Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

.exe file reappearing in downloads folder

Started by hillanddale , Yesterday, 01:54 PM

  • Please log in to reply
12 replies to this topic

#1 hillanddale

hillanddale

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:03:58 AM

Posted Yesterday, 01:54 PM

A file named flstudio_win64_21.2.3.4004.exe keeps coming back to my C:/Users/---/Downloads folder whenever I delete it or move it to my recycle bin.

 

Here are the FRST logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by Isaac (administrator) on ZOE2 (04-03-2024 19:03:48)
Running from C:\Users\ijhd3\AppData\Local\Temp\scoped_dir2580_1457052070\FRST64.exe
Loaded Profiles: Isaac
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\ijhd3\AppData\Local\Programs\Opera\opera.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Users\ijhd3\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\ijhd3\AppData\Local\Programs\Opera\107.0.5045.36\opera_crashreporter.exe
(cmd.exe ->) (Agilebits -> AgileBits, Inc.) C:\Users\ijhd3\AppData\Local\1Password\app\8\1Password-BrowserSupport.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Discord Inc. -> Discord Inc.) C:\Users\ijhd3\AppData\Local\Discord\app-1.0.9034\Discord.exe <6>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Agilebits -> 1Password) C:\Users\ijhd3\AppData\Local\1Password\app\8\1Password.exe <4>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Norway AS -> Opera Software) C:\Users\ijhd3\AppData\Local\Programs\Opera\opera.exe <24>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) C:\Windows\System32\AsusUpdateCheck.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(services.exe ->) (devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_1e678564fff99713\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\pservice.exe
(services.exe ->) (Synology Inc. -> ) C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s (No File)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37397480 2024-03-04] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [431120 2020-09-22] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [7424896 2023-03-23] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388712 2024-02-29] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe -startup (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Discord] => C:\Users\ijhd3\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Chromium Update] => C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [588800 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Chromium] => "c:\users\ijhd3\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [1Password] => C:\Users\ijhd3\AppData\Local\1Password\app\8\1Password.exe [172719472 2024-02-21] (Agilebits -> 1Password)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [btweb] => "C:\Users\ijhd3\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2643048 2023-09-08] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [MicrosoftEdgeAutoLaunch_CB3810A0022E3E858AC47279410D72B0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060728 2024-03-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [utweb] => "C:\Users\ijhd3\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2598328 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-03-03] (Google LLC -> Google LLC)
Startup: C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2021-04-08]
ShortcutTarget: MEGAsync.lnk -> C:\Users\ijhd3\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Drive Client.lnk [2023-08-31]
ShortcutTarget: Synology Drive Client.lnk -> C:\Program Files (x86)\Synology\SynologyDrive\bin\launcher.exe (Synology Inc. -> Synology Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {9D7C7505-60BC-4327-B19C-CEA56D7D36C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {937927C0-53B4-4B21-87B5-DE505BAF0158} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe  --type=heartbeat --hourly (No File)
Task: {C74E6A57-1120-4112-BED7-308735106673} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe  --type=heartbeat --logon (No File)
Task: {52BACCAF-06EB-4335-81E5-31E268425E28} - System32\Tasks\AvastBrowserProtectS-1-5-21-1761784628-959279815-2364782326-1001 => C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtect.exe  --runonce (No File) <==== ATTENTION
Task: {88323F18-5AB3-44EF-81A7-E5910496F646} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001Core => C:\Users\ijhd3\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
Task: {5E31640A-F74D-4F4B-8203-DEC9D9EABFDE} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001UA => C:\Users\ijhd3\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
Task: {B7838682-9EC3-4FFF-A17D-ED35B36F93A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-16] (Google LLC -> Google LLC)
Task: {9E5A97EA-B712-4DC9-BB76-70E0D311CB8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-16] (Google LLC -> Google LLC)
Task: {8CC7576C-5D3D-4CA2-8A5D-BA9D7E440B06} - System32\Tasks\iTop Screen Recorder SkipUAC (Isaac) => "C:\Program Files\iTop Screen Recorder\IScrRec.exe"  /skipuac (No File)
Task: {45806556-9251-4431-B3A3-09AD09C4A746} - System32\Tasks\iTop Screen Recorder Startup => "C:\Program Files\iTop Screen Recorder\IScrRec.exe"  /autorun (No File)
Task: {3806BD37-C94D-447E-B8E9-3935922C1F29} - System32\Tasks\iTop Screen Recorder UAC => "C:\Program Files\iTop Screen Recorder\iScrInit.exe"  /UAC (No File)
Task: {58C5BD15-4022-49DE-84BF-98200283B539} - System32\Tasks\iTop Screen Recorder Update => "C:\Program Files\iTop Screen Recorder\AutoUpdate.exe"  /auto (No File)
Task: {2A293E34-4FAA-42BD-AEFD-8B0A7B29ECC9} - System32\Tasks\iTopVPN_Scheduler_Isaac => "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"  /autostart (No File)
Task: {2C7E998E-2BD1-4AB6-92A4-915405D63CCE} - System32\Tasks\iTopVPN_SkipUAC_Isaac => "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"  /SkipUac (No File)
Task: {C9F13D6E-E389-40F4-A9DD-3FC86B9C6316} - System32\Tasks\iTopVPN_Update_Isaac => "C:\Program Files (x86)\iTop VPN\atud.exe"  /auto (No File)
Task: {8E3BD5A8-18C3-4EF0-8B4F-EBB96C47D655} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1761784628-959279815-2364782326-1001 => C:\Users\ijhd3\AppData\Local\MEGAsync\MEGAupdater.exe [2531504 2023-09-24] (Mega Limited -> )
Task: {B35F0314-1E49-4DDA-A54E-5D42F8410212} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {77910756-A916-4840-8BFC-3A48317996AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {14CB6F31-B554-4091-8E0B-D0F0B5D950DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ED189CE9-08D5-437D-9AA1-905AA5473C9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {294AFBA0-0B0D-4E1D-BC4C-4F86F4A282D0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8E5CBE63-5590-4FE4-8A58-3D76E1E13AE8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {439C84CB-53B6-4498-BBDB-1FA9433AD79F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0F24750-B9F1-4035-BCE8-2F583C7E8113} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4DD8F118-F3BA-4C31-8B2B-B251407448E3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A276402-D4E5-4996-A4DA-AEC7206C0396} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {23C8FA2E-ADDF-44C9-88EF-081E328975B1} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {617C1CC7-0FB9-4547-A33A-17D9A5668EB8} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F23E34B-9ED7-4F8B-92C2-532088DE44B8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A5476FBF-276B-44C2-AFD0-30B580732F85} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D5561ED-D2F8-4957-A34A-DB789A2379B6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1761784628-959279815-2364782326-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {4EF7F4F0-17FD-43C6-A32D-3DD9F7BBC54E} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1761784628-959279815-2364782326-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {4117897B-60A9-468A-9B03-BEC4878E6E44} - System32\Tasks\Opera scheduled Autoupdate 1699959008 => C:\Users\ijhd3\AppData\Local\Programs\Opera\launcher.exe [2358688 2024-02-22] (Opera Norway AS -> Opera Software)
Task: {D2CF6136-9E22-4CC0-9CC8-1C610C039284} - System32\Tasks\SS3Svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3Svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {ECACBD26-0078-47AE-821E-DECA6416A0FC} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {5A8F6B5E-8593-4A6A-8EDE-2028CB47BCEA} - System32\Tasks\Start Corsair Link => "C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe"  (No File)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{36d25b33-75fe-4273-9a9a-6354d81ed407}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3bc38548-47df-4811-989a-7a922bad6f63}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3bc38548-47df-4811-989a-7a922bad6f63}: [DhcpDomain] home
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-27]
Edge StartupUrls: Default -> "hxxps://www.google.com/"
Edge NewTab: Default ->  Active:"chrome-extension://fhfidmlnclkepgapcephbaciajegheco/newtab.html", Active:"chrome-extension://hmiiajmhelfgiaoboffbjpjdckbmnddg/newtab.html"
Edge DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=edge&addonversion=5.1.4&method=topbar
Edge DefaultSearchKeyword: Default -> ecosia.org
Edge DefaultSuggestURL: Default -> hxxps://ac.ecosia.org/?q={searchTerms}&type=list&mkt=en_GB
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-02-21]
Edge Extension: (Bulk Media Downloader) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cfimolgmgidfdgdlhknfekakcklnhbnn [2023-07-10]
Edge Extension: (lock) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2024-02-21]
Edge Extension: (Ecosia) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fhfidmlnclkepgapcephbaciajegheco [2023-06-05]
Edge Extension: (Return YouTube Dislike) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2024-02-10]
Edge Extension: (Google Docs Offline) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-15]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2024-02-21]
Edge Extension: (Tab for a Cause) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hmiiajmhelfgiaoboffbjpjdckbmnddg [2022-10-14]
Edge Extension: (BetterTTV) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb [2024-02-21]
Edge Extension: (Netflix Party is now Teleparty) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\igbncjcgfkfnfgbaieiimpfkobabmkce [2024-02-26]
Edge Extension: (MEGA) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jemjknhgpjaacbghpdhgchbgccbpkkgf [2024-02-26]
Edge Extension: (Edge relevant text changes) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-10]
Edge Extension: (History On/Off) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ljbpakpmiimdmblcjjhhbfabbkmcgmdp [2023-11-07]
Edge Extension: (uBlock Origin) - C:\Users\ijhd3\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-02-26]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
 
FireFox:
========
FF DefaultProfile: 3wg0niov.default
FF ProfilePath: C:\Users\ijhd3\AppData\Roaming\Mozilla\Firefox\Profiles\3wg0niov.default [2020-07-01]
FF ProfilePath: C:\Users\ijhd3\AppData\Roaming\Mozilla\Firefox\Profiles\ziogylaj.default-release [2022-11-11]
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @chupdatechmm.com/Chromium Update;version=3 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2021-01-11] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @chupdatechmm.com/Chromium Update;version=9 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2021-01-11] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark\nplightsparkplugin.dll [No File]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default [2024-01-15]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default ->  Not-active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://uk.search.yahoo.com/search?fr=mcafee&type=E210GB91082G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> hxxps://uk.search.yahoo.com/sugg/gossip/gossip-uk-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (lock) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeblfdkhhhdcdjpifhhbdiojplfjncoa [2023-11-09]
CHR Extension: (BetterTTV) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2023-11-09]
CHR Extension: (MEGA) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2023-11-09]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-11-02]
CHR Extension: (uBlock Origin) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-11-09]
CHR Extension: (Ecosia) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2023-06-19]
CHR Extension: (Return YouTube Dislike) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2023-11-06]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-11-09]
CHR Extension: (History On/Off) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljbpakpmiimdmblcjjhhbfabbkmcgmdp [2023-04-27]
CHR Extension: (Deep Purple (Purple)) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhdcjickpiffblebfpimodmgogldpob [2023-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-07]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2023-11-05]
CHR Profile: C:\Users\ijhd3\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-20]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jdanfkhnfpagoijgfmklhgakdicpnfil]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR DefaultProfile: Default
StartMenuInternet: (HKU\S-1-5-21-1761784628-959279815-2364782326-1001) OperaStable - "C:\Users\ijhd3\AppData\Local\Programs\Opera\Launcher.exe"
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-08-22] (Apple Inc. -> Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.01\atkexComSvc.exe [382424 2020-04-17] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2020-04-17] (ASUSTeK Computer Inc. -> ) [File not signed]
R2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [768408 2024-03-04] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15689512 2024-02-24] (BattlEye Innovations e.K. -> )
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [5751024 2022-03-30] (devolo AG -> devolo AG)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [10994792 2023-09-08] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812976 2023-04-09] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-11-06] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncHelper.exe [3515936 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2023-08-07] (Huawei Technologies Co., Ltd. -> ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-31] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_1e678564fff99713\Display.NvContainer\NVDisplay.Container.exe [1274888 2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.020.0128.0003\OneDriveUpdaterService.exe [3853856 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Parsec; C:\Program Files\Parsec\pservice.exe [394256 2020-09-22] (Parsec Cloud, Inc. -> Parsec)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1453184 2020-08-26] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Synology Drive VSS Service x64; C:\Program Files (x86)\Synology\SynologyDrive\bin\vss-service-x64.exe [360320 2022-11-16] (Synology Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [36928 2022-09-16] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2020-04-17] (ASUSTeK Computer Inc. -> )
S3 BEDaisy; C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys [5121296 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
S3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S0 FlashBoot; C:\WINDOWS\System32\drivers\FlashBoot.sys [17616 2020-06-04] (Challenger Backup Solutions, LLC -> Challenger Backup Solutions, LLC)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-04-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-12] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MpKsle8db0f48; C:\WINDOWS\system32\MpEngineStore\MpKslDrv.sys [212264 2023-05-26] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2022-01-17] (devolo AG -> Riverbed Technology, Inc.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 steamxbox; C:\WINDOWS\System32\drivers\steamxbox.sys [278208 2023-02-21] (Valve Corp. -> Valve Corporation)
R3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\mvvad.sys [48144 2022-07-26] (Voicemod Sociedad Limitada -> Windows ® Win 7 DDK provider)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBthAudioHF; \SystemRoot\System32\drivers\CsrBthAudioHF.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrhfgcc; \SystemRoot\System32\drivers\csrhfgcc.sys [X]
S3 csrpan; \SystemRoot\System32\drivers\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\ijhd3\AppData\Local\Temp\tmp599F.tmp [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-04 19:03 - 2024-03-04 19:03 - 002386944 _____ (Farbar) C:\Users\ijhd3\Downloads\FRST64.exe
2024-03-04 18:07 - 2024-03-04 18:07 - 975209152 _____ (Image-Line) C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe
2024-03-04 16:52 - 2024-03-04 16:52 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\FLARB LLC
2024-03-04 16:36 - 2024-03-04 16:36 - 000000373 _____ C:\Users\ijhd3\Desktop\DAEMON X MACHINA.url
2024-03-04 16:15 - 2024-03-04 16:15 - 000000366 _____ C:\Users\ijhd3\Desktop\GRIME.url
2024-03-04 16:06 - 2024-03-04 16:06 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\Santa Ragione
2024-03-04 16:05 - 2024-03-04 16:05 - 000000378 _____ C:\Users\ijhd3\Desktop\DEMON'S TILT.url
2024-03-04 16:05 - 2024-03-04 16:05 - 000000370 _____ C:\Users\ijhd3\Desktop\Tharsis.url
2024-03-04 16:04 - 2024-03-04 16:04 - 000000349 _____ C:\Users\ijhd3\Desktop\Saturnalia.url
2024-02-28 17:07 - 2024-03-04 15:53 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-28 17:07 - 2024-02-28 17:07 - 001468692 _____ C:\WINDOWS\Minidump\022824-9953-01.dmp
2024-02-28 16:10 - 2024-02-28 16:10 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\Epic
2024-02-27 17:05 - 2024-02-27 17:05 - 000004140 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1699959008
2024-02-27 17:05 - 2024-02-27 17:05 - 000001405 _____ C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2024-02-26 21:51 - 2024-02-26 21:51 - 000000377 _____ C:\Users\ijhd3\Desktop\Marvel's Guardians of the Galaxy.url
2024-02-26 20:00 - 2024-02-26 20:00 - 000000222 _____ C:\Users\ijhd3\Desktop\Among Us.url
2024-02-21 15:35 - 2024-02-21 15:35 - 000001352 _____ C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2024-02-18 20:05 - 2024-02-18 20:05 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\moncurse
2024-02-17 17:25 - 2024-02-17 17:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-02-17 17:25 - 2024-02-17 17:25 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 17:45 - 2024-02-16 17:45 - 000000344 _____ C:\Users\ijhd3\Desktop\HITMAN 3.url
2024-02-16 14:30 - 2024-02-16 14:30 - 000000000 ____D C:\Users\ijhd3\AppData\Local\TangoGameworks
2024-02-15 11:33 - 2024-02-15 11:33 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-15 11:33 - 2024-02-15 11:33 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-15 11:27 - 2024-02-15 11:27 - 000000000 ___HD C:\$WinREAgent
2024-02-12 17:04 - 2024-02-12 17:04 - 000000223 _____ C:\Users\ijhd3\Desktop\20 Minutes Till Dawn.url
2024-02-12 17:04 - 2024-02-12 17:04 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\Flanne
2024-02-12 15:08 - 2024-02-12 15:08 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-12 15:05 - 2024-02-12 15:05 - 000000000 ___HD C:\$AV_ASW
2024-02-12 15:03 - 2024-02-12 15:03 - 000003844 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2024-02-12 15:03 - 2024-02-12 15:03 - 000003766 _____ C:\WINDOWS\system32\Tasks\AvastBrowserProtectS-1-5-21-1761784628-959279815-2364782326-1001
2024-02-12 15:03 - 2024-02-12 15:03 - 000003260 _____ C:\WINDOWS\system32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2024-02-12 15:03 - 2024-02-12 15:03 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2024-02-12 15:01 - 2024-02-16 14:04 - 000000000 ____D C:\ProgramData\Avast Software
2024-02-12 15:01 - 2024-02-16 14:04 - 000000000 ____D C:\Program Files\Avast Software
2024-02-11 13:09 - 2024-03-04 19:04 - 000000000 ____D C:\FRST
2024-02-09 21:26 - 2024-02-09 21:26 - 000000383 _____ C:\Users\ijhd3\Desktop\Golden Light.url
2024-02-09 21:26 - 2024-02-09 21:26 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\MrPink
2024-02-09 20:43 - 2024-02-09 20:43 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\Snoozy Kazoo
2024-02-09 20:31 - 2024-02-09 20:31 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\Hunter Studio
2024-02-07 17:02 - 2024-02-07 17:02 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-02-06 21:25 - 2024-02-06 21:25 - 000000000 ___HD C:\$SysReset
2024-02-04 23:10 - 2024-02-04 23:10 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\Horny Doge
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-04 18:58 - 2020-12-24 00:05 - 000000000 ____D C:\Program Files (x86)\Steam
2024-03-04 18:57 - 2021-12-15 23:35 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-04 18:57 - 2020-04-17 19:01 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-04 18:54 - 2021-01-11 08:35 - 000000000 ____D C:\Users\ijhd3\AppData\Local\Discord
2024-03-04 18:51 - 2022-08-23 13:53 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\1Password
2024-03-04 18:51 - 2022-08-23 13:53 - 000000000 ____D C:\Users\ijhd3\AppData\Local\1Password
2024-03-04 17:56 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-04 17:08 - 2020-04-17 23:14 - 000000000 ____D C:\Users\ijhd3\AppData\Local\CrashDumps
2024-03-04 17:08 - 2020-04-17 11:48 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-04 17:05 - 2022-02-02 19:46 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\TIDAL
2024-03-04 16:04 - 2020-05-15 09:32 - 000000000 ____D C:\Program Files\Epic Games
2024-03-04 16:00 - 2020-09-02 10:27 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-04 16:00 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-04 15:54 - 2023-05-10 20:09 - 000000000 ____D C:\Users\ijhd3\AppData\Local\Malwarebytes
2024-03-04 15:54 - 2020-09-18 14:18 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\discord
2024-03-04 15:53 - 2020-09-02 03:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-04 15:53 - 2020-04-17 18:21 - 000807280 _____ C:\WINDOWS\system32\wpbbin.exe
2024-03-04 15:53 - 2020-04-17 18:21 - 000768408 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2024-03-03 23:34 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-03 22:57 - 2022-01-28 16:53 - 000000000 ____D C:\ProgramData\USVFS
2024-03-03 22:57 - 2020-04-17 12:02 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-03-03 22:48 - 2022-01-28 16:53 - 000000000 ____D C:\Users\ijhd3\AppData\Local\ModOrganizer
2024-03-03 20:39 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-03 20:39 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-03 19:34 - 2020-11-22 14:30 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-03 19:34 - 2020-11-16 17:38 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-01 15:02 - 2020-09-02 02:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-29 01:38 - 2020-09-02 00:22 - 000000000 ____D C:\Users\ijhd3
2024-02-28 17:09 - 2020-04-23 12:11 - 000000000 ____D C:\Users\ijhd3\AppData\Local\D3DSCache
2024-02-28 17:07 - 2020-12-04 15:40 - 000000000 ____D C:\WINDOWS\Minidump
2024-02-28 16:08 - 2020-05-13 09:13 - 000000000 ____D C:\Users\ijhd3\AppData\Local\EpicGamesLauncher
2024-02-28 15:27 - 2020-04-17 18:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-27 21:42 - 2022-02-03 20:55 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\Bandcamp Desktop
2024-02-26 21:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-26 20:01 - 2020-05-23 17:33 - 000000000 ____D C:\Users\ijhd3\AppData\LocalLow\Unity
2024-02-26 15:51 - 2020-12-24 00:18 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\Opera Software
2024-02-25 20:34 - 2023-04-09 22:35 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\EasyAntiCheat
2024-02-23 20:51 - 2021-05-28 22:30 - 000000000 ____D C:\Users\ijhd3\AppData\Local\User Data
2024-02-23 18:45 - 2020-11-22 14:29 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-23 18:45 - 2020-11-22 14:29 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-20 19:31 - 2020-06-12 14:29 - 000000000 ____D C:\Users\ijhd3\OneDrive\Documents\D&D
2024-02-20 18:51 - 2023-03-26 14:40 - 000000000 ____D C:\Users\ijhd3\AppData\Local\JDownloader 2.0
2024-02-19 20:51 - 2023-09-02 12:46 - 000000000 ___RD C:\Users\ijhd3\iCloudPhotos
2024-02-18 17:10 - 2020-04-17 11:34 - 000000000 ____D C:\Users\ijhd3\AppData\Local\Packages
2024-02-17 17:25 - 2023-03-23 10:26 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1761784628-959279815-2364782326-500
2024-02-17 17:25 - 2021-12-12 18:54 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1761784628-959279815-2364782326-1001
2024-02-17 17:25 - 2021-09-11 21:28 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-02-16 14:12 - 2022-10-23 10:27 - 000095848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-02-16 14:12 - 2022-10-23 10:27 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-02-16 14:12 - 2022-06-11 13:44 - 000689656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-02-16 14:12 - 2022-02-04 20:34 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-02-16 14:12 - 2022-02-04 20:34 - 000218728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-02-16 14:12 - 2022-02-04 20:34 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-02-16 14:12 - 2022-02-04 20:34 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-02-16 14:04 - 2020-09-02 02:57 - 000259656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-15 20:51 - 2019-12-07 09:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-15 20:51 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-15 12:06 - 2019-12-07 09:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-15 11:54 - 2023-11-16 15:41 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2023-11-16 15:41 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-15 11:54 - 2022-11-11 16:22 - 000002914 _____ C:\WINDOWS\system32\Tasks\iTopVPN_Update_Isaac
2024-02-15 11:54 - 2022-11-11 16:22 - 000002770 _____ C:\WINDOWS\system32\Tasks\iTopVPN_Scheduler_Isaac
2024-02-15 11:54 - 2022-11-11 15:36 - 000002844 _____ C:\WINDOWS\system32\Tasks\iTopVPN_SkipUAC_Isaac
2024-02-15 11:54 - 2022-11-11 15:36 - 000002712 _____ C:\WINDOWS\system32\Tasks\iTop Screen Recorder Startup
2024-02-15 11:54 - 2022-11-11 15:36 - 000002710 _____ C:\WINDOWS\system32\Tasks\iTop Screen Recorder Update
2024-02-15 11:54 - 2022-11-11 15:36 - 000002538 _____ C:\WINDOWS\system32\Tasks\iTop Screen Recorder SkipUAC (Isaac)
2024-02-15 11:54 - 2022-11-11 15:36 - 000002508 _____ C:\WINDOWS\system32\Tasks\iTop Screen Recorder UAC
2024-02-15 11:54 - 2021-01-11 15:19 - 000003542 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001UA
2024-02-15 11:54 - 2021-01-11 15:19 - 000003274 _____ C:\WINDOWS\system32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001Core
2024-02-15 11:54 - 2020-12-25 18:02 - 000002492 _____ C:\WINDOWS\system32\Tasks\Start Corsair Link
2024-02-15 11:54 - 2020-11-16 17:37 - 000003356 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-02-15 11:54 - 2020-11-16 17:37 - 000003132 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-02-15 11:54 - 2020-09-02 03:02 - 000002408 _____ C:\WINDOWS\system32\Tasks\SS3svc64Run
2024-02-15 11:54 - 2020-09-02 03:02 - 000002400 _____ C:\WINDOWS\system32\Tasks\SS3Svc32Run
2024-02-15 11:36 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-15 11:33 - 2020-09-02 03:02 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-15 11:26 - 2020-04-17 22:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-15 11:24 - 2020-04-17 22:51 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-12 15:59 - 2024-01-06 15:16 - 000000000 ____D C:\Users\ijhd3\OneDrive\Documents\FL music
2024-02-12 15:09 - 2023-04-03 12:06 - 004681284 _____ C:\WINDOWS\ntbtlog.txt
2024-02-12 15:07 - 2023-03-23 10:25 - 000000000 ____D C:\Users\Administrator
2024-02-12 15:02 - 2019-12-07 09:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-10 14:56 - 2023-08-30 16:14 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\utorrent
2024-02-08 22:07 - 2020-06-01 09:34 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\RenPy
2024-02-07 17:02 - 2020-11-21 18:50 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\Zoom
2024-02-06 21:18 - 2022-11-27 20:02 - 000000000 ___RD C:\Users\ijhd3\SynologyDrive
2024-02-05 18:25 - 2020-04-17 15:02 - 000000000 ____D C:\Users\ijhd3\OneDrive\Documents\My Games
 
==================== Files in the root of some directories ========
 
2020-07-15 13:47 - 2020-07-15 13:47 - 000286770 _____ () C:\Users\ijhd3\AppData\Roaming\zjd_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2022-11-22 21:28 - 2024-01-04 22:14 - 000000457 _____ () C:\Users\ijhd3\AppData\Local\kdeglobals
2022-11-22 21:27 - 2022-11-22 21:27 - 000008337 _____ () C:\Users\ijhd3\AppData\Local\kdenlive-layoutsrc
2022-11-22 21:27 - 2024-01-04 22:17 - 000005944 _____ () C:\Users\ijhd3\AppData\Local\kdenliverc
2022-11-22 21:28 - 2022-11-22 21:28 - 000000874 _____ () C:\Users\ijhd3\AppData\Local\recently-used.xbel
2023-07-23 17:57 - 2023-10-18 14:57 - 000007601 _____ () C:\Users\ijhd3\AppData\Local\Resmon.ResmonCfg
2023-05-31 17:15 - 2023-05-31 17:15 - 000006240 _____ () C:\Users\ijhd3\AppData\Local\user-places.xbel
2023-05-31 17:15 - 2023-05-31 17:14 - 000006291 _____ () C:\Users\ijhd3\AppData\Local\user-places.xbel.bak
2023-05-31 17:15 - 2023-05-31 17:15 - 000000000 _____ () C:\Users\ijhd3\AppData\Local\user-places.xbel.tbcache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Isaac (04-03-2024 19:05:04)
Running from C:\Users\ijhd3\AppData\Local\Temp\scoped_dir2580_1457052070
Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) (2020-09-02 03:02:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1761784628-959279815-2364782326-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1761784628-959279815-2364782326-503 - Limited - Disabled)
fdad3 (S-1-5-21-1761784628-959279815-2364782326-1002 - Limited - Disabled)
Guest (S-1-5-21-1761784628-959279815-2364782326-501 - Limited - Disabled)
Isaac (S-1-5-21-1761784628-959279815-2364782326-1001 - Administrator - Enabled) => C:\Users\ijhd3
Mdale (S-1-5-21-1761784628-959279815-2364782326-1003 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1761784628-959279815-2364782326-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\1Password) (Version: 8.10.26 - AgileBits Inc.)
Acer Display Widget (HKLM-x32\...\{71646659-5C84-4836-8F41-44E960E88868}) (Version: 3.0.2.0 - Acer Incorporated)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.02.19.2221 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.130 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.22.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{260a52b1-dc81-4e22-b58d-5dd3b57a7b65}) (Version: 5.02.19.2221 - Advanced Micro Devices, Inc.) Hidden
Apple Mobile Device Support (HKLM\...\{D76F9829-A6F3-48D3-A0B6-BC1522CB9F49}) (Version: 17.0.0.21 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus Sonic Radar 3 (HKLM-x32\...\{f302c1fc-67c2-40b1-93c7-266d93310a2d}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{44d9a0cd-0414-49c0-8488-dc0849f46bd1}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus SonicRadar3Setup (HKLM\...\{09AE428F-CB54-42C8-8342-D0EC6E4136D0}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{ACA23ED7-018F-47AE-8C9C-2096E1455DA4}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1653.5 - AVAST Software) Hidden
Badlion Client (HKLM\...\1de14785-dd8c-5cd2-aae8-d4a376f81d78) (Version: 3.3.2 - Badlion)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Bandcamp Desktop 2.4.0 (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\{fbb26d45-ec85-59a0-aa2e-91f833939972}) (Version: 2.4.0 - Giulio De Matteis)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Clone Hero version v1.0.0.4080-final (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\{7AB59751-7472-4CE0-BF7A-463B21A45046}_is1) (Version: v1.0.0.4080-final - Clone Hero Team)
Corsair Hydro Series 7289 USB Device (Driver Removal) (HKLM-x32\...\HYDROS7289&1B1C&0C02) (Version:  - Corsair Components, Inc.)
CORSAIR iCUE Software (HKLM-x32\...\{74AF4222-AABF-462F-B0CC-59A4BF827F8C}) (Version: 3.36.125 - Corsair)
CurseForge 0.237.1-14012 (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 0.237.1-14012 - Overwolf)
Cyberpunk 2077 (HKLM-x32\...\Cyberpunk 2077_is1) (Version: 0.0.0 - DODI-Repacks)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.2.0.185 - devolo AG)
Discord (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dragon Ball Xenoverse 2 (HKLM-x32\...\Dragon Ball Xenoverse 2_is1) (Version: 0.0.0 - DODI-Repacks)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.18.0.5531 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{2da5c03a-a437-48b6-85b8-7fafff95de5e}) (Version: 13.18.0.5531 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
FL Studio 21 (HKLM-x32\...\FL Studio 21) (Version: 21.2.1.3859 - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.95 - Google LLC)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 14.0.0.300 - Huawei Technologies Co., Ltd.)
iCloud Outlook (HKLM\...\{AC76D136-36CC-4606-8361-4939FE5D2381}) (Version: 14.2.0.108 - Apple Inc.)
iMazing Converter 2.0.9.0 (HKLM\...\{907AAA47-68DC-4FB3-A50E-E69A8994D2B0}_is1) (Version: 2.0.9.0 - DigiDNA)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0.1 - AppWork GmbH)
kdenlive (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\kdenlive) (Version: 22.08.3 - KDE e.V.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metal Gear Rising Revengeance (HKLM-x32\...\Metal Gear Rising Revengeance_is1) (Version: 0.0.0 - DODI-Repacks)
Microsoft .NET Host - 6.0.23 (x64) (HKLM\...\{1870DD0E-1583-44FF-8265-A9D1692CD89C}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.23 (x64) (HKLM\...\{995CC82C-E3E8-4BB5-9AB8-2B95C611D59D}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.23 (x64) (HKLM\...\{7C0437DA-6703-47F1-A116-CD138B0768AD}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM\...\{AA393199-374C-4AD1-9245-6CBB254D8146}) (Version: 48.92.2594 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.23 (x64) (HKLM-x32\...\{fbe8ac13-7063-40e6-81dd-7ddcc3781ecd}) (Version: 6.0.23.32930 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Version: 1.0.0.0 - Mojang)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 546.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.17 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.0.2 - OBS Project)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 107.0.5045.36 (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Opera 107.0.5045.36) (Version: 107.0.5045.36 - Opera Software)
Outlook (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Parsec (HKLM-x32\...\Parsec) (Version: 150-36 - Parsec Cloud Inc.)
PowerPoint (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.0.0 - Advanced Micro Devices, Inc.) Hidden
REDlauncher (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Roblox Player for Isaac (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\roblox-player) (Version:  - Roblox Corporation)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Spider-man Remastered (HKLM-x32\...\Spider-man Remastered_is1) (Version:  - )
Spider-Man: Miles Morales (HKLM-x32\...\Spider-Man: Miles Morales_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SURVEY_PROGRAM (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\SURVEY_PROGRAM) (Version:  - )
Synology Drive Client (remove only) (HKLM\...\Synology Drive) (Version: 7.2.0.13258 - Synology, Inc.)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
TIDAL (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\TIDAL) (Version: 2.36.2 - TIDAL Music AS)
TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 147.0.10965 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.40.4.0 - Voicemod S.L.)
WhatsApp (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\WhatsApp) (Version: 2.2049.10 - WhatsApp)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Wolfenstein II - The Freedom Chronicles - Episode 2 ROTW (HKLM-x32\...\2104100206_is1) (Version: 6.5.0.1331.[53861004719051016] - GOG.com)
Wolfenstein II - The Freedom Chronicles - Episode 3 ROTW (HKLM-x32\...\1797971986_is1) (Version: 6.5.0.1331.[53861004719051016] - GOG.com)
Wolfenstein II: The Freedom Chronicles - Episode 0 (HKLM-x32\...\1428926823_is1) (Version: 6.5.0.1331 - GOG.com)
Wolfenstein II: The Freedom Chronicles - Episode 1 (HKLM-x32\...\1948521423_is1) (Version: 6.5.0.1331 - GOG.com)
Wolfenstein II: The New Colossus (HKLM-x32\...\1847884051_is1) (Version: 6.5.0.1331 - GOG.com)
Word (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Zoom (HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
ASUS Grid (Beta) -> C:\Program Files\WindowsApps\B9ECED6F.133F79A42C6_1.0.14.0_x64__qmba6cd70vzyy [2023-03-23] (ASUSTeK COMPUTER INC.)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_3.10.3.0_x64__kgqvnymyfvs32 [2024-02-19] (king.com)
Dropbox Lite -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_23.4.23.0_x64__xbfy0k16fey96 [2024-02-19] (Dropbox Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_6.33.11.0_x64__kgqvnymyfvs32 [2024-02-22] (king.com)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.0.215.0_x64__nzyj5cx40ttqa [2024-02-19] (Apple Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-02-19] (Instagram)
Instagram -> C:\Program Files\WindowsApps\www.instagram.com-3D2AAE46_42.0.21.1_neutral__ysfa6mcnwr1rw [2023-10-15] (www.instagram.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-11-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-11-11] (Microsoft Corporation) [MS Ad]
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.20.6201.0_x64__8wekyb3d8bbwe [2024-02-19] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.7.2.0_x64__8wekyb3d8bbwe [2024-01-01] (Microsoft Studios)
Minecraft: Java Edition -> C:\Program Files\WindowsApps\Microsoft.MinecraftJavaEdition_1.0.5.0_x64__8wekyb3d8bbwe [2023-04-21] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-11-16] (NVIDIA Corp.)
Phoenix Search -> C:\Program Files\WindowsApps\60191FreshJuice.PhoenixSearch_1.1.11.0_x64__q548gb32m7ptt [2023-07-10] (FreshJuice)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2022-11-11] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-11-11] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Studios) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll (Synology Inc. -> )
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{89b2b650-c4dd-d68b-46e7-3176f1973c8b}\localserver32 -> C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (Synology Inc. -> TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{D222A395-CFC2-46AF-ACAC-F52025028B31} -> [iCloud Photos] => C:\Users\ijhd3\iCloudPhotos\Photos [2023-09-02 12:46]
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{D8E0CDAD-2FAE-40EB-8433-7F5A79714FB8}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{E5284BCA-B946-4499-B113-C693BB65B202} -> [Synology Drive - HipHopAPotamus] => C:\Users\ijhd3\AppData\Local\SynologyDrive\SystemFolders\1 [2022-11-27 20:02]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\ijhd3\AppData\Local\MEGAsync\ShellExtX64.dll [2023-09-24] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\ijhd3\AppData\Local\MEGAsync\ShellExtX64.dll [2023-09-24] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\ijhd3\AppData\Local\MEGAsync\ShellExtX64.dll [2023-09-24] (Mega Limited -> )
ShellIconOverlayIdentifiers: [   01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2023-02-27] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [   02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2023-02-27] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [   03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2023-02-27] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [   04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2023-02-27] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [   05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2023-02-27] (Synology Inc. -> TODO: <Company name>)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-07-15] (Notepad++ -> )
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ijhd3\AppData\Local\MEGAsync\ShellExtX64.dll [2023-09-24] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ijhd3\AppData\Local\MEGAsync\ShellExtX64.dll [2023-09-24] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ijhd3\AppData\Local\MEGAsync\ShellExtX64.dll [2023-09-24] (Mega Limited -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\ijhd3\AppData\Local\MEGAsync\ShellExtX64.dll [2023-09-24] (Mega Limited -> )
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.020.0128.0003\FileSyncShell64.dll [2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_1e678564fff99713\nvshext.dll [2023-11-10] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-04-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1761784628-959279815-2364782326-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2023-02-27] (Synology Inc. -> )
ContextMenuHandlers6_S-1-5-21-1761784628-959279815-2364782326-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\ijhd3\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2023-02-27] (Synology Inc. -> )
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
ShortcutWithArgument: C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/
 
==================== Loaded Modules (Whitelisted) =============
 
2020-11-23 17:42 - 2020-11-23 17:42 - 000356352 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-11-23 17:04 - 2020-11-23 17:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-11-23 17:04 - 2020-11-23 17:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-11-23 17:03 - 2020-11-23 17:03 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-11-23 17:04 - 2020-11-23 17:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-11-23 17:03 - 2020-11-23 17:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-11-23 17:02 - 2020-11-23 17:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2024-03-04 15:53 - 2024-03-04 15:53 - 000039680 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.01\PEbiosinterface32.dll
2020-10-21 09:59 - 2020-10-21 09:59 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-11-23 17:02 - 2020-11-23 17:02 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-11-23 17:02 - 2020-11-23 17:02 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9620]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_nptdwxol_21_02_ssg01
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_nptdwxol_21_02_ssg01
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-12-18] (Oracle America, Inc. -> Oracle Corporation)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-19 04:49 - 2023-11-14 12:04 - 000002797 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70      *.fitgirl-repacks.xyz           # Fake FitGirl site
109.94.209.70      fitgirlrepacks.in               # Fake FitGirl site
109.94.209.70      *.fitgirl-repacks.xyz           # Fake FitGirl site
127.0.0.1 checkhost.local
109.94.209.70      www.fitgirlrepacks.in           # Fake FitGirl site
109.94.209.70      fitgirlrepacks.co               # Fake FitGirl site
109.94.209.70      fitgirl-repacks.cc              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.to              # Fake FitGirl site
109.94.209.70      fitgirl-repack.com              # Fake FitGirl site
109.94.209.70      fitgirl-repacks.website         # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.co           # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.cc          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.to          # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.com          # Fake FitGirl site
109.94.209.70      www.fitgirl-repacks.website     # Fake FitGirl site
109.94.209.70      ww9.fitgirl-repacks.xyz         # Fake FitGirl site
109.94.209.70      *.fitgirl-repacks.xyz           # Fake FitGirl site
109.94.209.70      fitgirl-repacks.xyz             # Fake FitGirl site
109.94.209.70      fitgirl-repack.net              # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.net          # Fake FitGirl site
109.94.209.70      fitgirlpack.site                # Fake FitGirl site
109.94.209.70      www.fitgirlpack.site            # Fake FitGirl site
109.94.209.70      fitgirl-repack.org              # Fake FitGirl site
109.94.209.70      www.fitgirl-repack.org          # Fake FitGirl site
109.94.209.70      fitgirlrepacks.pro              # Fake FitGirl site
109.94.209.70      www.fitgirlrepacks.pro          # Fake FitGirl site
109.94.209.70      fitgirlrepack.games             # Fake FitGirl site
109.94.209.70      www.fitgirlrepack.games         # Fake FitGirl site
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Control Panel\Desktop\\Wallpaper -> c:\users\ijhd3\onedrive\pictures\icloud photos\img_2605.jpeg
HKU\S-1-5-21-1761784628-959279815-2364782326-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Sonic Studio 3"
HKLM\...\StartupApproved\Run: => "CSRHarmonySkypePlugin"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\StartupFolder: => "Synology Drive Client.lnk"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Parsec.App.0"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "CorsairLink4"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Chromium Update"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Energy"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_CB3810A0022E3E858AC47279410D72B0"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Opera GX Stable"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "btweb"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "ut"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{89248476-C0ED-4317-8995-A1F11E73151A}C:\program files\epic games\thealtocollection\the alto collection.exe] => (Allow) C:\program files\epic games\thealtocollection\the alto collection.exe => No File
FirewallRules: [TCP Query User{E6378599-6A23-4C8B-9A04-89750E23124F}C:\program files\epic games\thealtocollection\the alto collection.exe] => (Allow) C:\program files\epic games\thealtocollection\the alto collection.exe => No File
FirewallRules: [UDP Query User{0BD0CDEF-94D8-4D39-9AD2-93C5A25CE33F}C:\program files\epic games\theescapists2\theescapists2.exe] => (Allow) C:\program files\epic games\theescapists2\theescapists2.exe => No File
FirewallRules: [TCP Query User{0D574A36-8872-47E9-8449-21868CB493D6}C:\program files\epic games\theescapists2\theescapists2.exe] => (Allow) C:\program files\epic games\theescapists2\theescapists2.exe => No File
FirewallRules: [{676D12B4-596B-4012-BD61-2609C3E4EE7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cockroach_Simulator\cs.exe => No File
FirewallRules: [{43A87ECB-5062-43BE-8970-592316EB4DC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cockroach_Simulator\cs.exe => No File
FirewallRules: [{E4C6EF28-5F16-4761-ACA0-BFDE3B2CF4CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fly Simulator\Fly Simulator.exe => No File
FirewallRules: [{DFE8AB3B-899F-4698-A50C-0AA7DEAD81BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fly Simulator\Fly Simulator.exe => No File
FirewallRules: [UDP Query User{07AACC13-4931-4086-B4FD-7F0A80235E25}C:\program files\epic games\borderlands2\binaries\win32\borderlands2.exe] => (Allow) C:\program files\epic games\borderlands2\binaries\win32\borderlands2.exe => No File
FirewallRules: [TCP Query User{E92ABE4A-58DA-4F8B-926D-565812CEAF29}C:\program files\epic games\borderlands2\binaries\win32\borderlands2.exe] => (Allow) C:\program files\epic games\borderlands2\binaries\win32\borderlands2.exe => No File
FirewallRules: [{0CC8E2C8-E35B-4B12-9A7A-4C851A3762DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ULTRAKILL Demo\ULTRAKILL.exe => No File
FirewallRules: [{7C157FF5-7A0F-40D4-8915-E1AF5DE78E4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ULTRAKILL Demo\ULTRAKILL.exe => No File
FirewallRules: [UDP Query User{E03CC992-7D4C-434E-B8C7-89A54CAE7A2D}C:\program files (x86)\steam\steamapps\common\just die already demo\jdgame\binaries\win64\jdgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\just die already demo\jdgame\binaries\win64\jdgame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{CB9F9D3F-C456-4965-ADE7-01237837A54F}C:\program files (x86)\steam\steamapps\common\just die already demo\jdgame\binaries\win64\jdgame-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\just die already demo\jdgame\binaries\win64\jdgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{A1DC9778-D755-40BE-988E-B2B2C48E1075}C:\users\ijhd3\downloads\alpha 1.2.2.0\lib\nitroxserver-subnautica.exe] => (Allow) C:\users\ijhd3\downloads\alpha 1.2.2.0\lib\nitroxserver-subnautica.exe => No File
FirewallRules: [TCP Query User{B0AA5959-BC61-458B-B8A7-34A88962677D}C:\users\ijhd3\downloads\alpha 1.2.2.0\lib\nitroxserver-subnautica.exe] => (Allow) C:\users\ijhd3\downloads\alpha 1.2.2.0\lib\nitroxserver-subnautica.exe => No File
FirewallRules: [{DD45C065-5F7F-46C3-8513-EC7803B1B126}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [UDP Query User{5BB5976D-CED5-4BCB-B6AE-CF76F4941BE3}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe => No File
FirewallRules: [TCP Query User{1327149E-9F39-440C-92EC-3C158D73CB4F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe => No File
FirewallRules: [UDP Query User{B651F12C-0A5E-4C69-A7F8-0E40ABE4092D}C:\program files\epic games\subnauticabelowzero\subnauticazero.exe] => (Allow) C:\program files\epic games\subnauticabelowzero\subnauticazero.exe => No File
FirewallRules: [TCP Query User{12938460-0E12-48CB-A2C8-E27098CC81EE}C:\program files\epic games\subnauticabelowzero\subnauticazero.exe] => (Allow) C:\program files\epic games\subnauticabelowzero\subnauticazero.exe => No File
FirewallRules: [UDP Query User{F75503F7-5690-4E85-A8BC-6A5BDFAA8377}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{749EF68E-0C8E-44A3-8EB2-1D298B7BBD0E}C:\program files\epic games\gtav\gta5.exe] => (Allow) C:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{0CB0CABD-AFB6-4F43-9CC2-F923744AD91C}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe => No File
FirewallRules: [TCP Query User{39BB1DFE-A7F6-411B-9BF0-298E639B818B}C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\resident evil 5\re5dx9.exe => No File
FirewallRules: [{651656AA-97CD-4BA9-833C-5B42652AFA73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Please, Don’t Touch Anything\DontTouchAnything.exe => No File
FirewallRules: [{FDB3F1CE-9B17-4A1B-BCCD-D6BA58B7C15A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Please, Don’t Touch Anything\DontTouchAnything.exe => No File
FirewallRules: [UDP Query User{A9456254-1BCC-4D84-837D-F6D9160BEAAD}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{E889A608-78E3-425E-95D3-F6ACA441E243}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{C3CFC281-428F-4272-B599-94F91F5BEB20}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{C66CB132-7304-4DFD-BCDF-D9F72DE66ECE}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{A571E0E5-C509-41A7-A71A-9E6C1F935CFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quiplash\Quiplash.exe => No File
FirewallRules: [{F6477B2E-564E-41DE-8556-5D4E13CD59ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quiplash\Quiplash.exe => No File
FirewallRules: [{F67E5CA8-10D5-4BE6-A3BC-A88093AB01AC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C83579E3-65B9-475A-AAE0-00595116DD30}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C97CC17E-C77D-430E-8352-9B30B98597D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Getting Over It\GettingOverIt.exe => No File
FirewallRules: [{896D6F9E-53D0-4528-8FDA-02EBF9B1C2FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Getting Over It\GettingOverIt.exe => No File
FirewallRules: [UDP Query User{32C7EB72-FDAA-43BE-833C-E3DFDA1E201B}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [TCP Query User{BCA88DA9-DE1E-40B2-8934-66EEAA98BC8A}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win64\paladins.exe => No File
FirewallRules: [UDP Query User{901A8AFF-FBD0-4A63-ADD5-458464A75731}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{2F275546-DF2C-470E-913D-499807C0FA45}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{C7D7A74C-618E-4C3D-962D-DA05D8E75CF3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{96E263DA-5D06-4964-8A43-696A48C3FFF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A34DA48B-51E6-4489-A975-5A3FF3097B7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F3C1CE34-C20A-457B-8A63-79C687CF1BF6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{58BDD6F2-FAAB-4CBC-A6AA-165E0BD00545}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6FBAC189-6F06-4C0E-99E8-5DE588BE4BF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{8A65BD67-28C7-45F8-8750-C3FDF83F436B}C:\program files\epic games\shadowrunreturns\shadowrun.exe] => (Allow) C:\program files\epic games\shadowrunreturns\shadowrun.exe => No File
FirewallRules: [UDP Query User{68B22255-F7D1-4954-A8CF-DF942DBC11F0}C:\program files\epic games\shadowrunreturns\shadowrun.exe] => (Allow) C:\program files\epic games\shadowrunreturns\shadowrun.exe => No File
FirewallRules: [TCP Query User{789622B3-97E5-45E5-A854-D180481C569D}C:\users\ijhd3\downloads\guedins-aot-fan-game-0.10.2-race-win64\aot_v02\binaries\win64\aot_v02.exe] => (Allow) C:\users\ijhd3\downloads\guedins-aot-fan-game-0.10.2-race-win64\aot_v02\binaries\win64\aot_v02.exe => No File
FirewallRules: [UDP Query User{6E7362A7-DEC2-4872-A049-73905B41835F}C:\users\ijhd3\downloads\guedins-aot-fan-game-0.10.2-race-win64\aot_v02\binaries\win64\aot_v02.exe] => (Allow) C:\users\ijhd3\downloads\guedins-aot-fan-game-0.10.2-race-win64\aot_v02\binaries\win64\aot_v02.exe => No File
FirewallRules: [TCP Query User{3242DE9F-B91B-4AB2-8AA3-E309C7870949}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [UDP Query User{B9B87569-5D53-47AF-AF8A-57FE11042E57}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe => No File
FirewallRules: [TCP Query User{33D9FC32-5E89-4845-AB0F-6AB76D660C95}C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe => No File
FirewallRules: [UDP Query User{3415A3ED-FE32-4224-9EA4-580A594B0817}C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe => No File
FirewallRules: [TCP Query User{8EB9BEFB-299E-4E7B-BC64-2159E2B5B83B}C:\users\ijhd3\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\ijhd3\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [UDP Query User{CBC4D87E-5E0E-41A9-996A-913DC921F237}C:\users\ijhd3\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\ijhd3\twitch\minecraft\install\runtime\jre-x64\bin\javaw.exe => No File
FirewallRules: [{92E3F81E-60D9-453A-B16F-9CDDA321F588}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [{C51FA649-709B-4E6B-AAA9-C1A523B7059F}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe => No File
FirewallRules: [TCP Query User{2A9D711A-7B1A-44AB-AFB8-6362D2632940}C:\users\ijhd3\downloads\the.jackbox.party.pack.7\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\downloads\the.jackbox.party.pack.7\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [UDP Query User{624DA389-A3EF-419F-937A-F7DE3D01C33C}C:\users\ijhd3\downloads\the.jackbox.party.pack.7\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\downloads\the.jackbox.party.pack.7\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [TCP Query User{92355642-F6A8-4484-9C9C-6B7ED999D843}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [UDP Query User{BE169B6C-E3CA-4BF9-B9A0-95FF2178AD6E}C:\programdata\badlionclient\jre\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre\bin\javaw.exe
FirewallRules: [{15BDF0D3-F2B8-4779-8710-1AF9883856B0}] => (Allow) C:\Users\ijhd3\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7F647B5F-6ADA-4EEA-B03E-3F2EF28CEC38}] => (Allow) C:\Users\ijhd3\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{B1528ED9-9991-4701-822A-6D7092370305}] => (Allow) C:\Users\ijhd3\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{957D816C-3F2C-46C5-A12F-D3ED15A248AD}C:\users\ijhd3\onedrive\documents\games\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\onedrive\documents\games\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [UDP Query User{9A29AFAB-6147-47D6-89E0-D7DDE53E0855}C:\users\ijhd3\onedrive\documents\games\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\onedrive\documents\games\the.jackbox.party.pack.7\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [TCP Query User{DD36D0E5-90FD-4605-902B-6D588A16549C}C:\users\ijhd3\onedrive\documents\games\house party\houseparty.exe] => (Allow) C:\users\ijhd3\onedrive\documents\games\house party\houseparty.exe => No File
FirewallRules: [UDP Query User{5FB663A9-7CF9-4D38-A835-E58BB291B4A9}C:\users\ijhd3\onedrive\documents\games\house party\houseparty.exe] => (Allow) C:\users\ijhd3\onedrive\documents\games\house party\houseparty.exe => No File
FirewallRules: [{77484749-5D93-40A7-A383-68E012960DFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ULTRAKILL\ULTRAKILL.exe () [File not signed]
FirewallRules: [{FE37AFC3-B7D9-4083-9757-9B282C13EA53}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ULTRAKILL\ULTRAKILL.exe () [File not signed]
FirewallRules: [TCP Query User{F8260D7A-B006-4C61-A2BD-BA7EE41CB3FE}C:\users\ijhd3\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\crewlink\crewlink.exe => No File
FirewallRules: [UDP Query User{10F4618B-44F0-4F7F-8879-0B6B6FCFD8E3}C:\users\ijhd3\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\crewlink\crewlink.exe => No File
FirewallRules: [TCP Query User{245FDDA3-4939-479C-ACDD-F068504E53C8}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [UDP Query User{B2EA4326-B6D1-4021-A016-2C6689D3D493}C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe] => (Allow) C:\programdata\badlionclient\jre1.8.0_202\bin\javaw.exe
FirewallRules: [TCP Query User{84382DC4-DC09-47DA-8CC4-BE393CC76798}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{97D1218B-3103-48D3-88E5-7E02817B7367}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{9FF2A978-B0DB-4B1B-9B3B-E6BA2702B984}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [{63016AD2-8672-42F7-B65E-001F4A03C082}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [TCP Query User{EF2B8C91-17C9-4082-AA2D-AAAE5B5FBCE4}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [UDP Query User{344F3723-AB9F-48B9-B5CB-91C948E5A8E9}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [TCP Query User{E7E4E233-F9A2-4849-9E79-98DB49631DB7}C:\users\ijhd3\downloads\games\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\downloads\games\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [UDP Query User{B191FBA0-E1DC-435D-8C76-C798A7E02C12}C:\users\ijhd3\downloads\games\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\downloads\games\the jackbox party pack 7\the jackbox party pack 7.exe => No File
FirewallRules: [TCP Query User{899CE55C-73F6-4BAF-AF45-6F03181944DA}C:\users\ijhd3\downloads\club bifrost1.12a\bifrost.exe] => (Allow) C:\users\ijhd3\downloads\club bifrost1.12a\bifrost.exe => No File
FirewallRules: [UDP Query User{2B56BFF6-6AE5-4811-9064-BA7393FE137F}C:\users\ijhd3\downloads\club bifrost1.12a\bifrost.exe] => (Allow) C:\users\ijhd3\downloads\club bifrost1.12a\bifrost.exe => No File
FirewallRules: [TCP Query User{C8C82934-5AAC-43DA-99B2-60E8E033345F}C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe () [File not signed]
FirewallRules: [UDP Query User{7C509524-A079-4BB2-B671-F6892FEB6E40}C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe () [File not signed]
FirewallRules: [TCP Query User{ADDE8649-8762-42AB-AFD9-DC847B0F4288}C:\program files\epic games\alienisolation\ai.exe] => (Allow) C:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{5BF786F3-50CD-4743-934A-E8A37F29C5F5}C:\program files\epic games\alienisolation\ai.exe] => (Allow) C:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{F77092BA-DDA7-4334-BF79-9319E2BF3681}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [UDP Query User{DA78E1C7-0E8E-496F-BE4C-10855AA1BC99}C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-alpha\windows-x64\java-runtime-alpha\bin\javaw.exe
FirewallRules: [{34879454-9DF0-4987-9A52-5DA9326BA5C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe () [File not signed]
FirewallRules: [{240D7BFC-5058-443A-A78F-F23F68F00256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe () [File not signed]
FirewallRules: [{3967C00A-6644-456D-AFE8-CBC86DC2605A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 6\The Jackbox Party Pack 6.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{7E55287E-63AB-4F6F-BEF7-8E5ACF85411D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 6\The Jackbox Party Pack 6.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{BC84DBE4-F21B-4F3D-AF62-A80AA9906696}C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe () [File not signed]
FirewallRules: [UDP Query User{90B0E681-0C4D-4749-95A9-A1D2C7CFBBFB}C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe () [File not signed]
FirewallRules: [{7E86D3FE-A5BD-4C44-A3B1-CD8ECB86280B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kyle is Famous Demo\Kyle is Famous\Kyle is Famous.exe => No File
FirewallRules: [{15DCE54A-D37C-427D-BAC2-492B3832CDCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kyle is Famous Demo\Kyle is Famous\Kyle is Famous.exe => No File
FirewallRules: [{F54F08F2-B392-411D-A2CB-18F9883E3EF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kyle is Famous\Kyle is Famous\Kyle is Famous.exe => No File
FirewallRules: [{8A85DFCB-E64F-4283-B844-DFA82ED80FFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kyle is Famous\Kyle is Famous\Kyle is Famous.exe => No File
FirewallRules: [TCP Query User{7383329F-E123-49B9-B890-59770E9212C3}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{110FA06B-3B27-41C1-9945-39D8E9842B14}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{88A96A94-EF43-45FA-A31F-1929949A8CB2}C:\users\ijhd3\appdata\local\tidal\app-2.29.7\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.29.7\tidal.exe => No File
FirewallRules: [UDP Query User{4C4803D5-2F3A-4DA5-AD1C-E4020B57C9D2}C:\users\ijhd3\appdata\local\tidal\app-2.29.7\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.29.7\tidal.exe => No File
FirewallRules: [TCP Query User{20506835-D0DD-4D24-A180-B7E9B9CA45E9}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{205A28E9-E072-4EF3-9B6A-9822CC4AE7A8}C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft launcher\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{4330ED3B-ECCF-4338-94F9-69CFAF9AF6F8}C:\users\ijhd3\onedrive\documents\my games\escape from mu tau phi\escape from mu tau phi.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\escape from mu tau phi\escape from mu tau phi.exe => No File
FirewallRules: [UDP Query User{41E6817A-D33A-4E51-9D91-3A395E63A131}C:\users\ijhd3\onedrive\documents\my games\escape from mu tau phi\escape from mu tau phi.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\escape from mu tau phi\escape from mu tau phi.exe => No File
FirewallRules: [TCP Query User{EC279CF4-EB96-4FCB-8BF8-A17EC416C1FE}C:\users\ijhd3\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [UDP Query User{F0CF086D-ADFA-49ED-B121-368A06A5F06D}C:\users\ijhd3\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [TCP Query User{A300326F-7546-48CF-AAE4-DEAB724FE03F}C:\program files\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe] => (Allow) C:\program files\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{F0E5C1DC-5118-4BFA-BB6F-60BF7EED6DA9}C:\program files\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe] => (Allow) C:\program files\epic games\justdiealready\jdgame\binaries\win64\jdgame-win64-shipping.exe => No File
FirewallRules: [{FB3CEF9A-AF99-4995-A42E-8AE03BCE4193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [File not signed]
FirewallRules: [{AD7B2AE9-5203-46E2-9398-A03DBBC6ACCD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [File not signed]
FirewallRules: [{C85EF428-7AF5-43A7-BA2D-CF42D4AC711B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [File not signed]
FirewallRules: [{8B5C23F3-8E8A-4FDE-8847-19EE5F390462}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [File not signed]
FirewallRules: [TCP Query User{83894444-2E0C-42A3-A636-984CFDBA4DEF}C:\users\ijhd3\appdata\local\tidal\app-2.30.4\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [UDP Query User{37A1EEF4-861A-41E7-95C1-995ED7F70BB0}C:\users\ijhd3\appdata\local\tidal\app-2.30.4\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [TCP Query User{8DD1D1E8-9413-43F3-9849-A1859FADA74E}C:\users\ijhd3\downloads\thief-simulator-repack-games.com\thief simulator v05.11.2021\thief.exe] => (Allow) C:\users\ijhd3\downloads\thief-simulator-repack-games.com\thief simulator v05.11.2021\thief.exe => No File
FirewallRules: [UDP Query User{9F5FA68D-9BB3-496A-8AC5-054FF0F77691}C:\users\ijhd3\downloads\thief-simulator-repack-games.com\thief simulator v05.11.2021\thief.exe] => (Allow) C:\users\ijhd3\downloads\thief-simulator-repack-games.com\thief simulator v05.11.2021\thief.exe => No File
FirewallRules: [TCP Query User{56CA242B-CFC8-4B55-B2A8-598FC85502DB}C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe => No File
FirewallRules: [UDP Query User{10E6419B-AB2D-4DA5-A140-C9A6D64D0F4A}C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe => No File
FirewallRules: [{82454FAC-2829-4348-AF48-FD42C3C69078}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe (Heart Machine LLC) [File not signed]
FirewallRules: [{4146430D-06F9-4A60-A51D-884C91809013}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HyperLightDrifter\HyperLightDrifter.exe (Heart Machine LLC) [File not signed]
FirewallRules: [TCP Query User{7CD53304-CE08-417C-A807-ECFA03861FB4}C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe => No File
FirewallRules: [UDP Query User{B96A6A38-AA0D-409E-B4BA-0F2C0B25C0F0}C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\thief simulator\thief simulator v05.11.2021\thief.exe => No File
FirewallRules: [TCP Query User{5E72750F-2C74-4AAE-A3AF-5CBD0EBFA5A5}C:\program files (x86)\steam\steamapps\common\dragon ball z kakarot demo\at\binaries\win64\at-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon ball z kakarot demo\at\binaries\win64\at-win64-shipping.exe => No File
FirewallRules: [UDP Query User{DBEEE0AB-C463-4812-A2AF-DB7802CC307B}C:\program files (x86)\steam\steamapps\common\dragon ball z kakarot demo\at\binaries\win64\at-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon ball z kakarot demo\at\binaries\win64\at-win64-shipping.exe => No File
FirewallRules: [TCP Query User{D773FAB5-7623-4354-BA2D-695BE52C7918}C:\users\ijhd3\appdata\roaming\energy\energy.exe] => (Block) C:\users\ijhd3\appdata\roaming\energy\energy.exe => No File
FirewallRules: [UDP Query User{4895A14A-6AE7-4DFA-B5D8-F6A8D8CAFC4F}C:\users\ijhd3\appdata\roaming\energy\energy.exe] => (Block) C:\users\ijhd3\appdata\roaming\energy\energy.exe => No File
FirewallRules: [TCP Query User{DA15E568-326E-47E1-8D64-DBE308BFDF0D}C:\users\ijhd3\appdata\local\tidal\app-2.31.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.31.2\tidal.exe => No File
FirewallRules: [UDP Query User{691E2D93-A59F-4352-9E49-668018B17B67}C:\users\ijhd3\appdata\local\tidal\app-2.31.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.31.2\tidal.exe => No File
FirewallRules: [TCP Query User{2D897F00-B664-49B1-82A2-C868DCD6665F}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{125F9230-6CC5-4EB3-9608-983C3BC55C9E}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{0971FF47-3443-4308-8EB4-C3E7739100B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{3EAB5A2D-31BE-4D99-AFBE-BE652E0DDDEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [TCP Query User{9CCCC4E7-0C90-4AFB-866B-C2A81CF976C1}C:\users\ijhd3\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [UDP Query User{FADC7F6F-B4BE-439D-8805-670FA030A253}C:\users\ijhd3\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [TCP Query User{B6BE8B71-1FFC-4C9E-A409-FC68717E73BC}C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [UDP Query User{4682551C-3A4A-49D3-AD0D-BA3F25A69DDD}C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [{B4796956-740F-4BDE-BFEF-08DBE34344CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [{F1F93693-D775-4454-B889-FE1F9DBC2C40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe => No File
FirewallRules: [TCP Query User{9ABF3FA7-9967-49B5-AD22-4E9F8D5D4E10}C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{83B8006C-C241-4D88-A44A-9BA8CD1832CF}C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{D751E1A6-D56C-4B30-9DCF-D0B2EA66BAC8}C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{86505968-9A39-454D-85FB-045726FD2341}C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk-2077-steamrip.com\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{90FEAD86-07D6-4EB4-AB10-9CF1C3A3A549}C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [UDP Query User{B799C24D-71AC-4AB9-9462-9CE763401EC0}C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [TCP Query User{C65E678F-FEC8-41D0-9EFD-0C48F02D547F}C:\users\ijhd3\downloads\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{6ECE0782-2BB6-4762-B85F-5812A7FC6BC6}C:\users\ijhd3\downloads\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{36E25A81-3038-45D3-9A19-E2AAB0725AF1}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{50708AA5-20F9-4BC6-B218-49A3F5C710C8}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C09C81AA-DA03-42FC-8E8F-EF7F73253DB9}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [UDP Query User{4F565E7D-2D87-4F7A-BEB6-5C422205316F}C:\program files\badlion client\badlion client.exe] => (Allow) C:\program files\badlion client\badlion client.exe (Turtle Entertainment Online, Inc. -> Badlion)
FirewallRules: [TCP Query User{462DCEAF-76B0-45AE-9D13-847507DFB840}C:\users\ijhd3\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [UDP Query User{D284C1F0-9964-4340-8A5C-44C0D8CEE261}C:\users\ijhd3\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [TCP Query User{7A995B7B-F241-48B6-9870-34FC17EED47F}C:\users\ijhd3\downloads\sdio_1.12.8.748\sdio_x64_r748.exe] => (Allow) C:\users\ijhd3\downloads\sdio_1.12.8.748\sdio_x64_r748.exe => No File
FirewallRules: [UDP Query User{5C561F71-D3E9-4970-841C-C22B95008151}C:\users\ijhd3\downloads\sdio_1.12.8.748\sdio_x64_r748.exe] => (Allow) C:\users\ijhd3\downloads\sdio_1.12.8.748\sdio_x64_r748.exe => No File
FirewallRules: [TCP Query User{C70A6074-3FBD-4492-9A5F-54102DC6AF5B}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{641274F2-3CA5-4B23-91B5-6E60FB630B57}C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{801DDE7E-0663-4AF0-9DC7-370A8259B2E4}C:\users\ijhd3\appdata\local\kdenlive\bin\kdenlive.exe] => (Allow) C:\users\ijhd3\appdata\local\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [UDP Query User{FA10638D-16F7-420B-82A3-85986237E769}C:\users\ijhd3\appdata\local\kdenlive\bin\kdenlive.exe] => (Allow) C:\users\ijhd3\appdata\local\kdenlive\bin\kdenlive.exe (K Desktop Environment e.V. -> )
FirewallRules: [TCP Query User{47454B76-DC0C-42B9-BFEB-69DB1EE22426}C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{BE1C13D7-E318-4FCF-885A-042DCB368932}C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe] => (Allow) C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-ui.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [TCP Query User{3B9488B7-A6FF-4275-8BFE-9BE4082F25EC}C:\users\ijhd3\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.34.2\tidal.exe => No File
FirewallRules: [UDP Query User{A5696096-80D9-484A-9BEE-E8FFDC7F78F0}C:\users\ijhd3\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.34.2\tidal.exe => No File
FirewallRules: [TCP Query User{19D0B55C-824E-4309-9AB6-6D0739A2366C}C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [UDP Query User{4C4AA29A-D213-46CE-89A3-3AB91EF93633}C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe] => (Allow) C:\users\ijhd3\appdata\local\synologydrive\synologydrive.app\bin\cloud-drive-connect.exe (Synology Inc. -> Synology Inc.)
FirewallRules: [{A1AF046E-E1F1-4643-ADB2-299922DA3F70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [{7A66EA21-B121-44D5-91A9-0728DAAE656E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [TCP Query User{036AA3BB-F7AB-47C1-907D-7FDCADFA51E2}C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe () [File not signed]
FirewallRules: [UDP Query User{665FF2B8-2B83-438D-9751-0F7E3B35ED6E}C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\the jackbox party pack 7\the jackbox party pack 7.exe () [File not signed]
FirewallRules: [{ABBC7E53-806F-4AC1-89A1-97705FFF6CFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anodyne 2\Anodyne2.exe () [File not signed]
FirewallRules: [{42FC3197-D42D-4782-8712-B74569C338C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anodyne 2\Anodyne2.exe () [File not signed]
FirewallRules: [TCP Query User{F0738EE2-35DA-4477-A6DE-ACB3EB46DFBB}C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{E8EFDCC4-473A-4557-8E5C-2FAA55417C8D}C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{6C033346-BAF0-4326-867F-EE3C7231B989}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disc Room\disc room.exe (terri, dose, kitty & jw) [File not signed]
FirewallRules: [{0F6AFAAD-9B1D-4B68-959E-E96A125EA501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Disc Room\disc room.exe (terri, dose, kitty & jw) [File not signed]
FirewallRules: [TCP Query User{F5CFD0F8-1765-4024-9683-8F72E4385A18}C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe () [File not signed]
FirewallRules: [UDP Query User{CBA9490B-7240-43C7-9CDE-9754C45CF080}C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe] => (Allow) C:\program files\epic games\darkestdungeon\_windowsnosteam\darkest.exe () [File not signed]
FirewallRules: [{CDE6066A-60E9-4DBE-BB48-BC64E6796DBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [{38926A71-D3FE-43C7-8989-4C349E24381A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe => No File
FirewallRules: [{3F3F412D-6FD9-42F6-953D-EFE25CE03C1D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6C6F0D87-DE98-495E-962F-559138F3C37E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3F841007-EB40-46AD-B635-6130B8D73A95}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3CCE00F8-E13C-4B92-AA19-271C04D62E53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C3AB824C-78D7-41E2-B6DA-38EB6D4CB08F}C:\program files\epic games\dyinglight\dyinglightgame.exe] => (Allow) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{AF24F8BB-1BAF-47D2-B15C-5D33ACDC5E62}C:\program files\epic games\dyinglight\dyinglightgame.exe] => (Allow) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{EB19E1DD-8927-4FB3-909A-9B8801A81DEE}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (Voicemod Sociedad Limitada -> Voicemod)
FirewallRules: [{A3D1F0E1-B024-48FC-AA7C-B7142E87470A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{AAC85636-FD59-4BF1-A72A-15226877CA85}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{D2B0BB8A-5440-486D-82D1-D7A42FEA59F2}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9557CF44-5192-4211-84D7-67E0A84F1D1F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{AD5069CB-EBE7-4C65-9EAC-FFA5DD250374}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{024BBCE3-3D61-4E52-A824-81AAA24B89B3}C:\program files\epic games\hoodoutlawsandlegends\hood\binaries\win64\hood.exe] => (Allow) C:\program files\epic games\hoodoutlawsandlegends\hood\binaries\win64\hood.exe => No File
FirewallRules: [UDP Query User{99AA041F-B418-47CE-A090-EC71DED9F327}C:\program files\epic games\hoodoutlawsandlegends\hood\binaries\win64\hood.exe] => (Allow) C:\program files\epic games\hoodoutlawsandlegends\hood\binaries\win64\hood.exe => No File
FirewallRules: [{6248A434-C742-45CA-932D-744DC908FE6B}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{B910D04A-C9C6-4A59-8E49-014A40E96F61}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{27614035-DBE5-4354-9297-9CAC801C5D97}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{971A9DC3-1AD2-43D1-B024-20922F2BC3E5}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [{34379775-FD0F-4BEA-97DF-4CB2F2EB4C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{3D31FB9B-BB38-4D2A-BB69-B4A58B3CAFAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{C47B6048-BD71-4385-875A-BBCA877C8C4A}] => (Allow) C:\Users\ijhd3\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{6C9ED40C-5FFE-42C3-B144-B738F9289502}] => (Allow) C:\Users\ijhd3\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [TCP Query User{4EA81718-750F-498B-A984-803377E27FB7}C:\program files (x86)\dodi-repacks\resident evil 4 remake\re4.exe] => (Allow) C:\program files (x86)\dodi-repacks\resident evil 4 remake\re4.exe => No File
FirewallRules: [UDP Query User{5D33E627-CBD5-414D-9A76-EDB74E6EEFE3}C:\program files (x86)\dodi-repacks\resident evil 4 remake\re4.exe] => (Allow) C:\program files (x86)\dodi-repacks\resident evil 4 remake\re4.exe => No File
FirewallRules: [{2BE1CF53-B55D-4971-B118-9DA90D9CFF65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{63FDA11A-A3F8-499E-8C80-0D93F78C5521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [TCP Query User{90FB3043-231C-4263-B3FA-2B8AD9CEAF72}C:\users\ijhd3\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.34.3\tidal.exe => No File
FirewallRules: [UDP Query User{78CCE721-DBE9-4D95-9A8B-D9E87BDFEE68}C:\users\ijhd3\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.34.3\tidal.exe => No File
FirewallRules: [{14593AD1-31F6-4254-92E7-C3B3AEFEEE1F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1CEA3F0-BF3F-4B1B-B7F0-507768CADFE1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{889392EB-11EB-4D0D-897F-234BB53C0BB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7188B066-0DD7-42B2-ACB4-085666A79046}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2791D91B-AF39-4BFC-BEB2-1D92E6C2CACB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\QueensBrothel\windows.exe (Godot Engine) [File not signed]
FirewallRules: [{28642AE7-F207-41D4-B77D-CE2A2D8D0077}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\QueensBrothel\windows.exe (Godot Engine) [File not signed]
FirewallRules: [TCP Query User{99CD2E03-E4EE-4FB3-98AA-E09C377D029F}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{6BA29F62-0A48-41F5-94AC-FE73EF5F85B4}C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{697741E4-6D6B-4F0E-B306-C062611ABA08}] => (Allow) C:\Users\ijhd3\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{B098FDDE-A707-4C52-A1DE-F8087EAC8C0F}] => (Allow) C:\Users\ijhd3\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{AB9B466C-8C41-43B4-AD4F-253F94B8B4C4}C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (repack)\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (repack)\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{D1CA3435-311D-438D-B329-657CF945B75F}C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (repack)\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (repack)\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{92FC7B6D-84ED-4DAC-A224-C35CB9AD9C62}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{403ACDFB-FB96-4FF2-9011-41E49D33B0F8}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{59558EB4-B933-45EE-B2D2-347FC271150F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4706DD00-2DCF-43BA-BC03-6F9065582B31}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{AB7A2A90-77D3-4C9C-A9AE-5CD7D61A9EF7}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C2F22C65-0192-42D6-B3B3-FA6FB9E21BB5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F4F56018-41DC-4959-87DA-7BE4ED49D041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [File not signed]
FirewallRules: [{13F4424F-0E1E-408E-B702-CF81E810608E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [File not signed]
FirewallRules: [TCP Query User{607610C8-27AB-46DE-973F-DFA9A895F04C}C:\users\ijhd3\downloads\cyberpunk 2077 v.2.0 (2020)\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk 2077 v.2.0 (2020)\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{D3BC7FCF-B0A5-43A4-8DFE-69C00261C205}C:\users\ijhd3\downloads\cyberpunk 2077 v.2.0 (2020)\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk 2077 v.2.0 (2020)\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{E3C63A3A-814C-447E-B6B2-C662FCEA6FA4}C:\users\ijhd3\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.34.5\tidal.exe => No File
FirewallRules: [UDP Query User{83FA08CB-B998-442A-8826-36948CE1EAA2}C:\users\ijhd3\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.34.5\tidal.exe => No File
FirewallRules: [TCP Query User{E7B687F7-2C2C-4824-99C0-E3D5D159DB8F}C:\users\ijhd3\downloads\cyberpunk 2077 [steam-rip] by ksenia\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk 2077 [steam-rip] by ksenia\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{6D5AEC60-2738-4663-805E-F13B42F44654}C:\users\ijhd3\downloads\cyberpunk 2077 [steam-rip] by ksenia\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\downloads\cyberpunk 2077 [steam-rip] by ksenia\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{470DEFBD-A9F2-4BE8-BAD9-42960BCE32EF}C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (rip)\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (rip)\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{BD883010-5CAE-4015-AA49-B0F2D1EAB327}C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (rip)\bin\x64\cyberpunk2077.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\cyberpunk 2077 (rip)\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{B3C31A50-7D63-46B5-B55C-4204ADDB5052}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{BD8C3569-6A2E-4424-9323-AA56B7514BAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{80E2B790-B892-4BC9-96FB-C598D7873642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Party\HouseParty.exe () [File not signed]
FirewallRules: [{DBC88093-ED1F-478C-A82B-E6312468AAA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\House Party\HouseParty.exe () [File not signed]
FirewallRules: [TCP Query User{84DF9218-EC5D-4DE0-931D-FFAD3B8E03D7}C:\users\ijhd3\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\ijhd3\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{B0E88A35-F4F0-4EBE-BFED-1442C5CA8C64}C:\users\ijhd3\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\ijhd3\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [{2C80EF6D-4CC0-4A84-A409-7E81F0126DC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4D4E00AA-994B-4286-8B13-8088AA9D53C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0FB3D56C-BA85-472E-8F46-684EAF9DA022}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{74258AC3-8E8A-42BE-8FE5-0E4F24918F18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{F5B5DEB8-F22A-45D4-8ABB-277C86F2263C}C:\users\ijhd3\appdata\local\tidal\app-2.35.0\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.35.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{80CD3A9B-0416-4E5F-BF3F-92097B5D6D35}C:\users\ijhd3\appdata\local\tidal\app-2.35.0\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.35.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [TCP Query User{7762B843-189F-4889-82E2-B90A7B269FDE}C:\users\ijhd3\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{E9CDF25C-4F79-475E-9090-C1ACEF55050B}C:\users\ijhd3\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{ACE8BF9E-49D4-48B1-8F5F-B67F5CB2C07D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krunker\Official Krunker.io Client.exe (FRVR Limited -> FRVR Limited)
FirewallRules: [{AEAC9562-C2DC-4B9E-A469-6CBC9C7BCD88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Krunker\Official Krunker.io Client.exe (FRVR Limited -> FRVR Limited)
FirewallRules: [{68EF2135-ED01-425B-BEA1-77DB536038BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformation Tycoon\Transformation Tycoon.exe () [File not signed]
FirewallRules: [{F5F93D88-2EBC-4497-8D78-F33F157ADE41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transformation Tycoon\Transformation Tycoon.exe () [File not signed]
FirewallRules: [{4340BDF6-1BE5-44F8-9A6F-440F1568767A}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{113C1C72-589D-4464-8623-FAFA200D63A9}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [TCP Query User{B8DD2678-1D43-431D-A0EE-C6DF81FA783A}C:\users\ijhd3\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{5969B6A0-9870-433B-91CB-F0285C51C25A}C:\users\ijhd3\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\ijhd3\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{8CA65341-1759-42DE-80ED-ABAFA0124F17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monopoly Plus\Monopoly.exe (Ubisoft Entertainment -> Asobo Studio)
FirewallRules: [{ED58188E-1D28-46E4-92A5-BE254FFE3C34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monopoly Plus\Monopoly.exe (Ubisoft Entertainment -> Asobo Studio)
FirewallRules: [{7EC13801-FA7D-447C-929A-093A0E1B75BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{F242459E-51BE-41AA-B11C-49A3E122EB17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{2C58962A-5A76-41BA-8BA2-BE1B33609404}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{2FBB6709-54A7-48F0-BDE2-F27503581CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{52BECA57-8155-4FDD-88C9-FA41595A8379}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{38984012-3D96-41A3-9EEC-085E7CAA5945}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [TCP Query User{D6CADA8E-338F-47C6-B475-75837E04856C}C:\program files (x86)\steam\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D6C82E7E-C0D4-4098-9212-9636EF6D516D}C:\program files (x86)\steam\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drugdealersimulator\drugdealersimulator\binaries\win64\drugdealersimulator-win64-shipping.exe => No File
FirewallRules: [TCP Query User{B1BD93F8-FCD6-436B-AE04-4232B9E1F710}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy\final fantasy.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy\final fantasy.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [UDP Query User{0E4BA5E3-5866-4AA2-AFBC-1311480D64E9}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy\final fantasy.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy\final fantasy.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [TCP Query User{4855F922-1E6D-4733-89F8-CBC37083EDD4}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy ii\final fantasy ii.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy ii\final fantasy ii.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [UDP Query User{DD84B1D9-0EFC-4AB0-BEED-837C2BEA6B54}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy ii\final fantasy ii.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy ii\final fantasy ii.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [TCP Query User{0AFA53F5-51ED-4D2D-868C-6EE3B9D85518}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iii\final fantasy iii.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iii\final fantasy iii.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [UDP Query User{CC23F6F8-B659-4C69-AF5D-DFDD418418BC}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iii\final fantasy iii.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iii\final fantasy iii.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [TCP Query User{8BBC16C5-6376-4273-BE1D-3D38FCCA489D}C:\users\ijhd3\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{AF2D20ED-5A52-4753-BB96-A2030EB75B79}C:\users\ijhd3\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\ijhd3\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [TCP Query User{4A9F3A75-8CD7-42A5-8B7A-3F38B9A46A64}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iv\final fantasy iv.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iv\final fantasy iv.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [UDP Query User{DE120704-430E-4F40-BA1B-A1712253A3C2}C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iv\final fantasy iv.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\final fantasy pr collection\final fantasy iv\final fantasy iv.exe (SQUARE ENIX CO., LTD. -> )
FirewallRules: [TCP Query User{DFC4A691-479C-4119-9DC3-F355845BD4D5}C:\users\ijhd3\downloads\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe] => (Allow) C:\users\ijhd3\downloads\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe => No File
FirewallRules: [UDP Query User{B0AF59A9-65B2-496B-8C46-BF0F7A02D7C4}C:\users\ijhd3\downloads\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe] => (Allow) C:\users\ijhd3\downloads\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe => No File
FirewallRules: [TCP Query User{66EC2348-5E7C-4789-A4B0-2CAE2D95B0CD}C:\users\ijhd3\onedrive\documents\my games\inside\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\inside\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe => No File
FirewallRules: [UDP Query User{75E03810-A40A-4245-BD8A-0A6726C686C6}C:\users\ijhd3\onedrive\documents\my games\inside\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\inside\peeping_dorm_manager\peeping dorm manager\peeping dorm manager\peeping dorm manager.exe => No File
FirewallRules: [TCP Query User{24AFFFA6-40BF-4C22-8A35-0FF62C4CB82B}C:\users\ijhd3\onedrive\documents\my games\inside\dorm manager\peeping dorm manager.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\inside\dorm manager\peeping dorm manager.exe => No File
FirewallRules: [UDP Query User{A6B34028-CAC2-425F-8850-352A16565D1F}C:\users\ijhd3\onedrive\documents\my games\inside\dorm manager\peeping dorm manager.exe] => (Allow) C:\users\ijhd3\onedrive\documents\my games\inside\dorm manager\peeping dorm manager.exe => No File
FirewallRules: [{FCE477BA-0857-4BDD-8884-42A6C7BDEE8E}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe => No File
FirewallRules: [{164DC7DF-EC5A-4ED8-90BC-79DE7ACBBBA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\20MinuteTillDawn\MinutesTillDawn.exe () [File not signed]
FirewallRules: [{CA10329E-9D4A-449A-9ED8-228965F23FDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\20MinuteTillDawn\MinutesTillDawn.exe () [File not signed]
FirewallRules: [{D4146551-7CF4-40F6-8203-D68E72F7CFFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{18816DB7-6AD0-4631-9B99-A068FE1F0126}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{16E90DB3-8961-451B-AF39-0D423B39108E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D0D2076D-6CD3-4E91-8213-5EA4FAFE2A50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Exile of Aphrodisia 2023\The Exile of Aphrodisia (2023).exe () [File not signed]
FirewallRules: [{37BC59BA-2BD8-4CF0-80D9-DF244B5AF6B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Exile of Aphrodisia 2023\The Exile of Aphrodisia (2023).exe () [File not signed]
FirewallRules: [{CB525394-490B-4B1F-887D-0B2A0774B3F4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
01-03-2024 14:22:20 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/04/2024 05:08:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x499c
Faulting application start time: 0x01da6e56989bc980
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e6ad4a01-8425-4dba-b17f-d54abb1265ac
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2024 04:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x2e00
Faulting application start time: 0x01da6e54c85a7aca
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: fe40edc8-bf8f-4b16-837b-bc39a47e49dd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2024 04:53:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x1b60
Faulting application start time: 0x01da6e5480444935
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 072333ab-93f6-4395-a02b-a3653bdc0ead
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2024 04:52:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DEMON'S TILT.exe, version: 2019.1.8.14557, time stamp: 0x5d02244b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x0000022eb4b318e0
Faulting process id: 0x4a44
Faulting application start time: 0x01da6e545812ca1c
Faulting application path: C:\Program Files\Epic Games\DEMONSTILT\DEMON'S TILT.exe
Faulting module path: unknown
Report Id: 42307ee3-ae2b-4da9-aad8-123f152f06a2
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2024 04:52:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DEMON'S TILT.exe, version: 2019.1.8.14557, time stamp: 0x5d02244b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000022eb4b318e0
Faulting process id: 0x4a44
Faulting application start time: 0x01da6e545812ca1c
Faulting application path: C:\Program Files\Epic Games\DEMONSTILT\DEMON'S TILT.exe
Faulting module path: unknown
Report Id: e7dfc3b2-870b-478c-a8b9-b32c4a6eafaa
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2024 04:52:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x1b28
Faulting application start time: 0x01da6e5456df7e27
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e0e25d98-003b-40ee-b1dd-3519bbd1b24d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2024 04:08:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x46f0
Faulting application start time: 0x01da6e4e280982d7
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: e29999fe-21e9-495e-81ca-62dc5ce150e0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/04/2024 04:05:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EpicGamesLauncher.exe, version: 16.0.1.0, time stamp: 0x65d39658
Faulting module name: ntdll.dll, version: 10.0.19041.3996, time stamp: 0x39215800
Exception code: 0xc0000005
Fault offset: 0x00000000000634f6
Faulting process id: 0x480c
Faulting application start time: 0x01da6e4dd931862a
Faulting application path: C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6d7f0482-eb5e-44f5-b839-32e1b52e61b7
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/04/2024 03:53:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (03/04/2024 03:53:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
Error: (03/03/2024 11:34:31 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AsusUpdateCheck service did not shut down properly after receiving a preshutdown control.
 
Error: (03/03/2024 11:34:11 PM) (Source: DCOM) (EventID: 10010) (User: ZOE2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (03/03/2024 11:34:11 PM) (Source: DCOM) (EventID: 10010) (User: ZOE2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (03/03/2024 11:34:11 PM) (Source: DCOM) (EventID: 10010) (User: ZOE2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (03/03/2024 11:34:11 PM) (Source: DCOM) (EventID: 10010) (User: ZOE2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (03/03/2024 11:34:11 PM) (Source: DCOM) (EventID: 10010) (User: ZOE2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2024-03-01 13:41:19
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-24 17:32:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-15 11:57:26
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-06 22:18:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-26 15:35:28
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2024-02-10 14:50:46
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-02-06 21:26:33
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-02-06 21:17:49
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-01-07 19:54:26
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2024-01-03 11:53:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.403.1492.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23110.2
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===============
Date: 2024-03-04 18:58:11
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-03-04 17:28:47
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 2901 10/16/2019
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B450-F GAMING
Processor: AMD Ryzen 5 3600 6-Core Processor 
Percentage of memory in use: 41%
Total physical RAM: 16310.71 MB
Available physical RAM: 9505.71 MB
Total Virtual: 21942.71 MB
Available Virtual: 11565.97 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.56 GB) (Free:19.65 GB) (Model: Force MP510) NTFS
 
\\?\Volume{c6e3f4bd-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: C6E3F4BD)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


Edited by hillanddale, Yesterday, 02:09 PM.

BC AdBot (Login to Remove)

 

#2 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 05:06 AM

Hi hillanddale,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

  • Back up any important data, as a precaution, before starting this process.
  • If you are unsure about anything then please ask. This makes the task much easier in the long run.
  • Do not run any other tools or make changes to your system during the removal process.
  • Please do not start a new topic and keep all replies in this thread.
  • Follow the instructions in the sequence advised.
  • Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
  • Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
  • Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
  • Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Please give me some time to examine your logs and I will get back to you as soon as possible.

Dennis


#3 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 07:49 AM

Let's run a clean-up script and see if that resolves then issue.
Firstly here are a few observations for your consideration.
1) The free drive space is getting low, so I suggest you look at removing any unwanted programs and content. The FRST fix will also assist with this.
2) Your version of Java Runtime Environment is out of date and therefore potentially vulnerable. Unless you have a particular need for Java, it may be wise to uninstall via Control Panel>Programs and Features. If you wish keep it, you should update asap via Control Panel>Java>to open the Java Control Panel>Update Tab.
Unless you have a particular need for Java, it may be wise to uninstall via Control Panel>Programs and Features, as it has been prone to many vulnerabilities in the past.
If you wish keep it, you should make sure that it remains updated to the latest version. This normally happens automatically and can also be done manually via Control Panel>Java>to open the Java Control Panel>Update Tab.
3) The fix will make Avast Update Helper visible, which you can uninstall in the normal way, as the main program is no longer installed.
--------------------------------------------------------------------------------------------------------
Could you please run this FRST script next.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code. Also included is a firewall reset, so you may need to re-authorise some genuine connections.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe
2024-03-04 18:07 - 2024-03-04 18:07 - 975209152 _____ (Image-Line) C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe
2024-02-12 15:03 - 2024-02-12 15:03 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2024-02-12 15:01 - 2024-02-16 14:04 - 000000000 ____D C:\ProgramData\Avast Software
2024-02-12 15:01 - 2024-02-16 14:04 - 000000000 ____D C:\Program Files\Avast Software
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1653.5 - AVAST Software) Hidden
2024-02-10 14:56 - 2023-08-30 16:14 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\utorrent
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Chromium Update] => C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [588800 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
Task: {88323F18-5AB3-44EF-81A7-E5910496F646} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001Core => C:\Users\ijhd3\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
Task: {5E31640A-F74D-4F4B-8203-DEC9D9EABFDE} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001UA => C:\Users\ijhd3\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{D8E0CDAD-2FAE-40EB-8433-7F5A79714FB8}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Chromium Update"
C:\Users\ijhd3\AppData\Local\Chromium
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @chupdatechmm.com/Chromium Update;version=3 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2021-01-11] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @chupdatechmm.com/Chromium Update;version=9 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2021-01-11] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark\nplightsparkplugin.dll [No File]
CHR HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jdanfkhnfpagoijgfmklhgakdicpnfil]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9620]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_nptdwxol_21_02_ssg01
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_nptdwxol_21_02_ssg01
HKLM\...\Run: [RTHDVCPL] => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s (No File)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe -startup (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [btweb] => "C:\Users\ijhd3\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [utweb] => "C:\Users\ijhd3\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Chromium] => "c:\users\ijhd3\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (No File)
Task: {937927C0-53B4-4B21-87B5-DE505BAF0158} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe  --type=heartbeat --hourly (No File)
Task: {C74E6A57-1120-4112-BED7-308735106673} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe  --type=heartbeat --logon (No File)
Task: {8CC7576C-5D3D-4CA2-8A5D-BA9D7E440B06} - System32\Tasks\iTop Screen Recorder SkipUAC (Isaac) => "C:\Program Files\iTop Screen Recorder\IScrRec.exe"  /skipuac (No File)
Task: {45806556-9251-4431-B3A3-09AD09C4A746} - System32\Tasks\iTop Screen Recorder Startup => "C:\Program Files\iTop Screen Recorder\IScrRec.exe"  /autorun (No File)
Task: {3806BD37-C94D-447E-B8E9-3935922C1F29} - System32\Tasks\iTop Screen Recorder UAC => "C:\Program Files\iTop Screen Recorder\iScrInit.exe"  /UAC (No File)
Task: {58C5BD15-4022-49DE-84BF-98200283B539} - System32\Tasks\iTop Screen Recorder Update => "C:\Program Files\iTop Screen Recorder\AutoUpdate.exe"  /auto (No File)
Task: {2A293E34-4FAA-42BD-AEFD-8B0A7B29ECC9} - System32\Tasks\iTopVPN_Scheduler_Isaac => "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"  /autostart (No File)
Task: {2C7E998E-2BD1-4AB6-92A4-915405D63CCE} - System32\Tasks\iTopVPN_SkipUAC_Isaac => "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"  /SkipUac (No File)
Task: {C9F13D6E-E389-40F4-A9DD-3FC86B9C6316} - System32\Tasks\iTopVPN_Update_Isaac => "C:\Program Files (x86)\iTop VPN\atud.exe"  /auto (No File)
Task: {5A8F6B5E-8593-4A6A-8EDE-2028CB47BCEA} - System32\Tasks\Start Corsair Link => "C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe"  (No File)
Task: {52BACCAF-06EB-4335-81E5-31E268425E28} - System32\Tasks\AvastBrowserProtectS-1-5-21-1761784628-959279815-2364782326-1001 => C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtect.exe  --runonce (No File) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBthAudioHF; \SystemRoot\System32\drivers\CsrBthAudioHF.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrhfgcc; \SystemRoot\System32\drivers\csrhfgcc.sys [X]
S3 csrpan; \SystemRoot\System32\drivers\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\ijhd3\AppData\Local\Temp\tmp599F.tmp [X] <==== ATTENTION
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
Emptytemp:
End::
  • Click on the Fix button just once and wait.
  • If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now.


#4 hillanddale

hillanddale
  • Topic Starter

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:03:58 AM

Posted Today, 08:02 AM

Hi dennis_l,

 

Thanks for the quick reply! Here are the contents of fixlog.txt.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05.03.2024
Ran by Isaac (05-03-2024 12:54:55) Run:1
Running from C:\Users\ijhd3\Downloads
Loaded Profiles: Isaac & Administrator
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe
2024-03-04 18:07 - 2024-03-04 18:07 - 975209152 _____ (Image-Line) C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe
2024-02-12 15:03 - 2024-02-12 15:03 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2024-02-12 15:01 - 2024-02-16 14:04 - 000000000 ____D C:\ProgramData\Avast Software
2024-02-12 15:01 - 2024-02-16 14:04 - 000000000 ____D C:\Program Files\Avast Software
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1653.5 - AVAST Software) Hidden
2024-02-10 14:56 - 2023-08-30 16:14 - 000000000 ____D C:\Users\ijhd3\AppData\Roaming\utorrent
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Chromium Update] => C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [588800 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
Task: {88323F18-5AB3-44EF-81A7-E5910496F646} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001Core => C:\Users\ijhd3\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
Task: {5E31640A-F74D-4F4B-8203-DEC9D9EABFDE} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001UA => C:\Users\ijhd3\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2021-01-11] (Chromium.) [File not signed] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{D8E0CDAD-2FAE-40EB-8433-7F5A79714FB8}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B}\InprocServer32 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\StartupApproved\Run: => "Chromium Update"
C:\Users\ijhd3\AppData\Local\Chromium
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @chupdatechmm.com/Chromium Update;version=3 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2021-01-11] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @chupdatechmm.com/Chromium Update;version=9 -> C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2021-01-11] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-1761784628-959279815-2364782326-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark\nplightsparkplugin.dll [No File]
CHR HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jdanfkhnfpagoijgfmklhgakdicpnfil]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [9620]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_nptdwxol_21_02_ssg01
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_nptdwxol_21_02_ssg01
HKLM\...\Run: [RTHDVCPL] => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s (No File)
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe -startup (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [btweb] => "C:\Users\ijhd3\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [utweb] => "C:\Users\ijhd3\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\...\Run: [Chromium] => "c:\users\ijhd3\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (No File)
Task: {937927C0-53B4-4B21-87B5-DE505BAF0158} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe  --type=heartbeat --hourly (No File)
Task: {C74E6A57-1120-4112-BED7-308735106673} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe  --type=heartbeat --logon (No File)
Task: {8CC7576C-5D3D-4CA2-8A5D-BA9D7E440B06} - System32\Tasks\iTop Screen Recorder SkipUAC (Isaac) => "C:\Program Files\iTop Screen Recorder\IScrRec.exe"  /skipuac (No File)
Task: {45806556-9251-4431-B3A3-09AD09C4A746} - System32\Tasks\iTop Screen Recorder Startup => "C:\Program Files\iTop Screen Recorder\IScrRec.exe"  /autorun (No File)
Task: {3806BD37-C94D-447E-B8E9-3935922C1F29} - System32\Tasks\iTop Screen Recorder UAC => "C:\Program Files\iTop Screen Recorder\iScrInit.exe"  /UAC (No File)
Task: {58C5BD15-4022-49DE-84BF-98200283B539} - System32\Tasks\iTop Screen Recorder Update => "C:\Program Files\iTop Screen Recorder\AutoUpdate.exe"  /auto (No File)
Task: {2A293E34-4FAA-42BD-AEFD-8B0A7B29ECC9} - System32\Tasks\iTopVPN_Scheduler_Isaac => "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"  /autostart (No File)
Task: {2C7E998E-2BD1-4AB6-92A4-915405D63CCE} - System32\Tasks\iTopVPN_SkipUAC_Isaac => "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"  /SkipUac (No File)
Task: {C9F13D6E-E389-40F4-A9DD-3FC86B9C6316} - System32\Tasks\iTopVPN_Update_Isaac => "C:\Program Files (x86)\iTop VPN\atud.exe"  /auto (No File)
Task: {5A8F6B5E-8593-4A6A-8EDE-2028CB47BCEA} - System32\Tasks\Start Corsair Link => "C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK.exe"  (No File)
Task: {52BACCAF-06EB-4335-81E5-31E268425E28} - System32\Tasks\AvastBrowserProtectS-1-5-21-1761784628-959279815-2364782326-1001 => C:\Program Files\AVAST Software\Browser\Application\AvastBrowserProtect.exe  --runonce (No File) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
S3 csravrcp; \SystemRoot\System32\drivers\csravrcp.sys [X]
S3 CsrBthAudioHF; \SystemRoot\System32\drivers\CsrBthAudioHF.sys [X]
S3 CsrBtPort; \SystemRoot\system32\DRIVERS\CsrBtPort.sys [X]
S3 csrhfgcc; \SystemRoot\System32\drivers\csrhfgcc.sys [X]
S3 csrpan; \SystemRoot\System32\drivers\csrpan.sys [X]
S3 csrserial; \SystemRoot\system32\DRIVERS\csrserial.sys [X]
S3 csr_bthav; \SystemRoot\system32\drivers\csrbthav.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\ijhd3\AppData\Local\Temp\tmp599F.tmp [X] <==== ATTENTION
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
Emptytemp:
End::
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe ========================
 
C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe
File is digitally signed
MD5: 5F27A26F38AEC4A4ADB2F2281D28C366
Creation and modification date: 2024-03-04 18:07 - 2024-03-04 18:07
Size: 975209152
Attributes: ----A
Company Name: Image Line -> Image-Line
Internal Name: FL Studio
Original Name: 
Product: FL Studio
Description: 
File Version: 1
Product Version: 21
Copyright: Image-Line
Jotti: Error:(3)422
 
====== End of File: ======
 
C:\Users\ijhd3\Downloads\flstudio_win64_21.2.3.4004.exe => moved successfully
 
"C:\Program Files (x86)\AVAST Software" folder move:
 
C:\Program Files (x86)\AVAST Software => moved successfully
 
"C:\ProgramData\Avast Software" folder move:
 
C:\ProgramData\Avast Software => moved successfully
 
"C:\Program Files\Avast Software" folder move:
 
C:\Program Files\Avast Software => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}\\SystemComponent" => removed successfully
 
"C:\Users\ijhd3\AppData\Roaming\utorrent" folder move:
 
C:\Users\ijhd3\AppData\Roaming\utorrent => moved successfully
 
"C:\WINDOWS\system32\GroupPolicy\Machine" folder move:
 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88323F18-5AB3-44EF-81A7-E5910496F646}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88323F18-5AB3-44EF-81A7-E5910496F646}" => removed successfully
C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E31640A-F74D-4F4B-8203-DEC9D9EABFDE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E31640A-F74D-4F4B-8203-DEC9D9EABFDE}" => removed successfully
C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskUserS-1-5-21-1761784628-959279815-2364782326-1001UA" => removed successfully
HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{D8E0CDAD-2FAE-40EB-8433-7F5A79714FB8} => removed successfully
HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B} => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium Update" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium Update" => not found
 
"C:\Users\ijhd3\AppData\Local\Chromium" folder move:
 
C:\Users\ijhd3\AppData\Local\Chromium => moved successfully
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\MozillaPlugins\@chupdatechmm.com/Chromium Update;version=3 => removed successfully
"C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll" => not found
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\MozillaPlugins\@chupdatechmm.com/Chromium Update;version=9 => removed successfully
"C:\Users\ijhd3\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll" => not found
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1 => removed successfully
"C:\Program Files (x86)\Lightspark\nplightsparkplugin.dll" => not found
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Google\Chrome\Extensions\jdanfkhnfpagoijgfmklhgakdicpnfil => removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDVCPL" => removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive" => removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CorsairLink4" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Windows\CurrentVersion\Run\\btweb" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Windows\CurrentVersion\Run\\utweb" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{937927C0-53B4-4B21-87B5-DE505BAF0158}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{937927C0-53B4-4B21-87B5-DE505BAF0158}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Hourly)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C74E6A57-1120-4112-BED7-308735106673}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C74E6A57-1120-4112-BED7-308735106673}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Secure Browser Heartbeat Task (Logon)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CC7576C-5D3D-4CA2-8A5D-BA9D7E440B06}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CC7576C-5D3D-4CA2-8A5D-BA9D7E440B06}" => removed successfully
C:\WINDOWS\System32\Tasks\iTop Screen Recorder SkipUAC (Isaac) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop Screen Recorder SkipUAC (Isaac)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{45806556-9251-4431-B3A3-09AD09C4A746}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45806556-9251-4431-B3A3-09AD09C4A746}" => removed successfully
C:\WINDOWS\System32\Tasks\iTop Screen Recorder Startup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop Screen Recorder Startup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3806BD37-C94D-447E-B8E9-3935922C1F29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3806BD37-C94D-447E-B8E9-3935922C1F29}" => removed successfully
C:\WINDOWS\System32\Tasks\iTop Screen Recorder UAC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop Screen Recorder UAC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58C5BD15-4022-49DE-84BF-98200283B539}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58C5BD15-4022-49DE-84BF-98200283B539}" => removed successfully
C:\WINDOWS\System32\Tasks\iTop Screen Recorder Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop Screen Recorder Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A293E34-4FAA-42BD-AEFD-8B0A7B29ECC9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A293E34-4FAA-42BD-AEFD-8B0A7B29ECC9}" => removed successfully
C:\WINDOWS\System32\Tasks\iTopVPN_Scheduler_Isaac => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTopVPN_Scheduler_Isaac" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C7E998E-2BD1-4AB6-92A4-915405D63CCE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C7E998E-2BD1-4AB6-92A4-915405D63CCE}" => removed successfully
C:\WINDOWS\System32\Tasks\iTopVPN_SkipUAC_Isaac => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTopVPN_SkipUAC_Isaac" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9F13D6E-E389-40F4-A9DD-3FC86B9C6316}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9F13D6E-E389-40F4-A9DD-3FC86B9C6316}" => removed successfully
C:\WINDOWS\System32\Tasks\iTopVPN_Update_Isaac => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTopVPN_Update_Isaac" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A8F6B5E-8593-4A6A-8EDE-2028CB47BCEA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A8F6B5E-8593-4A6A-8EDE-2028CB47BCEA}" => removed successfully
C:\WINDOWS\System32\Tasks\Start Corsair Link => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Corsair Link" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52BACCAF-06EB-4335-81E5-31E268425E28}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52BACCAF-06EB-4335-81E5-31E268425E28}" => removed successfully
C:\WINDOWS\System32\Tasks\AvastBrowserProtectS-1-5-21-1761784628-959279815-2364782326-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvastBrowserProtectS-1-5-21-1761784628-959279815-2364782326-1001" => removed successfully
HKU\S-1-5-21-1761784628-959279815-2364782326-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz149 => removed successfully
cpuz149 => service removed successfully
HKLM\System\CurrentControlSet\Services\csravrcp => removed successfully
csravrcp => service removed successfully
HKLM\System\CurrentControlSet\Services\CsrBthAudioHF => removed successfully
CsrBthAudioHF => service removed successfully
HKLM\System\CurrentControlSet\Services\CsrBtPort => removed successfully
CsrBtPort => service removed successfully
HKLM\System\CurrentControlSet\Services\csrhfgcc => removed successfully
csrhfgcc => service removed successfully
HKLM\System\CurrentControlSet\Services\csrpan => removed successfully
csrpan => service removed successfully
HKLM\System\CurrentControlSet\Services\csrserial => removed successfully
csrserial => service removed successfully
HKLM\System\CurrentControlSet\Services\csr_bthav => removed successfully
csr_bthav => service removed successfully
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully
WinRing0_1_2_0 => service removed successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1761784628-959279815-2364782326-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 291700342 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 899205618 B
Windows/system/drivers => 12491469 B
Edge => 0 B
Chrome => 102302975 B
Firefox => 8569722 B
Opera => 31456244 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 325820 B
NetworkService => 1370222 B
ijhd3 => 203251977 B
Administrator => 203420517 B
 
RecycleBin => 3506405894 B
EmptyTemp: => 4.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:55:53 ====
 
My computer is running like normal and the .exe file seems to have been successfully removed.

#5 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 08:24 AM

That's good news.

Let's now run a full scan with ESET Online Scanner., as an extra check.

  • Download ESET Online Scanner from here and save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Select your desired language from the drop-down menu and click Get started.
  • Click Yes if a User Account window appears.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • Please note that this process can take several hours to complete.
  • At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
  • On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
  • You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
  • On the next screen, you can leave feedback about the program if you wish.
  • There is an option to delete the application's data on closing, but we can but we can do this later.
  • If you left feedback, click Submit and Close. If not, click Close.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.

 


#6 hillanddale

hillanddale
  • Topic Starter

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:03:58 AM

Posted Today, 10:45 AM

The scan is finished, here are the results.

 

05/03/2024 15:43:22
Files scanned: 913583
Detected files: 4
Cleaned files: 4
Total scan time 01:48:05
Scan status: Finished
C:\FRST\Quarantine\C\Program Files\Avast Software\Browser\AvastBrowserUninstall.exe a variant of Win32/Avast.AVGSecureBrowser.A potentially unwanted application,a variant of Win32/CCleaner.A potentially unsafe application cleaned by deleting
 
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys Win64/Corsair.E potentially unsafe application cleaned by deleting (after the next restart)
 
C:\Users\ijhd3\AppData\Local\Temp\nod26EA.tmp Win64/Corsair.E potentially unsafe application cleaned by deleting (after the next restart)
 
Autostart locations Win64/Corsair.E potentially unsafe application contained infected files

#7 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 10:55 AM

Ok good.
Please now run a scan with AdwCleaner, which is much quicker than ESET.

Please download AdwCleaner.

  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan Now
  • When the scan has finished AdwCleaner shows you all detected PUPs and adware.
  • If any are found, select them and click Quarantine. (I would suggest that you do not select Pre-installed applications for now, or any other items you wish to keep.)
  • AdwCleaner prompts you to save and close your work before continuing. Click Continue.
  • After cleaning, you are prompted to restart your device. Click Restart now to complete the cleanup process.

Once your computer has restarted ...

  •     If it doesn't open automatically, please start AdwCleaner.
  •     Click on View Log File button (This log can also be found in the Log Files tab).
  •     A Notepad file will open containing the results.
  •     Click Skip Basic Repair (if the option appears)
  •     Please post the contents of the file in your next reply.

#8 hillanddale

hillanddale
  • Topic Starter

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:03:58 AM

Posted Today, 11:02 AM

There are two notepad files, one for Scan and one for Clean. I'm assuming you're talking about the Clean one, so here it is, but if you meant the Scan one I can post that one as well.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    03-05-2024
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.4046)
# Cleaned:  30
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
Deleted       C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted       C:\ProgramData\BSD\DriverHive
Deleted       C:\ProgramData\IObit\Advanced SystemCare
Deleted       C:\Users\ijhd3\AppData\LocalLow\IObit\Advanced SystemCare
Deleted       C:\Users\ijhd3\AppData\Roaming\IObit\Advanced SystemCare
 
***** [ Files ] *****
 
Deleted       C:\Users\ijhd3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Classes\Chromium.OneClickCtrl.9
Deleted       HKCU\Software\Classes\Chromium.OneClickProcessLauncherUser
Deleted       HKCU\Software\Classes\Chromium.OneClickProcessLauncherUser.1.0
Deleted       HKCU\Software\Classes\Chromium.Update3WebControl.3
Deleted       HKCU\Software\Classes\ChromiumUpdate.CredentialDialogUser
Deleted       HKCU\Software\Classes\ChromiumUpdate.CredentialDialogUser.1.0
Deleted       HKCU\Software\Classes\ChromiumUpdate.OnDemandCOMClassUser
Deleted       HKCU\Software\Classes\ChromiumUpdate.OnDemandCOMClassUser.1.0
Deleted       HKCU\Software\Classes\ChromiumUpdate.Update3COMClassUser
Deleted       HKCU\Software\Classes\ChromiumUpdate.Update3COMClassUser.1.0
Deleted       HKCU\Software\Classes\ChromiumUpdate.Update3WebUser
Deleted       HKCU\Software\Classes\ChromiumUpdate.Update3WebUser.1.0
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{419E90E1-1BDB-4D2A-9D36-2DFD56D564F4}
Deleted       HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|energy
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted       HKLM\Software\Wow6432Node\BSD
Deleted       HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted       HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted       HKLM\Software\Wow6432Node\IObit\RealTimeProtector
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [4319 octets] - [05/03/2024 15:56:39]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

#9 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 11:39 AM

Yes that was the right one.
As there were some more detections let's carry on with another scan.
We will remove all of these tools when we are finished.
I'd now like you to run a scan with Emsisoft Emergency Kit..

  • Download and save the installation file from here:
  • Emsisoft
  • Double-click on the Emsisoft Emergency Kit setup file to start the installation process and then click on the Install button.
  • You may be presented with a User Account Control warning, asking you if you want to run this file. Click Yes to continue.
  • The downloaded package unpacks to “C:\EEK” by default and this folder now opens on your screen.
  • To start Emsisoft, double-click on the Start Emergency Kit Scanner icon in this folder.
  • You may get another User Account Control warning. Click Yes to continue.
  • Accept the Licence Agreement.
  • When you launch the program for the first time, Emsisoft Emergency Kit will automatically download updates. The Scan tab changes from orange to green when the update process is completed.
  • Leave the settings unchanged, which include detection of Potentially Unwanted Programs.
  • Now click on Malware Scan in the Scan button.
  • When the Emsisoft scan has finished, you will see a screen reporting details of any malicious files found on your computer.(Close the pop up inviting installation of Emsisoft protection)
  • Click Quarantine selected objects. (Note, this option is only shown if malicious objects were detected during the scan)
  • You may be asked to restart your computer.
  • When the threats have been quarantined, click the View Report button in the lower-right corner and the scan log will open in Notepad. The logs can also be accessed in the left hand menu bar.
  • Please save this log on your desktop and post the contents into your next reply.
  • When you close Emsisoft Emergency Kit it asks if you wish to sign up for a newsletter. This is optional, and does not affect the malware removal process.

 


#10 hillanddale

hillanddale
  • Topic Starter

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:03:58 AM

Posted Today, 12:08 PM

Emsisoft didn't find anything. I'll attach the log anyway in case there's anything useful in there.

 

Emsisoft Emergency Kit - Version 2023.10
Last update: 05/03/2024 17:02:48
My own ZOE2\Isaac
 ZOE2
 Windows 10x64 
 
Scan settings:
 
Scan type: Malware Scan
Objects: Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
Scan mail archives: Off
ADS Scan: On
 
Scan start: 05/03/2024 17:02:55
 
Scanned 91942
Found 0
Scanning memory... 
Scanning traces... 
Scanning files... 
 
Scan end: 05/03/2024 17:05:37
Scan time: 0:02:42

#11 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 12:39 PM

That's what I was hoping to see.
I believe that we are nearly all set now.
Please advise if you have any further questions, before I post some tool/log clean up instructions and information for your future reference.


#12 hillanddale

hillanddale
  • Topic Starter

  • Avatar image
  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:03:58 AM

Posted Today, 12:41 PM

No further questions from me. Thanks very much for your help. :)

#13 dennis_l

dennis_l

  • Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 12:49 PM

You are most welcome.
This tool will remove the software we used.
KpRm by Kernel-panik

  •     Download KpRm and save it to your Desktop
  •     Right click on the icon and select Run as administrator.
  •     Click Yes on the Disclaimer.
  •     Place a check mark in Delete Tools and Create Restore Point.
  •     Under Delete Quarantine, check Delete in 7 days.
  •     Click Run.
  •     Click OK in the All operations are completed box.
  •     It will create and open a log report.
  •     KpRm will delete itself from you Desktop and you can either save or remove the report that was generated.

These articles offer good advice and information for the future.
Keep your computer secure at home
How your system gets infected.
Ransomware advice.
Choosing Secure Passwords.
Thank you for contacting us at Bleeping Computer.

Dennis


Back to Virus, Trojan, Spyware, and Malware Removal Help


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·