4-14A2-4C1C-A660-04D4E23D18ED}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{B39B154C-FC97-435F-821A-A37780A72BCF}E:\destiny 2\destiny2.exe] => (Allow) E:\destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [TCP Query User{FA76D0CF-075A-4363-9514-F963CC95BFA2}E:\destiny 2\destiny2.exe] => (Allow) E:\destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [{18EB99B6-5F2A-463F-8E67-3CC45BB23357}] => (Allow) E:\Steam Games\steamapps\common\Arcanum\SierraLauncher.exe (Vivendi Universal Games) [File not signed]
FirewallRules: [{8E8368D8-D6DE-4573-9B09-48C27E5340B4}] => (Allow) E:\Steam Games\steamapps\common\Arcanum\SierraLauncher.exe (Vivendi Universal Games) [File not signed]
FirewallRules: [UDP Query User{B4DEFC11-07FF-4286-BBBC-6DF3B51453D0}C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{550D2328-1087-4E3C-8ADF-3353BDA95A85}C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{3054267E-1868-4A8E-AFFA-CCF59B3AA887}E:\steam games\steamapps\common\citadel\citadel\binaries\win64\citadel-win64-shipping.exe] => (Allow) E:\steam games\steamapps\common\citadel\citadel\binaries\win64\citadel-win64-shipping.exe => No File
FirewallRules: [TCP Query User{E4138FCC-D26F-419F-805C-F95FDF44D4D3}E:\steam games\steamapps\common\citadel\citadel\binaries\win64\citadel-win64-shipping.exe] => (Allow) E:\steam games\steamapps\common\citadel\citadel\binaries\win64\citadel-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FD575C1E-A517-497C-B1C5-C44093DB2D0D}E:\steam games\gta5.exe] => (Allow) E:\steam games\gta5.exe => No File
FirewallRules: [TCP Query User{E2CAF1C6-E563-4CA4-9FDF-57405C63A274}E:\steam games\gta5.exe] => (Allow) E:\steam games\gta5.exe => No File
FirewallRules: [UDP Query User{AD5C3D7B-4399-4BE4-9B00-BB52EC420DA2}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe => No File
FirewallRules: [TCP Query User{3BF0FC19-DA0A-422A-ABFA-DB544511BA85}C:\program files (x86)\overwatch test\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\overwatch.exe => No File
FirewallRules: [UDP Query User{FF972BC0-481B-482C-B1CB-50DE1FDE35B4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{6640E70A-CC8D-41A8-847D-DA2A75047227}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{60505648-B81D-405B-9E47-7E6BC6300075}C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{DE994DA7-B12D-476A-BEB8-316A639DA32D}C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe => No File
FirewallRules: [{334E2213-3979-41BE-90E6-8CB75DE19761}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F78EA14F-D057-4384-8558-9F3CA4864AD5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AB206EE5-8119-4FF9-AF2A-01F4EA6B100A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{ECBF4CA8-C696-4E90-8377-CEC2FB6058AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [UDP Query User{7255ACEF-C51F-4586-85A0-66D036251B33}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{982DB5B5-FD21-47D9-A725-4C5CAA062637}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe => No File
FirewallRules: [{315938F6-3811-4AB2-9DA6-15B9B9785D33}] => (Allow) E:\Steam Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{445FA8A9-914B-4311-AFDB-6B76D1770019}] => (Allow) E:\Steam Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{5EDEE191-FA0F-43F9-B621-887D925B847F}] => (Allow) E:\Steam Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{915700E6-1931-4A0F-84B3-C08D86C83746}] => (Allow) E:\Steam Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [UDP Query User{2578CF56-C835-421A-880B-EB5F3C1168B3}C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{86F5727C-AD3D-4A85-87EB-D38462137689}C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe => No File
FirewallRules: [{12ACC185-64A2-4EE4-A14D-72EC713F42AF}] => (Allow) E:\Steam Games\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{277D23B9-C3FA-4CF8-8CB1-690F3F665DA6}] => (Allow) E:\Steam Games\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{37963AA7-D45E-4B6F-A098-9C0EAFACC6E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [{FCB05930-01A7-4EF2-AE30-BBDD9068B53A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe => No File
FirewallRules: [UDP Query User{327E06AB-31F0-4CB2-95B9-BE38E414CEFD}C:\program files (x86)\drawpile\drawpile.exe] => (Allow) C:\program files (x86)\drawpile\drawpile.exe => No File
FirewallRules: [TCP Query User{957AC16B-FD18-454D-9D1B-CEA463C0C964}C:\program files (x86)\drawpile\drawpile.exe] => (Allow) C:\program files (x86)\drawpile\drawpile.exe => No File
FirewallRules: [{A4B731D6-388C-4C5F-8E9A-1208ED77010B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{6598CC64-256B-4FD0-9F78-AD8BEBEE115A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{82E42F33-01C6-4099-952B-2E8C6629CD5C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{7AB98F54-E5B9-4EB2-999F-705C8C8BE053}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File
FirewallRules: [{B040755A-3A9C-400B-A204-EBBFCFF1E8AA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0F649131-63CC-407E-B86D-E3C04EDCA14E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4409DEC7-E938-473E-A0DE-1C0D1D880745}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe => No File
FirewallRules: [{0AB91D02-E2BA-4E32-A524-AFB1FFBF197B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B7883E63-6731-4016-9154-241074DF0CF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B0BA5B24-5D4E-4580-80C5-276E74CD29A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7EC202C2-63B5-4D6D-82BB-0572B1CD8E92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{58051E84-A0E4-4301-A073-D2E455CE18C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{FF603290-AC74-4CFA-B93F-C50F50A9BD40}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{DFA28548-8687-4C51-B757-A407D4A20A59}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe => No File
FirewallRules: [UDP Query User{161B836B-730F-44D1-8938-161EAF33437C}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe => No File
FirewallRules: [TCP Query User{AC7EC16F-A817-44EC-8250-FFA99564A74B}C:\program files (x86)\steam\steamapps\common\kholat\kholat\binaries\win64\kholat-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kholat\kholat\binaries\win64\kholat-win64-shipping.exe => No File
FirewallRules: [UDP Query User{93DC9C59-AF3D-440C-AB41-BFC45C0AF1EE}C:\program files (x86)\steam\steamapps\common\kholat\kholat\binaries\win64\kholat-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kholat\kholat\binaries\win64\kholat-win64-shipping.exe => No File
FirewallRules: [TCP Query User{01483AE3-21B7-432D-B3FA-44E1619CA6BE}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{13FD088B-436E-4F68-84A4-AB71CA72F90C}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe => No File
FirewallRules: [{7A934D11-4827-4ABF-8B58-077A414DD632}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{36AF852C-65C6-4A10-8CBE-8B8A50922448}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{22DA7D49-A1AD-48C4-98CB-56345CC51023}] => (Allow) E:\Steam Games\steamapps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe () [File not signed]
FirewallRules: [{84F29C88-8C3F-483D-814F-2F4685E0F813}] => (Allow) E:\Steam Games\steamapps\common\Zombie Army Trilogy\Launcher\ZATLauncher.exe () [File not signed]
FirewallRules: [TCP Query User{1E8B3A34-2038-4734-AA19-99D258D7DD2D}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{888D4C07-7376-4173-8903-06FEFF6DCA93}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe => No File
FirewallRules: [{01619E90-5328-4F85-ACFA-1D451D43F5EF}] => (Allow) C:\Users\GERTY\Downloads\bin\BlackDesert32.exe => No File
FirewallRules: [{00A96CAA-BA31-4FC3-B5B8-0782AF2B8454}] => (Allow) C:\Users\GERTY\Downloads\bin64\BlackDesert64.exe => No File
FirewallRules: [{C92F4746-0469-4C4B-B847-62C77A57A00B}] => (Allow) C:\Users\GERTY\Downloads\BlackDesert_Launcher.exe => No File
FirewallRules: [{FB415F8F-C06B-43DB-98E3-98FB76C04E03}] => (Allow) C:\Users\GERTY\Downloads\BlackDesert_Downloader.exe => No File
FirewallRules: [{4B1E5A1F-7553-4BC1-B299-8B54BE97D5E7}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{E9DB65C9-70E6-4120-84AC-2BDFCB5418F3}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{F0BC452D-1525-4D45-A2EE-8408B5ABB6FA}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{1F07D3EF-E3F4-44EF-B068-76A2AC0CD836}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{A8E96C6C-AB6C-40BD-8437-343B84D73ACD}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{0D889D9A-959C-4EF3-A692-15132AD935FA}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{4D7C8B3E-41ED-4B88-A69C-444C50CFF4A6}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{52D763FF-633A-4550-A4FA-A1B7205155FF}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{B517C879-ED21-4AE9-A767-21C6F2D0DEF5}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.exe => No File
FirewallRules: [{7DF99736-53E5-4495-B805-9D31A3E0B2C9}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Warframe.x64.exe => No File
FirewallRules: [{598A3709-CADE-4476-B178-8DC724FE71A5}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Tools\Launcher.exe => No File
FirewallRules: [{6C0240C3-899B-45A2-8644-1983E6158ACB}] => (Allow) E:\Steam Games\steamapps\common\Warframe\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{2776A20C-35E5-44CD-A600-BCC4980926B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{E8916EB5-D53C-4BA2-A84E-3380E095D3FA}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{9268A5BE-5B71-47E2-A2E2-9C1CAA0E5FFF}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{21089A85-483A-42AC-B42E-76B14E56A0FB}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{796838C5-6ED1-42FC-ADEA-3D4238F6D684}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{80E5D400-E556-43AA-A626-9E63744EB57A}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{FFA552A4-269D-477C-8F80-696DE6E2EF47}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{DE668766-11AA-4A8A-8C37-09B56F380723}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{97AF1194-E1E9-44A1-AFD3-2CCA4CA539C1}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{A59DAA1A-CABE-48CF-A644-AA156E353D19}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{B275ED5F-1344-48FE-959A-51F3C375E8BA}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{1D1647D0-BB74-48AA-94E4-B481B43F0C08}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{C3FE855A-E167-463F-9509-AA935118A5C9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [{542FB86D-9F85-46A3-8D6F-0F76FF3FC225}] => (Allow) E:\Steam Games\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{C0716729-0B3F-42C0-998C-09E00EC57906}] => (Allow) E:\Steam Games\steamapps\common\dont_starve\bin\dontstarve_steam.exe => No File
FirewallRules: [{3AB0B598-1D27-4FBB-9639-3BE4B4998D8F}] => (Allow) E:\Steam Games\steamapps\common\Disco Elysium\disco.exe () [File not signed]
FirewallRules: [{5E60BB65-26E0-4DE5-BF61-F4B15FDF61FA}] => (Allow) E:\Steam Games\steamapps\common\Disco Elysium\disco.exe () [File not signed]
FirewallRules: [{6C8365D6-AA1D-4491-9697-A476DE781535}] => (Allow) E:\Steam Games\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{CFEA03D2-8363-4761-B407-256688CD4987}] => (Allow) E:\Steam Games\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{724E222B-0C6F-4E68-83AC-31B3E2EDD0F9}E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{43FCBC2E-5AE3-4760-9BA7-17A2C067B84F}E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) E:\steam games\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{18E64B47-FAD7-41C5-89CB-FD7A3997D1B2}] => (Allow) E:\Steam Games\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [{0C248347-6D07-4F55-853B-42F1A0965091}] => (Allow) E:\Steam Games\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed]
FirewallRules: [TCP Query User{90FC8DA4-168C-4EB0-B98A-2995EAEB940E}E:\overwatch\overwatch\_retail_\overwatch.exe] => (Allow) E:\overwatch\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{6DD34024-F22F-40D9-818F-FBE2E5E6D578}E:\overwatch\overwatch\_retail_\overwatch.exe] => (Allow) E:\overwatch\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{F34AB431-8490-4EEA-BCF3-BF0F84E73542}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2020\ON1 Photo RAW 2020.exe => No File
FirewallRules: [{1FABDBFE-8F15-46D7-85EA-12B75A0F867E}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2020\ON1 Photo RAW 2020.exe => No File
FirewallRules: [{81749E8E-15FC-47FB-BB6D-1BF82535BBA8}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2020\on1capture.exe => No File
FirewallRules: [{D87A5FFE-96F7-4B21-9C6F-76D7366C0194}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2020\on1capture.exe => No File
FirewallRules: [{575D285E-9F6C-49BE-A3DE-4B00A40A5E39}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2020\on1sandbox.exe => No File
FirewallRules: [{B9848DA7-5D87-4D12-892D-7D211CE5FB4C}] => (Allow) C:\Program Files\ON1\ON1 Photo RAW 2020\on1sandbox.exe => No File
FirewallRules: [TCP Query User{B1F84444-DE3B-4041-A7F0-CAE1D0CC3CEC}C:\program files\onone software\perfect resize 7.5\perfect resize 7.5.exe] => (Allow) C:\program files\onone software\perfect resize 7.5\perfect resize 7.5.exe => No File
FirewallRules: [UDP Query User{176C111B-2D9F-49F5-87FD-9D949A16478C}C:\program files\onone software\perfect resize 7.5\perfect resize 7.5.exe] => (Allow) C:\program files\onone software\perfect resize 7.5\perfect resize 7.5.exe => No File
FirewallRules: [{1A38D33B-4D48-410C-9235-A7760D1E8F9A}] => (Allow) C:\Program Files (x86)\Elite Gamer\gpnc\gpnc.exe (WTFast -> )
FirewallRules: [{CB488928-0186-4E63-9630-224B97D8F5CC}] => (Allow) any => No File
FirewallRules: [{2CA328CB-63C8-4659-97E5-EB3D6BC2CC0B}] => (Allow) any => No File
FirewallRules: [{578F5F65-F8E6-415B-B169-430BF5EDFECB}] => (Allow) E:\Steam Games\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{7DE8DDD9-3042-41F3-B066-AFBDECDE72EF}] => (Allow) E:\Steam Games\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{15FA4A31-5C54-4006-BD7F-E8A38A044FC7}] => (Allow) C:\Program Files (x86)\Elite Gamer\gpnc\gpnc.exe (WTFast -> )
FirewallRules: [{C7A01E2F-CA09-45F9-B128-6D1ECB29C15E}] => (Allow) any => No File
FirewallRules: [{95FBF99A-8CB9-4076-98BB-6AF1BD6BE981}] => (Allow) any => No File
FirewallRules: [{F1D3B6A2-D38D-4DCA-94B3-65DB24FD39BA}] => (Allow) E:\Steam Games\steamapps\common\Dread Hunger\DreadHunger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{DD9B0D95-4FB8-442A-83EC-AF106900B031}] => (Allow) E:\Steam Games\steamapps\common\Dread Hunger\DreadHunger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [TCP Query User{B3A1F8EC-6857-47C3-8965-EA04B2273AC8}E:\steam games\steamapps\common\dread hunger\dreadhunger\binaries\win64\dreadhunger-win64-shipping.exe] => (Allow) E:\steam games\steamapps\common\dread hunger\dreadhunger\binaries\win64\dreadhunger-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{423A8134-0CB4-4BCB-8543-DC30AC7E7E48}E:\steam games\steamapps\common\dread hunger\dreadhunger\binaries\win64\dreadhunger-win64-shipping.exe] => (Allow) E:\steam games\steamapps\common\dread hunger\dreadhunger\binaries\win64\dreadhunger-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F760AE82-6DFC-4CFA-969C-014E945885FB}] => (Allow) E:\Steam Games\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{4992FE45-C3C1-4026-AA5B-6DFAA25D7212}] => (Allow) E:\Steam Games\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{E1F7FF75-5848-4078-8658-15870E2A1CEB}] => (Allow) C:\Program Files (x86)\Elite Gamer\gpnc\gpnc.exe (WTFast -> )
FirewallRules: [{DF84EA72-4987-4833-B9A3-1198D5A8E1F3}] => (Allow) any => No File
FirewallRules: [{3D36005E-007A-41D5-9F57-26182B630DAF}] => (Allow) any => No File
FirewallRules: [TCP Query User{A9BD9260-B401-4697-9188-B60274861F2B}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{5892A19E-F038-4CDD-89F5-858289096129}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{8C48FC6A-5A7B-43EE-97EF-40F810BB900C}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{5FFF1D67-4A3B-44D4-B9CC-1779B7785B9A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{EF07D4A0-D786-442B-9512-87FDF03716F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0DFB4079-CE15-4649-8BD0-9BA986C05BA8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5FB98D2A-B1E4-470D-BD32-94E3899EB2E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{58AF0B54-5A2E-474D-847B-D1CA8692B42F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C059A945-0D28-4A29-BD2D-5A736E308DA5}] => (Allow) E:\Steam Games\steamapps\common\We Were Here\We Were Here.exe () [File not signed]
FirewallRules: [{07349C46-51BA-4EF0-BBD0-23E74B94C9C4}] => (Allow) E:\Steam Games\steamapps\common\We Were Here\We Were Here.exe () [File not signed]
FirewallRules: [{DB6E41D4-A92E-4BA2-8BC8-FB87A6D184F2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{908DBF6F-E660-48BE-A6AC-2DDD6C5B30B4}] => (Allow) E:\Steam Games\steamapps\common\We Were Here Too\We Were Here Too.exe () [File not signed]
FirewallRules: [{ECCDB083-0D81-4DCB-AA7C-91B7230C94DB}] => (Allow) E:\Steam Games\steamapps\common\We Were Here Too\We Were Here Too.exe () [File not signed]
FirewallRules: [TCP Query User{D0DAA01C-D783-476F-9D94-504A421B6C60}E:\steam games\steamapps\common\new world\bin64\newworld.exe] => (Allow) E:\steam games\steamapps\common\new world\bin64\newworld.exe => No File
FirewallRules: [UDP Query User{A32B0271-310F-4587-95EB-6E0A90A040A9}E:\steam games\steamapps\common\new world\bin64\newworld.exe] => (Allow) E:\steam games\steamapps\common\new world\bin64\newworld.exe => No File
FirewallRules: [{31CAE619-C16E-46B4-97F8-7116797A64B9}] => (Allow) E:\Steam Games\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{26431DB3-C022-4A76-815F-CB189CFEEDF7}] => (Allow) E:\Steam Games\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{4009A9A8-D579-4D29-B271-217A1A27B1D9}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{935186F5-A780-4AE6-A8E1-9957A7CE6E71}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{F619E9C5-F3DE-4A91-83C8-EE12BB5C6944}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{C8506215-C06B-4D94-A6CE-0ACD26660AC0}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{33D05257-4093-45A0-ADC3-5BF4DD314544}] => (Allow) E:\Steam Games\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{0225413F-9C1B-4802-B0F8-D62EC176FD38}] => (Allow) E:\Steam Games\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{5BC39FD5-CAC9-4D46-B2ED-DB10386653C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE0E10DD-C92A-4D9D-A763-BDF933122694}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{483E2845-D326-4D6D-8E4B-1746778ED78D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00FA83FD-26F9-49CD-98CB-EC0D170D97CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{FA66EF3C-3309-4AB5-8E4D-29F696A5AF29}E:\ghost recon breakpoint\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) E:\ghost recon breakpoint\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{529A6750-5330-4432-83D2-0951854F7AE6}E:\ghost recon breakpoint\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) E:\ghost recon breakpoint\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{02EA2BC3-6E2A-4355-A3E6-BE9AB052BCE6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{567DF426-0932-4BE0-B77D-756C7D64F7AB}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{59B739FD-EBAC-4B1E-B35C-87FB11D27D97}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{F0FB0894-64C1-48B6-B20A-0CAB1E3F7EE5}] => (Allow) C:\ProgramData\ZeroTier\One\zerotier-one_x64.exe (ZeroTier, Inc. -> )
FirewallRules: [{E81CC313-8413-4201-8FB9-3E271582C66D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\102.0.1245.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B551164-7133-4F6D-8982-24BDFBCD5AF6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0B6A4F19-2527-4146-A988-D4C48010F6E7}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Restore Points =========================
07-06-2022 18:22:46 Scheduled Checkpoint
16-06-2022 08:10:23 Windows Modules Installer
23-06-2022 10:26:37 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: ========================
Application errors:
==================
Error: (06/24/2022 07:27:31 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {00000000-0000-0000-0000-000000000000}. The error code was 0x80010114.
Error: (06/24/2022 07:27:31 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {00EB5084-0A00-7639-0000-000000000000}. The error code was 0x80010114.
Error: (06/24/2022 07:27:31 AM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {00EB5084-0A00-7639-0000-000000000000}. The error code was 0x80010114.
Error: (06/24/2022 07:19:49 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (06/24/2022 07:19:49 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (06/24/2022 07:18:47 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (06/24/2022 07:18:47 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
Error: (06/22/2022 12:25:42 PM) (Source: COM) (EventID: 10035) (User: )
Description: The COM standard marshaler was unable to fix a mismatch between the IID {618736E0-3C3D-11CF-810C-00AA00389B71} provided by the server and the IID {00020400-0000-0000-C000-000000000046} requested by the client, with handler CLSID {00000000-0000-0000-0000-000000000000}. The error code was 0x800401fd.
System errors:
=============
Error: (06/23/2022 12:15:28 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-33JOO9N)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (06/22/2022 03:29:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 5 time(s).
Error: (06/22/2022 03:27:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-33JOO9N)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (06/22/2022 03:27:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-33JOO9N)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (06/21/2022 09:56:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-33JOO9N)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.
Error: (06/21/2022 09:56:05 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-33JOO9N)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (06/20/2022 08:02:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-33JOO9N)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (06/20/2022 06:30:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly. It has done this 4 time(s).
Windows Defender:
================
Date: 2022-06-24 07:33:12
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...82&enterprise=0
Name: Ransom:MSIL/Gorf
Severity: Severe
Category: Ransomware
Path: file:_C:\Users\GERTY\Downloads\FRST.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.369.180.0, AS: 1.369.180.0, NIS: 1.369.180.0
Engine Version: AM: 1.1.19300.2, NIS: 1.1.19300.2
Date: 2022-06-24 07:32:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...82&enterprise=0
Name: Ransom:MSIL/Gorf
Severity: Severe
Category: Ransomware
Path: file:_C:\Users\GERTY\Downloads\FRST.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.369.180.0, AS: 1.369.180.0, NIS: 1.369.180.0
Engine Version: AM: 1.1.19300.2, NIS: 1.1.19300.2
Date: 2022-06-24 07:32:36
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...82&enterprise=0
Name: Ransom:MSIL/Gorf
Severity: Severe
Category: Ransomware
Path: file:_C:\Users\GERTY\Downloads\FRST.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.369.180.0, AS: 1.369.180.0, NIS: 1.369.180.0
Engine Version: AM: 1.1.19300.2, NIS: 1.1.19300.2
Date: 2022-06-24 07:32:16
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...82&enterprise=0
Name: Ransom:MSIL/Gorf
Severity: Severe
Category: Ransomware
Path: file:_C:\Users\GERTY\Downloads\FRST(1).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.369.180.0, AS: 1.369.180.0, NIS: 1.369.180.0
Engine Version: AM: 1.1.19300.2, NIS: 1.1.19300.2
Date: 2022-06-24 07:31:49
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...82&enterprise=0
Name: Ransom:MSIL/Gorf
Severity: Severe
Category: Ransomware
Path: file:_C:\Users\GERTY\Downloads\FRST(1).exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.369.180.0, AS: 1.369.180.0, NIS: 1.369.180.0
Engine Version: AM: 1.1.19300.2, NIS: 1.1.19300.2
CodeIntegrity:
===============
Date: 2022-06-23 10:28:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-06-17 15:29:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. ALASKA - 1072009 04/28/2016
Motherboard: Gigabyte Technology Co., Ltd. X99-SLI-CF
Processor: Intel® Core i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 34%
Total physical RAM: 32093.97 MB
Available physical RAM: 21170.64 MB
Total Virtual: 36957.97 MB
Available Virtual: 23277.9 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.42 GB) (Free:117.85 GB) (Model: SanDisk SD8SBAT256G1122) NTFS
Drive e: (New Volume) (Fixed) (Total:1862.89 GB) (Free:311.32 GB) (Model: TOSHIBA DT01ACA200) NTFS
\\?\Volume{d94dcd1d-5f2a-43c4-a696-dab205e169f2}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS
\\?\Volume{bcdb8272-b10f-4936-b778-5ddf3be95478}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS
\\?\Volume{32b00b45-9836-4c18-b209-d77d3c916b40}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================