Podezření na keyloggera
Napsal: 30 črc 2022 13:50
Zdravím,
prosím o kontrolu. Tento měsíc jsem opakovaně zachytil pokusy o přihlášení na 2 moje maily a pak steam apod.
Na jeden mail se zřejmě podařilo. Jelikož jsem tam včera našel cizí aktivitu.
Navíc přišel klasický výhružný mail ať pošlu prachy, jinak... (no znáte to). V každém případě tam bylo uvedený mail i heslo správně.
Takže jsem si hesla rychle změnil a teď bych to potřeboval nějak vyřešit.
Výpis z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2022
Ran by Mermeoth (administrator) on DESKTOP-VGTMQ82 (MSI MS-7970) (30-07-2022 14:32:01)
Running from C:\Users\Mermeoth\Desktop
Loaded Profiles: Mermeoth
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\89.0.4447.64\opera_crashreporter.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(E:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\steam.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\opera.exe <28>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_7ed3bacbb0a8cc67\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-03-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [1068624 2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Opera GX Browser Assistant] => C:\Program Files\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [EpicGamesLauncher] => E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32706000 2022-07-21] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\Run: [OneDrive] => C:\Users\Evička\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1584488 2020-01-12] (Microsoft Corporation) [File not signed]
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --enable-audio-service-sandbox --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switc (the data entry has 60 more characters). [2673480 2022-07-18] (Google LLC -> Google LLC)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\...\AppCompatFlags\Custom\MFatigue.exe: [{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb] -> Metal Fatigue Compatibility Database (Saleck)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb [2020-08-31]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-09-27]
ShortcutTarget: Twitch.lnk -> E:\Program Files\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04B1BEE5-0CE8-4576-B9A7-5DE57C59BD8D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {05650F80-4CD1-4101-B134-B568B02932BA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {10C1F606-CC81-406F-948F-413365EDBB01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {281800E8-303D-4815-ACBB-150252D6C2F6} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1636403563 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera GX\assistant" $(Arg0)
Task: {41F3E518-5C7E-48FA-9661-76288E42CBCD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {45872910-FA5F-45CA-ABD4-C5D13206193B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6DD58D-1AB1-49EA-B0A1-826CC3B5B78A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {650BBEEC-88D8-45AA-B7D2-61332656E0F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {67F63918-ACEC-4B18-88F4-80D7838B17D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {85042E61-0EF8-4E73-A78C-7D4CBDC9BCEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A74BC68D-3DBD-4B0F-99FB-C80E83EAE195} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B039A956-6B8E-4425-AD33-A75BF414AE1D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C11BDAC2-30DC-4966-8A61-028791620F6B} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {C842A0DC-C010-4321-8E47-5CEE049A4A8F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F2EC6625-D90F-4769-8AB8-6AE40AA06EA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F2F757DB-092B-46D7-AD21-36C7DB9806DC} - System32\Tasks\Opera GX scheduled Autoupdate 1635276729 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software)
Task: {FDA5D773-B8A4-42E8-AF21-75E76FE0D73B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{b2101a9a-91d0-4cd8-b3ca-978816e8a935}: [DhcpNameServer] 62.129.50.20 85.135.32.100
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Mermeoth\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-27]
FireFox:
========
FF DefaultProfile: a44ojqp7.default
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\a44ojqp7.default [2019-09-19]
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release [2022-07-27]
FF Extension: (AdBlocker Ultimate) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2022-05-25]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-07]
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default [2022-07-28]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.idnes.cz
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... oogle.com/"
CHR Extension: (Dark Mode) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2022-06-23]
CHR Extension: (React Developer Tools) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2022-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
Opera:
=======
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2020-02-06] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-03-04] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-06-09] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 MBAMService; E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
R3 ProtonVPN Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [102648 2021-01-29] (Proton Technologies AG -> )
R3 ProtonVPN Update Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [62712 2021-01-29] (Proton Technologies AG -> )
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300600 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; E:\Games\Launcher\RockstarService.exe [2559896 2022-03-15] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534440 2022-04-28] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_skl.inf_amd64_2a35efc43f1a612e\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_skl.inf_amd64_363c7132639e12a6\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_skl.inf_amd64_a59239db7de9954f\iaLPSS2_UART2_ICL.sys [312600 2020-04-28] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsldcff2823; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC2A418F-FEA8-4B4D-A0DB-474EAAB48E12}\MpKslDrv.sys [141576 2022-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNCallout; E:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2021-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\WINDOWS\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-30 14:32 - 2022-07-30 14:32 - 000022921 _____ C:\Users\Mermeoth\Desktop\FRST.txt
2022-07-30 14:26 - 2022-07-30 14:32 - 000000000 ____D C:\FRST
2022-07-30 14:26 - 2022-07-30 14:26 - 002369536 _____ (Farbar) C:\Users\Mermeoth\Desktop\FRST64.exe
2022-07-30 14:08 - 2022-07-30 14:09 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Tiger
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\INTL
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\ProgramData\INTL
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2022-07-30 12:54 - 2022-06-24 02:17 - 000172304 _____ (Razer Inc) C:\WINDOWS\system32\RazerS2S3CoinstallerEx.dll
2022-07-27 12:44 - 2022-07-27 14:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-22 21:54 - 2022-07-22 21:53 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-07-21 17:45 - 2022-07-21 17:45 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Tlön Industries
2022-07-14 20:50 - 2022-07-14 20:50 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-14 20:44 - 2022-07-14 20:44 - 000000000 ___HD C:\$WinREAgent
2022-07-14 14:02 - 2022-07-14 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-07-14 14:02 - 2022-07-14 14:04 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Wondershare
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\MobileBackupForeverIni
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\.android
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\ProgramData\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\Wondershare
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-30 14:25 - 2021-03-10 11:11 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\EasyAntiCheat
2022-07-30 14:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-30 14:08 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-30 14:08 - 2019-09-20 20:40 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\D3DSCache
2022-07-30 14:06 - 2020-09-17 06:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-30 14:05 - 2019-09-19 08:51 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-30 12:26 - 2019-09-19 09:01 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Mozilla
2022-07-30 08:02 - 2019-09-19 16:46 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-30 06:47 - 2020-06-09 09:10 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-30 06:33 - 2019-09-19 09:39 - 000009863 _____ C:\Users\Mermeoth\Desktop\Games.txt
2022-07-29 00:44 - 2021-10-26 21:32 - 000000000 ____D C:\Program Files\Opera GX
2022-07-28 13:47 - 2021-12-13 08:27 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 06:46 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 00:27 - 000002392 _____ C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-28 13:45 - 2021-10-26 21:32 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1635276729
2022-07-28 13:45 - 2021-10-26 21:32 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk
2022-07-27 14:26 - 2022-02-09 11:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-27 14:25 - 2021-10-11 07:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-27 14:25 - 2019-09-19 09:01 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-27 14:25 - 2019-09-19 09:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-22 21:54 - 2022-04-14 11:12 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-22 21:54 - 2022-03-14 11:12 - 000000991 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-22 21:54 - 2021-06-22 20:00 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-22 21:54 - 2021-03-25 08:18 - 000000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-22 21:54 - 2021-03-25 08:17 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-07-22 21:53 - 2021-03-25 08:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-22 19:56 - 2019-09-19 08:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-22 19:56 - 2019-09-19 08:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-21 07:38 - 2020-09-17 06:46 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-21 07:38 - 2020-09-17 06:46 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 15:10 - 2019-08-26 11:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-16 11:07 - 2020-09-17 06:51 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-16 11:07 - 2020-09-17 00:15 - 000716754 _____ C:\WINDOWS\system32\perfh005.dat
2022-07-16 11:07 - 2020-09-17 00:15 - 000144952 _____ C:\WINDOWS\system32\perfc005.dat
2022-07-16 11:02 - 2021-05-16 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-07-16 11:00 - 2020-09-17 06:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-16 11:00 - 2020-09-17 06:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-16 07:23 - 2020-09-17 06:41 - 000437144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-16 07:23 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-16 07:22 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-15 05:27 - 2021-03-26 16:44 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\CrashDumps
2022-07-14 20:52 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-14 20:50 - 2020-09-17 06:46 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-14 20:44 - 2019-09-23 00:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-14 20:43 - 2019-09-23 00:19 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-14 14:02 - 2020-09-17 00:27 - 000000000 ____D C:\Users\Mermeoth
2022-07-11 09:59 - 2020-10-10 21:01 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\paradox-launcher-v2
==================== Files in the root of some directories ========
2021-12-16 15:27 - 2021-12-16 15:27 - 000000839 _____ () C:\Users\Mermeoth\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2022
Ran by Mermeoth (30-07-2022 14:33:08)
Running from C:\Users\Mermeoth\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) (2020-09-17 04:46:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1578781637-3808001763-1541333437-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1578781637-3808001763-1541333437-503 - Limited - Disabled)
Evička (S-1-5-21-1578781637-3808001763-1541333437-1003 - Limited - Enabled) => C:\Users\Evička
Guest (S-1-5-21-1578781637-3808001763-1541333437-501 - Limited - Disabled)
Mermeoth (S-1-5-21-1578781637-3808001763-1541333437-1002 - Administrator - Enabled) => C:\Users\Mermeoth
WDAGUtilityAccount (S-1-5-21-1578781637-3808001763-1541333437-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Reader 9.1 - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Age of Empires II Definitive Edition Dawn of the Dukes (HKLM-x32\...\Age of Empires II Definitive Edition Dawn of the Dukes_is1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.77.1092 - AB Team, d.o.o.)
Crusader Kings II Holy Fury (HKLM-x32\...\Crusader Kings II Holy Fury_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Eraser 6.2.0.2989 (HKLM\...\{A8F9BDFF-27EA-478D-BC23-9F518B33E5E9}) (Version: 6.2.2989 - The Eraser Project)
Europa Universalis IV Leviathan (HKLM-x32\...\Europa Universalis IV Leviathan_is1) (Version: - )
Gaming Mouse Driver v1.0.8 (HKLM-x32\...\{AB928D70-A6F6-4C35-860E-170B1FE43C45}_is1) (Version: - )
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
Hearts of Iron IV Man the Guns (HKLM-x32\...\Hearts of Iron IV Man the Guns_is1) (Version: - )
Hearts of Iron IV No Step Back (HKLM-x32\...\Hearts of Iron IV No Step Back_is1) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Irony Mod Manager v1.20.44 (HKLM-x32\...\{8AAA7D9F-2192-4A6B-AAEE-EBB2A355EF75}_is1) (Version: 1.20.44+20367d6ace - Mario)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KMPlayer (HKLM\...\The KMPlayer) (Version: 4.2.2.34 - PandoraTV)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Metal Fatigue Compatibility Database (Saleck) (HKLM\...\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30037 (HKLM-x32\...\{dfea0fad-88b2-4a1f-8536-3f8f9391f4ef}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30037 (HKLM\...\{529D20E8-132A-4F1A-A25F-9211B8C943AC}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30037 (HKLM\...\{C874FB5A-1C85-460A-A4A9-CBCC3FAE7880}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30037 (HKLM-x32\...\{01FAEC41-B3BC-44F4-B185-5E8475AEB855}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30037 (HKLM-x32\...\{7D75664A-6C04-424C-82A1-EE88913E5F16}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 103.0 (x64 cs)) (Version: 103.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.6 - Notepad++ Team)
NVIDIA Graphics Driver 457.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.51 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera GX Stable 89.0.4447.64 (HKLM-x32\...\Opera GX 89.0.4447.64) (Version: 89.0.4447.64 - Opera Software)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
ProtonVPN (HKLM-x32\...\{FFAFEA09-E7DA-4710-A278-7F0506C96829}) (Version: 1.18.5 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.18.5) (Version: 1.18.5 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 - Proton Technologies AG)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.0630.062903 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9126.1 - Realtek Semiconductor Corp.)
RimWorld - Royalty (HKLM-x32\...\1233017772_is1) (Version: 1.1.2571 rev945 - GOG.com)
RimWorld (HKLM-x32\...\1094900565_is1) (Version: 1.1.2571 rev945 - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.53.576 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games)
Stellaris Lithoids Species Pack (HKLM-x32\...\Stellaris Lithoids Species Pack_is1) (Version: - )
The Protectors v 0.8.9 FULL (HKLM-x32\...\{08BB95E5-777A-4027-8798-89487B524594}) (Version: 0.8.9 - The Protectors modding team)
The Protectors v 0.8.9a patch (HKLM-x32\...\{1220C567-A35A-4FD7-80D2-4E5DFEA305D6}) (Version: 0.8.9.1 - The Protectors modding team)
Twitch (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 100.0 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III Beta (HKLM-x32\...\Warcraft III Beta) (Version: - Blizzard Entertainment)
WeMod (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\WeMod) (Version: 8.2.0 - WeMod)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-26] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-18] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-08-25] (VideoLAN)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1578781637-3808001763-1541333437-1002_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> "E:\inPixio Photo Studio 11\PhotoStudioIPS11.exe" -ToastActivated => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-12-04] (Notepad++ -> )
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2019-10-21 13:37 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\Control Panel\Desktop\\Wallpaper -> E:\Whatever\CD\Miao Ying vs Kairos Fateweaver.png
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{037A6278-844B-4B2C-87F9-FDF8C7137FFD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{5BF225D5-0D0C-4ECC-A6D8-4F1A2B1018C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{954CB9B4-61B1-4C68-BF57-F81CAD32FB5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [{DD648C61-554F-46EB-A78C-63805EBE78EE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [UDP Query User{AA8460D6-26C6-46BA-8561-32DBD2A7FF5A}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{2FB7F65D-A7ED-461C-8B81-F1098ABFDCC6}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{12ACDBEC-D9C9-468C-82B4-CD1FE72B46E3}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{1ADA5DB0-9265-427E-8821-AA9CACE26B10}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{A2A821EC-19DC-4576-BD7A-C831208414EE}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{E54C2AD6-332A-444F-A91B-7AC5A83B813D}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{3D832854-4348-4D73-B543-966F1BCF947C}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D3EBA88B-D039-4013-8DB6-5F7EDEDB62C8}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ED3D4F27-0C91-41ED-90F4-F95EBB457068}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{14D6276D-3E72-45ED-8C43-2B2849AA30D6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{96E6597D-399D-4DBA-A885-4851A7A18DD2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{C2B5AB54-DB1B-4DEA-BF8F-BEA8047C1EEA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{E36067BD-7822-4591-86AC-F3400312851D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{8593E9F4-4A23-43D6-BB9A-2BB463392867}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{83389818-02BD-461E-8611-FE64994C6EC0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [{AC09C301-8441-471C-AB02-7489A8F67484}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [UDP Query User{70E45932-F5EE-45B1-8F0F-BA1ECAA25A46}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2D5A5636-BA41-414C-9778-D33875EB2C02}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{751C6BB7-6297-4E77-9952-C745E90550E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [{8B1AC280-23ED-4B9C-9AA9-DA7DF7B74444}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{74FEFDD1-F5AB-4C5B-9E92-E2CB91B8EC28}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [TCP Query User{98BE0E47-C93D-48B3-9528-656974085F3C}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [UDP Query User{A61D54BC-9D90-41C3-A8D1-6B2A7D78E4DE}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [TCP Query User{2CDD0DF0-4148-4A6B-906D-A361DB9EDB7E}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [UDP Query User{7E7FF871-C92D-4AC1-9C4A-611D045323CF}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [TCP Query User{184F2FC4-D37E-46F1-B0B2-4BFA7C6718C9}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [{21138A28-A00E-4862-AC8B-8AADF59CFA3B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{F14400E6-67A2-4A50-ADFE-CA1A19F7FE9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [UDP Query User{557277C4-D858-4400-9ECB-ACE745A319C8}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [TCP Query User{8B295AED-8691-407D-8DAB-1E313A12A17C}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [UDP Query User{FC69EF54-7910-42C6-92DF-1755C5E0FF95}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [TCP Query User{4A9DF36A-727B-46A1-8282-C1B6F539C167}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [{53643330-8CEE-4D90-9717-D3ABC55ED5A0}] => (Allow) E:\Games\ANNO1800Trial\Bin\Win64\Anno1800.exe => No File
FirewallRules: [UDP Query User{0E742F5E-AEDF-4470-A826-A194EFE9A6B4}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{46F587FA-0AF4-40FC-BB4C-21B46C83C3FE}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{53B074E9-903D-4553-A879-9D690C0E7A0D}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [TCP Query User{4BF9472D-0318-4A44-B3CA-1F3F333B8AAD}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{FB135923-C7FF-49FF-A18A-DEA4BF06B68E}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [TCP Query User{3592AC26-EF6E-4BF4-930E-1ABEC5F6579B}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [{3DB8CF03-00EB-4103-8FDE-78DCE456899B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{EFF5D996-17C5-4277-9497-B34E5937E2C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{D0477641-F30C-43B1-82AE-40C4B40C9D33}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [{0CDD9C6E-C97C-4C29-A516-4A9E52ADB9B6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [UDP Query User{15F4AEB1-E922-412D-8778-F51E061CB0D3}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{47FD8B24-B235-4633-A73A-E489CF13ABF4}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{60D940BC-BF19-4A6E-AA3C-662F009F60A5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{A662161C-E2AB-42B6-9D5E-50844F2647A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{8FD2F080-B70C-4D66-B0A1-AD0A1F765E00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{284E2E9A-347F-4488-8152-164B7F99FF76}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [UDP Query User{393B4840-31F8-4E50-BD0F-59E2F4F0CE67}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [TCP Query User{A93D5DAE-49D3-4332-B0CF-A3B1E367F219}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [UDP Query User{9D04D7C7-C1C0-475C-BD5D-A902451A1EEA}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{5944AFD6-7408-429C-9592-F167D1756AB8}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{4813CD27-13A5-4E7A-9035-19CC6E93D42F}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{0A577BA0-8E13-4D1A-A870-61764EA2A317}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [{41AB4427-C3A5-4735-9934-D16A53E2FC59}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{850919B6-3110-46A2-90F0-D9623646A229}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{85EC4804-0F80-4CE5-AD05-2D55ED418BAF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8CC7CCC3-C371-4A03-A1AE-7EAF0EBF4FAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{AC1C7DB7-BD13-410E-9B50-7A28125B58C7}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6ECA6DCC-6763-4C41-822D-4841202986B4}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D765618B-3358-4B95-972F-9428C286BAFD}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1FCB5E8B-4B29-4446-81E4-B9F15EDB1955}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{77970D38-0B76-4877-B873-C2EEDA6F24C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BF367D47-87CB-4517-AEE8-04D8A7D58ED9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B8A3E14-FEC7-496D-B418-06E653C17644}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [UDP Query User{1749D708-6AA2-4EA7-8D77-3475EB21A686}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [{2B5B86A7-1A68-4940-81E2-958DDBC7179B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{D93C317B-C020-4D1E-9063-A5E7E875A898}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{6531480F-2D43-4732-8958-19670F084B4C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{9F311F02-DACD-400A-9820-FA8DB1C3E127}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{19399C4B-D0D5-4ED5-9499-B4064E484D4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{F6A03E50-B320-46FA-95BA-4E3DAC93716E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{D116FA49-9576-4DA7-B5F5-48E6DDBDBD21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{C58B4F5B-D38C-47DA-8C32-09E54B56D82F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{ECF34A9C-3778-46BF-84B6-093B0EDC8F95}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{97BEE38F-0977-44C3-9C62-3B2D0AA01139}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{B91068B0-90FB-4DD5-A127-45B48E131C5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{F6618346-E488-4ADD-8CD8-1B3BB9DEDCC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [TCP Query User{D0B373C4-F507-4CA1-A9F8-D95732D0CDBB}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [UDP Query User{41143AEA-1C23-4072-B35B-120D716B87DC}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [{8A06E3F2-55A2-4187-AD68-5AA975484AD6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [{19B136CC-3A16-49F0-8D80-9E24FB55D294}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [TCP Query User{8444DDEE-96E4-41DA-9B76-BF9FB6D869D7}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C48C8A53-256E-4D24-A9FB-1DD822811E2E}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{16DC5210-7268-4324-BF04-D776773CB74E}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{0844BE68-B7DE-42FF-B759-CA2BF44DC24A}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{FC7CF378-4541-4A69-9D59-6DA634C3A716}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{D2BFA281-25FA-4CA2-AA54-30E01F074526}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B4B62D17-AA18-44CF-AC5D-6BE97896254C}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{63CBBB81-C7D7-4C12-8229-9C1CE1823091}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [{A43991FE-E4B9-4603-A405-18EFDC98B28B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{8B22F7B6-CC3C-4018-B1D8-1FE10B1AC21C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [TCP Query User{40884ED5-A9AF-4DDE-BBBF-557CC5A2C55B}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{B381E370-B5BD-4350-A63B-B09C55356D84}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{E95F76C2-6B69-43AB-9E31-D7B634A667D6}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{E236E002-2DEE-4B49-AB06-AD2B828934E8}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{3208E553-3EB2-4593-A854-F498F1B08B06}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [UDP Query User{23B099D3-AF9D-4CE8-9D86-69468F552292}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [{A6564809-365E-4A8C-95C2-06D98DE5C75F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{823B0C0A-F98C-47BB-BB16-ABCD9DD3ECF4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{361CE1E5-AA98-4FD3-A6EA-C1388DFEE6C5}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [UDP Query User{6186A1D7-909E-4E11-AF2E-56663DA05574}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [{3CED1803-43DA-469D-B8AF-9EEB37AC3D5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [{7F84F302-4ADD-4E3F-8B05-E8E3C62E2E12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [TCP Query User{68474532-E969-49B6-A142-0C282E8DE99A}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{BD6B4375-9AA4-4E9F-B7E0-CBD30D143B87}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{803DEBBB-20FF-4393-BBC8-3D8010CB3C0B}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [UDP Query User{13A9A3A5-3A4D-4A56-ABD1-69ADB187EC0F}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [{D4AE6FD6-4482-4DDD-826F-4F09791CB1D5}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{7B18F54B-C17B-4E42-AFE9-0EA86F83D059}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{E598963F-F1B2-4B9B-8713-16A563C982EC}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{F6102896-BF7F-4911-A83C-05D700546219}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{AFC117DE-1620-46CB-9976-8AF9AC733AF1}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [UDP Query User{39E637F0-7570-4C18-8287-9527B1072D47}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [{DA608CA4-1901-44A1-BF0B-1907FA5FBD57}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{B16AFB1C-70F9-4811-9077-88B9C9CC0131}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{92F7E7C0-A5E0-4421-97C8-F069540D9047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{4472A0F8-542A-43E3-AC3A-094B693AE422}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{A1C7455B-1F50-4633-A8E0-5B59FD80E1B1}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{74CBBF8F-7E7B-4529-BE95-404977E2111F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9F2C98C8-F9E0-435C-977F-843C082071E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{493CC20D-8466-4BA5-B668-F9B6DE744E43}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{823D8D89-F8B7-4597-9A6F-E84EE7BA7C90}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{BAF2163C-88D7-4BAC-8852-86911C50D3BF}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{569F9980-77A0-43CC-8A7B-019A74CCE48C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{3797D972-AC37-4F4C-86C8-96F30A9E8D2C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{584C8FC2-8148-458E-8EFD-2DEA54DC7AD0}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{CA69E102-246B-4DBE-A3DA-340D424C7D59}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{ECFEE7A8-BC05-422F-B9D8-D084D9358E3B}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{24AAD416-D0C7-44ED-97FE-F377DE34C19A}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [TCP Query User{7554F35F-F32A-4AD9-80A9-08CF053CDFE7}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [UDP Query User{D56066A1-554D-496D-834E-7DA5FE1EAF02}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [{8F99DF62-0C0A-448D-A753-93F1027F10E3}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7BE4A747-9FE2-4800-9E80-F32A4DAE2E6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{13D3CA15-2236-418B-B91B-678DE398D84D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF3A6750-5C1E-4291-ACA7-BDF28DB3BF7C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74B27E8F-04FB-4820-8F03-E6049E8A27D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26D7F1BC-7B53-4231-82F0-53DB1BC0717A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [{34708A9D-6D35-45DC-976F-10201F7EE965}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [TCP Query User{1F5FAB82-6B59-46EA-B35A-359FBDFC621C}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{38019C89-8592-45BD-B640-B47B438F072F}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{BEA02876-9AB5-4F07-AE15-1624A18DA60D}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{85377F2C-570D-4FA4-83BA-6A5043FD99AB}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{73C6840C-15B5-4C29-9883-5669FC574BED}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{F9F83B40-41C3-4EBE-9C24-49BB647CA062}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [TCP Query User{FDE77B3C-AD00-48E0-996C-DCA177A91382}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{C7F1288C-09C4-4EE7-97A8-F6B383729844}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{BB74E66F-18E2-4B7E-9B41-D2A640E647E5}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{666F6613-F11F-49A2-846A-FC6EF138A661}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{6848A8DE-747D-400B-B6CF-19EC2EF1173C}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{E51130E7-B6AD-4956-8F7C-151680D19A85}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{4A1078B5-11F9-492E-9B5E-8D686C8524F3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{1DC09D92-EDB8-45F4-93CF-22E21D33EF05}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{A50AB71E-F6B4-4156-9088-FD43C6A6A68C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{67A8502A-9A6E-4C8C-8242-240DBAADBFC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{9D7DFD1D-874E-4FC4-8EA3-E15269D5A406}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{ECB032CC-99C9-419D-89AF-024FB4555ECE}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{89E95E95-51B4-4461-B6B1-432118FD2560}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{31472397-64EA-4D4A-9F85-2574CD7E5A37}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{5BD4E765-ACFE-4541-A8E3-6672FD29C0A7}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{70A7EA31-006A-44E2-89AA-FD8565E64464}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{5C59681B-6B76-4C8B-A320-B2CDD3E1DA5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{91438B91-BE75-4EE2-B025-AF17F4396A5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{71B05DA4-38AA-48AB-BC52-9DED84B6A20B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{B00561B5-E73E-49D6-98BA-4EE64507F929}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{70DF0C83-674B-4D7C-AE9E-38F22C6463BD}] => (Allow) C:\Program Files\Opera GX\88.0.4412.85\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{90353DF6-2762-4E85-B2A7-F3C9F08B3B9C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{41063086-D718-44DE-97FF-7E61AF611BC2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04D73F0C-BB54-4B74-B5BB-6103F137CFFB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAFF02D9-14B8-4DF7-819F-16917732042B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F35714EA-115D-4493-9BA0-2CFE74F93B6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{1BBA500A-B3E6-4DD1-AF58-9F93AD12880B}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{8203DEC9-E04B-4644-A9CE-DECA8239D47C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6CC83F9-7D55-443D-85CA-C521C2244616}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ED4F008-E057-4D6A-A078-9B7E6C4B2F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D2B7FF7-58BB-4774-8575-42831DFE729B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52B66FD7-C89D-43FD-A7C0-593AA5F03C67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60D6A8CF-61C0-4D95-A277-172B172C0DEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A160ABF3-5C53-4A69-BE19-B55E1F67376F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2A23326-1E6F-462B-8CB7-2C2384A9C67E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5CE72EA4-5B91-49C8-BD4C-0960263791E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A81D5FBE-EC72-4B3C-9506-AA06EA7F271C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.71\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ACA36C56-1B89-4B52-B1A6-65BADD987D4E}] => (Allow) C:\Program Files\Opera GX\89.0.4447.64\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{1E860CC0-347E-4100-8D21-B479B80AC21F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{D3E9A615-12A6-4ADD-AA73-ED8F5A7D5E90}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
==================== Restore Points =========================
24-07-2022 09:02:26 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/30/2022 07:14:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15766
Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15766
Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15750
Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15750
Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/23/2022 12:37:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
System errors:
=============
Error: (07/30/2022 08:02:29 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.
Error: (07/27/2022 05:57:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.
Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.ZuneVideo_10.22041.10091.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca did not register with DCOM within the required timeout.
Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.WindowsFeedbackHub_1.2203.761.0_x64__8wekyb3d8bbwe!App.AppX8a6w88secebzyje9nrqc47xt488tkbmc.mca did not register with DCOM within the required timeout.
Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (07/26/2022 03:01:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.MicrosoftOfficeHub_18.2205.1091.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXvhez9tbpytkh6zv5q0bx5fj12yay14wg.mca did not register with DCOM within the required timeout.
Error: (07/23/2022 08:57:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.MicrosoftOfficeHub_18.2205.1091.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXvhez9tbpytkh6zv5q0bx5fj12yay14wg.mca did not register with DCOM within the required timeout.
Error: (07/23/2022 01:39:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2022-07-30 07:12:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-28 23:24:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-28 15:25:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-26 14:19:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-25 10:07:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-07-16 20:29:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-06-17 20:52:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3.00 09/10/2015
Motherboard: MSI Z170A-G43 PLUS (MS-7970)
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 16339.84 MB
Available physical RAM: 9186.95 MB
Total Virtual: 24275.84 MB
Available Virtual: 11297 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.89 GB) (Free:323.53 GB) (Model: CT1000P1SSD8) NTFS
Drive d: () (Fixed) (Total:1862.79 GB) (Free:774 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:940.75 GB) (Model: ST2000DM001-1ER164) NTFS
\\?\Volume{0f8c9d20-fca9-4cdd-933a-802f5df718e1}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f1d397e9-2f37-4f10-b8b5-3bfd253f320c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81190A92)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B7FE9059)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
prosím o kontrolu. Tento měsíc jsem opakovaně zachytil pokusy o přihlášení na 2 moje maily a pak steam apod.
Na jeden mail se zřejmě podařilo. Jelikož jsem tam včera našel cizí aktivitu.
Navíc přišel klasický výhružný mail ať pošlu prachy, jinak... (no znáte to). V každém případě tam bylo uvedený mail i heslo správně.
Takže jsem si hesla rychle změnil a teď bych to potřeboval nějak vyřešit.
Výpis z FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2022
Ran by Mermeoth (administrator) on DESKTOP-VGTMQ82 (MSI MS-7970) (30-07-2022 14:32:01)
Running from C:\Users\Mermeoth\Desktop
Loaded Profiles: Mermeoth
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\89.0.4447.64\opera_crashreporter.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(E:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\steam.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Opera Norway AS -> Opera Software) C:\Program Files\Opera GX\opera.exe <28>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_7ed3bacbb0a8cc67\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
(services.exe ->) (Proton Technologies AG -> ) E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-03-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => E:\Program Files\Eraser\Eraser.exe [1068624 2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Opera GX Browser Assistant] => C:\Program Files\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [EpicGamesLauncher] => E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32706000 2022-07-21] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\Run: [OneDrive] => C:\Users\Evička\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1584488 2020-01-12] (Microsoft Corporation) [File not signed]
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --enable-audio-service-sandbox --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switc (the data entry has 60 more characters). [2673480 2022-07-18] (Google LLC -> Google LLC)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3535416 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\...\AppCompatFlags\Custom\MFatigue.exe: [{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb] -> Metal Fatigue Compatibility Database (Saleck)
HKLM\Software\...\AppCompatFlags\InstalledSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb [2020-08-31]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-09-27]
ShortcutTarget: Twitch.lnk -> E:\Program Files\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04B1BEE5-0CE8-4576-B9A7-5DE57C59BD8D} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {05650F80-4CD1-4101-B134-B568B02932BA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {10C1F606-CC81-406F-948F-413365EDBB01} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {281800E8-303D-4815-ACBB-150252D6C2F6} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1636403563 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera GX\assistant" $(Arg0)
Task: {41F3E518-5C7E-48FA-9661-76288E42CBCD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {45872910-FA5F-45CA-ABD4-C5D13206193B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D6DD58D-1AB1-49EA-B0A1-826CC3B5B78A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {650BBEEC-88D8-45AA-B7D2-61332656E0F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {67F63918-ACEC-4B18-88F4-80D7838B17D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-19] (Google Inc -> Google LLC)
Task: {85042E61-0EF8-4E73-A78C-7D4CBDC9BCEB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A74BC68D-3DBD-4B0F-99FB-C80E83EAE195} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6563280 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {B039A956-6B8E-4425-AD33-A75BF414AE1D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C11BDAC2-30DC-4966-8A61-028791620F6B} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {C842A0DC-C010-4321-8E47-5CEE049A4A8F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F2EC6625-D90F-4769-8AB8-6AE40AA06EA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F2F757DB-092B-46D7-AD21-36C7DB9806DC} - System32\Tasks\Opera GX scheduled Autoupdate 1635276729 => C:\Program Files\Opera GX\launcher.exe [2462712 2022-07-25] (Opera Norway AS -> Opera Software)
Task: {FDA5D773-B8A4-42E8-AF21-75E76FE0D73B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{b2101a9a-91d0-4cd8-b3ca-978816e8a935}: [DhcpNameServer] 62.129.50.20 85.135.32.100
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Mermeoth\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-27]
FireFox:
========
FF DefaultProfile: a44ojqp7.default
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\a44ojqp7.default [2019-09-19]
FF ProfilePath: C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release [2022-07-27]
FF Extension: (AdBlocker Ultimate) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2022-05-25]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Mermeoth\AppData\Roaming\Mozilla\Firefox\Profiles\67m6tvvd.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-07]
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default [2022-07-28]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.idnes.cz
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps: ... oogle.com/"
CHR Extension: (Dark Mode) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2022-06-23]
CHR Extension: (React Developer Tools) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkadmapgofadopljbjfkapdkoienihi [2022-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-07-21]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mermeoth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
Opera:
=======
StartMenuInternet: (HKLM) Opera GXStable - C:\Program Files\Opera GX\Launcher.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Bonjour Service; C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe [390504 2020-02-06] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-20] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520 2022-03-04] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-06-09] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 MBAMService; E:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
R3 ProtonVPN Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [102648 2021-01-29] (Proton Technologies AG -> )
R3 ProtonVPN Update Service; E:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [62712 2021-01-29] (Proton Technologies AG -> )
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [300600 2022-06-28] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; E:\Games\Launcher\RockstarService.exe [2559896 2022-03-15] (Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534440 2022-04-28] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTrans\ElevationService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_skl.inf_amd64_2a35efc43f1a612e\iaLPSS2_GPIO2_ICL.sys [132872 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_skl.inf_amd64_363c7132639e12a6\iaLPSS2_I2C_ICL.sys [200456 2020-04-28] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_skl.inf_amd64_a59239db7de9954f\iaLPSS2_UART2_ICL.sys [312600 2020-04-28] (Intel Corporation -> Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsldcff2823; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC2A418F-FEA8-4B4D-A0DB-474EAAB48E12}\MpKslDrv.sys [141576 2022-07-30] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNCallout; E:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2021-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_021e; C:\WINDOWS\System32\drivers\RzDev_021e.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-30 14:32 - 2022-07-30 14:32 - 000022921 _____ C:\Users\Mermeoth\Desktop\FRST.txt
2022-07-30 14:26 - 2022-07-30 14:32 - 000000000 ____D C:\FRST
2022-07-30 14:26 - 2022-07-30 14:26 - 002369536 _____ (Farbar) C:\Users\Mermeoth\Desktop\FRST64.exe
2022-07-30 14:08 - 2022-07-30 14:09 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Tiger
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\INTL
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\ProgramData\INTL
2022-07-30 14:08 - 2022-07-30 14:08 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2022-07-30 12:54 - 2022-06-24 02:17 - 000172304 _____ (Razer Inc) C:\WINDOWS\system32\RazerS2S3CoinstallerEx.dll
2022-07-27 12:44 - 2022-07-27 14:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-22 21:54 - 2022-07-22 21:53 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-07-21 17:45 - 2022-07-21 17:45 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Tlön Industries
2022-07-14 20:50 - 2022-07-14 20:50 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-14 20:50 - 2022-07-14 20:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-14 20:50 - 2022-07-14 20:50 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-14 20:50 - 2022-07-14 20:50 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-14 20:44 - 2022-07-14 20:44 - 000000000 ___HD C:\$WinREAgent
2022-07-14 14:02 - 2022-07-14 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-07-14 14:02 - 2022-07-14 14:04 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\Wondershare
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\MobileBackupForeverIni
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\Users\Mermeoth\.android
2022-07-14 14:02 - 2022-07-14 14:02 - 000000000 ____D C:\ProgramData\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2022-07-14 14:01 - 2022-07-14 14:12 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\Wondershare
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-30 14:25 - 2021-03-10 11:11 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\EasyAntiCheat
2022-07-30 14:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-30 14:08 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-30 14:08 - 2019-09-20 20:40 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\D3DSCache
2022-07-30 14:06 - 2020-09-17 06:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-30 14:05 - 2019-09-19 08:51 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-30 12:26 - 2019-09-19 09:01 - 000000000 ____D C:\Users\Mermeoth\AppData\LocalLow\Mozilla
2022-07-30 08:02 - 2019-09-19 16:46 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-30 06:47 - 2020-06-09 09:10 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-30 06:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-30 06:33 - 2019-09-19 09:39 - 000009863 _____ C:\Users\Mermeoth\Desktop\Games.txt
2022-07-29 00:44 - 2021-10-26 21:32 - 000000000 ____D C:\Program Files\Opera GX
2022-07-28 13:47 - 2021-12-13 08:27 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 06:46 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1578781637-3808001763-1541333437-1002
2022-07-28 13:47 - 2020-09-17 00:27 - 000002392 _____ C:\Users\Mermeoth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-28 13:45 - 2021-10-26 21:32 - 000003970 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1635276729
2022-07-28 13:45 - 2021-10-26 21:32 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk
2022-07-27 14:26 - 2022-02-09 11:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-27 14:25 - 2021-10-11 07:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-27 14:25 - 2019-09-19 09:01 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-27 14:25 - 2019-09-19 09:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-22 21:54 - 2022-04-14 11:12 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-22 21:54 - 2022-03-14 11:12 - 000000991 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-22 21:54 - 2021-06-22 20:00 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-22 21:54 - 2021-03-25 08:18 - 000000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-22 21:54 - 2021-03-25 08:17 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-07-22 21:53 - 2021-03-25 08:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-22 19:56 - 2019-09-19 08:52 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-22 19:56 - 2019-09-19 08:52 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-21 07:38 - 2020-09-17 06:46 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-21 07:38 - 2020-09-17 06:46 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 15:10 - 2019-08-26 11:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-16 11:07 - 2020-09-17 06:51 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-16 11:07 - 2020-09-17 00:15 - 000716754 _____ C:\WINDOWS\system32\perfh005.dat
2022-07-16 11:07 - 2020-09-17 00:15 - 000144952 _____ C:\WINDOWS\system32\perfc005.dat
2022-07-16 11:02 - 2021-05-16 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-07-16 11:00 - 2020-09-17 06:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-16 11:00 - 2020-09-17 06:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-16 07:23 - 2020-09-17 06:41 - 000437144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-16 07:23 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-16 07:22 - 2019-12-07 11:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-07-16 07:22 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-15 05:27 - 2021-03-26 16:44 - 000000000 ____D C:\Users\Mermeoth\AppData\Local\CrashDumps
2022-07-14 20:52 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-14 20:50 - 2020-09-17 06:46 - 003010560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-07-14 20:44 - 2019-09-23 00:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-14 20:43 - 2019-09-23 00:19 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-14 14:02 - 2020-09-17 00:27 - 000000000 ____D C:\Users\Mermeoth
2022-07-11 09:59 - 2020-10-10 21:01 - 000000000 ____D C:\Users\Mermeoth\AppData\Roaming\paradox-launcher-v2
==================== Files in the root of some directories ========
2021-12-16 15:27 - 2021-12-16 15:27 - 000000839 _____ () C:\Users\Mermeoth\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2022
Ran by Mermeoth (30-07-2022 14:33:08)
Running from C:\Users\Mermeoth\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1826 (X64) (2020-09-17 04:46:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1578781637-3808001763-1541333437-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1578781637-3808001763-1541333437-503 - Limited - Disabled)
Evička (S-1-5-21-1578781637-3808001763-1541333437-1003 - Limited - Enabled) => C:\Users\Evička
Guest (S-1-5-21-1578781637-3808001763-1541333437-501 - Limited - Disabled)
Mermeoth (S-1-5-21-1578781637-3808001763-1541333437-1002 - Administrator - Enabled) => C:\Users\Mermeoth
WDAGUtilityAccount (S-1-5-21-1578781637-3808001763-1541333437-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Reader 9.1 - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Age of Empires II Definitive Edition Dawn of the Dukes (HKLM-x32\...\Age of Empires II Definitive Edition Dawn of the Dukes_is1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.77.1092 - AB Team, d.o.o.)
Crusader Kings II Holy Fury (HKLM-x32\...\Crusader Kings II Holy Fury_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{C69A2919-0662-4390-9418-67C931B44C18}) (Version: 1.1.236.0 - Epic Games, Inc.)
Eraser 6.2.0.2989 (HKLM\...\{A8F9BDFF-27EA-478D-BC23-9F518B33E5E9}) (Version: 6.2.2989 - The Eraser Project)
Europa Universalis IV Leviathan (HKLM-x32\...\Europa Universalis IV Leviathan_is1) (Version: - )
Gaming Mouse Driver v1.0.8 (HKLM-x32\...\{AB928D70-A6F6-4C35-860E-170B1FE43C45}_is1) (Version: - )
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
Hearts of Iron IV Man the Guns (HKLM-x32\...\Hearts of Iron IV Man the Guns_is1) (Version: - )
Hearts of Iron IV No Step Back (HKLM-x32\...\Hearts of Iron IV No Step Back_is1) (Version: - )
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Irony Mod Manager v1.20.44 (HKLM-x32\...\{8AAA7D9F-2192-4A6B-AAEE-EBB2A355EF75}_is1) (Version: 1.20.44+20367d6ace - Mario)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KMPlayer (HKLM\...\The KMPlayer) (Version: 4.2.2.34 - PandoraTV)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Metal Fatigue Compatibility Database (Saleck) (HKLM\...\{b783cee4-8f7f-45fe-873f-953f2b6d3442}.sdb) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - cs-cz (HKLM\...\ProPlus2019Retail - cs-cz) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (HKLM\...\{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30037 (HKLM-x32\...\{dfea0fad-88b2-4a1f-8536-3f8f9391f4ef}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30037 (HKLM\...\{529D20E8-132A-4F1A-A25F-9211B8C943AC}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30037 (HKLM\...\{C874FB5A-1C85-460A-A4A9-CBCC3FAE7880}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30037 (HKLM-x32\...\{01FAEC41-B3BC-44F4-B185-5E8475AEB855}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30037 (HKLM-x32\...\{7D75664A-6C04-424C-82A1-EE88913E5F16}) (Version: 14.29.30037 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 103.0 (x64 cs)) (Version: 103.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.1 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.6 - Notepad++ Team)
NVIDIA Graphics Driver 457.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.51 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenIV (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\OpenIV) (Version: 4.0.1.1452 - .black/OpenIV Team)
Opera GX Stable 89.0.4447.64 (HKLM-x32\...\Opera GX 89.0.4447.64) (Version: 89.0.4447.64 - Opera Software)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
ProtonVPN (HKLM-x32\...\{FFAFEA09-E7DA-4710-A278-7F0506C96829}) (Version: 1.18.5 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.18.5) (Version: 1.18.5 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{5DA710E2-1B81-4675-BFC5-76BAF63AE1F6}) (Version: 1.1.3 - Proton Technologies AG)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.0630.062903 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9126.1 - Realtek Semiconductor Corp.)
RimWorld - Royalty (HKLM-x32\...\1233017772_is1) (Version: 1.1.2571 rev945 - GOG.com)
RimWorld (HKLM-x32\...\1094900565_is1) (Version: 1.1.2571 rev945 - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.53.576 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.9.3 - Rockstar Games)
Stellaris Lithoids Species Pack (HKLM-x32\...\Stellaris Lithoids Species Pack_is1) (Version: - )
The Protectors v 0.8.9 FULL (HKLM-x32\...\{08BB95E5-777A-4027-8798-89487B524594}) (Version: 0.8.9 - The Protectors modding team)
The Protectors v 0.8.9a patch (HKLM-x32\...\{1220C567-A35A-4FD7-80D2-4E5DFEA305D6}) (Version: 0.8.9.1 - The Protectors modding team)
Twitch (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 100.0 - Ubisoft)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
Warcraft III Beta (HKLM-x32\...\Warcraft III Beta) (Version: - Blizzard Entertainment)
WeMod (HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\WeMod) (Version: 8.2.0 - WeMod)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)
Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7180.0_x64__8wekyb3d8bbwe [2022-07-26] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-18] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-10-16] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task]
VLC -> C:\Program Files\WindowsApps\VideoLAN.VLC_3.2.1.0_x64__paz6r1rewnh0a [2021-08-25] (VideoLAN)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1578781637-3808001763-1541333437-1002_Classes\CLSID\{642ccb6b-4be1-471e-bc61-606dd9dc7c79}\localserver32 -> "E:\inPixio Photo Studio 11\PhotoStudioIPS11.exe" -ToastActivated => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-12-04] (Notepad++ -> )
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => E:\Program Files\Eraser\Eraser.Shell.dll [2020-06-06] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-22] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Mermeoth\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2019-10-21 13:37 - 2019-02-21 18:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll
2020-04-19 18:59 - 2020-04-19 18:59 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-02-24] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\Control Panel\Desktop\\Wallpaper -> E:\Whatever\CD\Miao Ying vs Kairos Fateweaver.png
HKU\S-1-5-21-1578781637-3808001763-1541333437-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1578781637-3808001763-1541333437-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{037A6278-844B-4B2C-87F9-FDF8C7137FFD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{5BF225D5-0D0C-4ECC-A6D8-4F1A2B1018C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\nglide_config.exe (Zeus Software) [File not signed]
FirewallRules: [{954CB9B4-61B1-4C68-BF57-F81CAD32FB5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [{DD648C61-554F-46EB-A78C-63805EBE78EE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Metal Fatigue\MFatigue.exe () [File not signed]
FirewallRules: [UDP Query User{AA8460D6-26C6-46BA-8561-32DBD2A7FF5A}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{2FB7F65D-A7ED-461C-8B81-F1098ABFDCC6}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{12ACDBEC-D9C9-468C-82B4-CD1FE72B46E3}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [TCP Query User{1ADA5DB0-9265-427E-8821-AA9CACE26B10}E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe (Valve Corp. -> Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{A2A821EC-19DC-4576-BD7A-C831208414EE}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [TCP Query User{E54C2AD6-332A-444F-A91B-7AC5A83B813D}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe => No File
FirewallRules: [UDP Query User{3D832854-4348-4D73-B543-966F1BCF947C}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{D3EBA88B-D039-4013-8DB6-5F7EDEDB62C8}E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ED3D4F27-0C91-41ED-90F4-F95EBB457068}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{14D6276D-3E72-45ED-8C43-2B2849AA30D6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{96E6597D-399D-4DBA-A885-4851A7A18DD2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{C2B5AB54-DB1B-4DEA-BF8F-BEA8047C1EEA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea The Awakening\MP\TheaMP.exe => No File
FirewallRules: [{E36067BD-7822-4591-86AC-F3400312851D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{8593E9F4-4A23-43D6-BB9A-2BB463392867}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe () [File not signed]
FirewallRules: [{83389818-02BD-461E-8611-FE64994C6EC0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [{AC09C301-8441-471C-AB02-7489A8F67484}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe () [File not signed]
FirewallRules: [UDP Query User{70E45932-F5EE-45B1-8F0F-BA1ECAA25A46}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2D5A5636-BA41-414C-9778-D33875EB2C02}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{751C6BB7-6297-4E77-9952-C745E90550E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [{8B1AC280-23ED-4B9C-9AA9-DA7DF7B74444}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => No File
FirewallRules: [UDP Query User{74FEFDD1-F5AB-4C5B-9E92-E2CB91B8EC28}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [TCP Query User{98BE0E47-C93D-48B3-9528-656974085F3C}E:\games\hearts of iron iv man the guns\hoi4.exe] => (Allow) E:\games\hearts of iron iv man the guns\hoi4.exe => No File
FirewallRules: [UDP Query User{A61D54BC-9D90-41C3-A8D1-6B2A7D78E4DE}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [TCP Query User{2CDD0DF0-4148-4A6B-906D-A361DB9EDB7E}E:\games\hearts of iron iv - copy\hoi4.exe] => (Allow) E:\games\hearts of iron iv - copy\hoi4.exe => No File
FirewallRules: [UDP Query User{7E7FF871-C92D-4AC1-9C4A-611D045323CF}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [TCP Query User{184F2FC4-D37E-46F1-B0B2-4BFA7C6718C9}E:\games\hearts of iron iv\hoi4.exe] => (Allow) E:\games\hearts of iron iv\hoi4.exe => No File
FirewallRules: [{21138A28-A00E-4862-AC8B-8AADF59CFA3B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{F14400E6-67A2-4A50-ADFE-CA1A19F7FE9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [UDP Query User{557277C4-D858-4400-9ECB-ACE745A319C8}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [TCP Query User{8B295AED-8691-407D-8DAB-1E313A12A17C}C:\quick games\warcraft iii\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\x86_64\warcraft iii.exe => No File
FirewallRules: [UDP Query User{FC69EF54-7910-42C6-92DF-1755C5E0FF95}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [TCP Query User{4A9DF36A-727B-46A1-8282-C1B6F539C167}C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer\warhammer.exe => No File
FirewallRules: [{53643330-8CEE-4D90-9717-D3ABC55ED5A0}] => (Allow) E:\Games\ANNO1800Trial\Bin\Win64\Anno1800.exe => No File
FirewallRules: [UDP Query User{0E742F5E-AEDF-4470-A826-A194EFE9A6B4}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{46F587FA-0AF4-40FC-BB4C-21B46C83C3FE}D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe] => (Block) D:\games\divinity original sin 2 definitive edition\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{53B074E9-903D-4553-A879-9D690C0E7A0D}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [TCP Query User{4BF9472D-0318-4A44-B3CA-1F3F333B8AAD}E:\games\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii definitive edition\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{FB135923-C7FF-49FF-A18A-DEA4BF06B68E}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [TCP Query User{3592AC26-EF6E-4BF4-930E-1ABEC5F6579B}E:\games\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\games\age of empires ii definitive edition\aoe2de_s.exe => No File
FirewallRules: [{3DB8CF03-00EB-4103-8FDE-78DCE456899B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{EFF5D996-17C5-4277-9497-B34E5937E2C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe => No File
FirewallRules: [{D0477641-F30C-43B1-82AE-40C4B40C9D33}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [{0CDD9C6E-C97C-4C29-A516-4A9E52ADB9B6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Frostpunk\Frostpunk.exe (11 bit studios S.A.) [File not signed]
FirewallRules: [UDP Query User{15F4AEB1-E922-412D-8778-F51E061CB0D3}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{47FD8B24-B235-4633-A73A-E489CF13ABF4}E:\program files\utorrent\utorrent.exe] => (Allow) E:\program files\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{60D940BC-BF19-4A6E-AA3C-662F009F60A5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{A662161C-E2AB-42B6-9D5E-50844F2647A1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Stellaris\dowser.exe => No File
FirewallRules: [{8FD2F080-B70C-4D66-B0A1-AD0A1F765E00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{284E2E9A-347F-4488-8152-164B7F99FF76}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [UDP Query User{393B4840-31F8-4E50-BD0F-59E2F4F0CE67}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [TCP Query User{A93D5DAE-49D3-4332-B0CF-A3B1E367F219}E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) E:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe => No File
FirewallRules: [UDP Query User{9D04D7C7-C1C0-475C-BD5D-A902451A1EEA}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [TCP Query User{5944AFD6-7408-429C-9592-F167D1756AB8}C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer ii\warhammer2.exe => No File
FirewallRules: [UDP Query User{4813CD27-13A5-4E7A-9035-19CC6E93D42F}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [TCP Query User{0A577BA0-8E13-4D1A-A870-61764EA2A317}E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe => No File
FirewallRules: [{41AB4427-C3A5-4735-9934-D16A53E2FC59}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{850919B6-3110-46A2-90F0-D9623646A229}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\NS2.exe (Unknown Worlds Entertainment -> )
FirewallRules: [{85EC4804-0F80-4CE5-AD05-2D55ED418BAF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8CC7CCC3-C371-4A03-A1AE-7EAF0EBF4FAD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{AC1C7DB7-BD13-410E-9B50-7A28125B58C7}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6ECA6DCC-6763-4C41-822D-4841202986B4}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D765618B-3358-4B95-972F-9428C286BAFD}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1FCB5E8B-4B29-4446-81E4-B9F15EDB1955}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{77970D38-0B76-4877-B873-C2EEDA6F24C0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BF367D47-87CB-4517-AEE8-04D8A7D58ED9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1B8A3E14-FEC7-496D-B418-06E653C17644}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [UDP Query User{1749D708-6AA2-4EA7-8D77-3475EB21A686}E:\games\hearts of iron iv new\hoi4.exe] => (Allow) E:\games\hearts of iron iv new\hoi4.exe => No File
FirewallRules: [{2B5B86A7-1A68-4940-81E2-958DDBC7179B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{D93C317B-C020-4D1E-9063-A5E7E875A898}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [File not signed]
FirewallRules: [{6531480F-2D43-4732-8958-19670F084B4C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{9F311F02-DACD-400A-9820-FA8DB1C3E127}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe () [File not signed]
FirewallRules: [{19399C4B-D0D5-4ED5-9499-B4064E484D4B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{F6A03E50-B320-46FA-95BA-4E3DAC93716E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe () [File not signed]
FirewallRules: [{D116FA49-9576-4DA7-B5F5-48E6DDBDBD21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{C58B4F5B-D38C-47DA-8C32-09E54B56D82F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe => No File
FirewallRules: [{ECF34A9C-3778-46BF-84B6-093B0EDC8F95}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{97BEE38F-0977-44C3-9C62-3B2D0AA01139}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File
FirewallRules: [{B91068B0-90FB-4DD5-A127-45B48E131C5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [{F6618346-E488-4ADD-8CD8-1B3BB9DEDCC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mechanicus\Mechanicus.exe () [File not signed]
FirewallRules: [TCP Query User{D0B373C4-F507-4CA1-A9F8-D95732D0CDBB}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [UDP Query User{41143AEA-1C23-4072-B35B-120D716B87DC}E:\games\anno 1800\bin\win64\anno1800.exe] => (Block) E:\games\anno 1800\bin\win64\anno1800.exe => No File
FirewallRules: [{8A06E3F2-55A2-4187-AD68-5AA975484AD6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [{19B136CC-3A16-49F0-8D80-9E24FB55D294}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dyson Sphere Program\DSPGAME.exe () [File not signed]
FirewallRules: [TCP Query User{8444DDEE-96E4-41DA-9B76-BF9FB6D869D7}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{C48C8A53-256E-4D24-A9FB-1DD822811E2E}E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base83716\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{16DC5210-7268-4324-BF04-D776773CB74E}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [UDP Query User{0844BE68-B7DE-42FF-B759-CA2BF44DC24A}E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\trine 3\trine3_64bit.exe => No File
FirewallRules: [TCP Query User{FC7CF378-4541-4A69-9D59-6DA634C3A716}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{D2BFA281-25FA-4CA2-AA54-30E01F074526}E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84200\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{B4B62D17-AA18-44CF-AC5D-6BE97896254C}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{63CBBB81-C7D7-4C12-8229-9C1CE1823091}E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base84249\heroesofthestorm_x64.exe => No File
FirewallRules: [{A43991FE-E4B9-4603-A405-18EFDC98B28B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{8B22F7B6-CC3C-4018-B1D8-1FE10B1AC21C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [TCP Query User{40884ED5-A9AF-4DDE-BBBF-557CC5A2C55B}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{B381E370-B5BD-4350-A63B-B09C55356D84}E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) E:\games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{E95F76C2-6B69-43AB-9E31-D7B634A667D6}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [UDP Query User{E236E002-2DEE-4B49-AB06-AD2B828934E8}C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe] => (Allow) C:\quick games\kingdomcomedeliverance\bin\win64mastermasterepicpgo\kingdomcome.exe => No File
FirewallRules: [TCP Query User{3208E553-3EB2-4593-A854-F498F1B08B06}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [UDP Query User{23B099D3-AF9D-4CE8-9D86-69468F552292}C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Allow) C:\quick games\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [{A6564809-365E-4A8C-95C2-06D98DE5C75F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{823B0C0A-F98C-47BB-BB16-ABCD9DD3ECF4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{361CE1E5-AA98-4FD3-A6EA-C1388DFEE6C5}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [UDP Query User{6186A1D7-909E-4E11-AF2E-56663DA05574}E:\games\hearts of iron iv battle for the bosporus\hoi4.exe] => (Block) E:\games\hearts of iron iv battle for the bosporus\hoi4.exe => No File
FirewallRules: [{3CED1803-43DA-469D-B8AF-9EEB37AC3D5A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [{7F84F302-4ADD-4E3F-8B05-E8E3C62E2E12}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\WormsWMD\Worms W.M.D.exe () [File not signed]
FirewallRules: [TCP Query User{68474532-E969-49B6-A142-0C282E8DE99A}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [UDP Query User{BD6B4375-9AA4-4E9F-B7E0-CBD30D143B87}E:\games\age of empires ii\aoe2de_s.exe] => (Allow) E:\games\age of empires ii\aoe2de_s.exe (Microsoft Corporation) [File not signed]
FirewallRules: [TCP Query User{803DEBBB-20FF-4393-BBC8-3D8010CB3C0B}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [UDP Query User{13A9A3A5-3A4D-4A56-ABD1-69ADB187EC0F}E:\games\age of empires ii\battleserver\battleserver.exe] => (Block) E:\games\age of empires ii\battleserver\battleserver.exe (Microsoft Corporation -> )
FirewallRules: [{D4AE6FD6-4482-4DDD-826F-4F09791CB1D5}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{7B18F54B-C17B-4E42-AFE9-0EA86F83D059}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{E598963F-F1B2-4B9B-8713-16A563C982EC}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{F6102896-BF7F-4911-A83C-05D700546219}] => (Allow) C:\Quick Games\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{AFC117DE-1620-46CB-9976-8AF9AC733AF1}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [UDP Query User{39E637F0-7570-4C18-8287-9527B1072D47}C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe] => (Allow) C:\quick games\steam\steamapps\common\age of empires iv beta\reliccardinal.exe => No File
FirewallRules: [{DA608CA4-1901-44A1-BF0B-1907FA5FBD57}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{B16AFB1C-70F9-4811-9077-88B9C9CC0131}] => (Allow) C:\Quick Games\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{92F7E7C0-A5E0-4421-97C8-F069540D9047}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{4472A0F8-542A-43E3-AC3A-094B693AE422}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity II\PillarsOfEternityII.exe => No File
FirewallRules: [{A1C7455B-1F50-4633-A8E0-5B59FD80E1B1}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{74CBBF8F-7E7B-4529-BE95-404977E2111F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{9F2C98C8-F9E0-435C-977F-843C082071E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{493CC20D-8466-4BA5-B668-F9B6DE744E43}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{823D8D89-F8B7-4597-9A6F-E84EE7BA7C90}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{BAF2163C-88D7-4BAC-8852-86911C50D3BF}E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86223\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{569F9980-77A0-43CC-8A7B-019A74CCE48C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{3797D972-AC37-4F4C-86C8-96F30A9E8D2C}C:\program files\opera gx\opera.exe] => (Block) C:\program files\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{584C8FC2-8148-458E-8EFD-2DEA54DC7AD0}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{CA69E102-246B-4DBE-A3DA-340D424C7D59}E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{ECFEE7A8-BC05-422F-B9D8-D084D9358E3B}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{24AAD416-D0C7-44ED-97FE-F377DE34C19A}] => (Allow) C:\Quick Games\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [TCP Query User{7554F35F-F32A-4AD9-80A9-08CF053CDFE7}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [UDP Query User{D56066A1-554D-496D-834E-7DA5FE1EAF02}E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\solargeneplaytest\solar\binaries\win64\solar.exe => No File
FirewallRules: [{8F99DF62-0C0A-448D-A753-93F1027F10E3}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7BE4A747-9FE2-4800-9E80-F32A4DAE2E6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{13D3CA15-2236-418B-B91B-678DE398D84D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BF3A6750-5C1E-4291-ACA7-BDF28DB3BF7C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{74B27E8F-04FB-4820-8F03-E6049E8A27D3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26D7F1BC-7B53-4231-82F0-53DB1BC0717A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [{34708A9D-6D35-45DC-976F-10201F7EE965}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Thea 2 The Shattering\Thea2.exe () [File not signed]
FirewallRules: [TCP Query User{1F5FAB82-6B59-46EA-B35A-359FBDFC621C}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{38019C89-8592-45BD-B640-B47B438F072F}E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) E:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{BEA02876-9AB5-4F07-AE15-1624A18DA60D}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{85377F2C-570D-4FA4-83BA-6A5043FD99AB}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{73C6840C-15B5-4C29-9883-5669FC574BED}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{F9F83B40-41C3-4EBE-9C24-49BB647CA062}] => (Allow) C:\Quick Games\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [TCP Query User{FDE77B3C-AD00-48E0-996C-DCA177A91382}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{C7F1288C-09C4-4EE7-97A8-F6B383729844}C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe] => (Allow) C:\quick games\steam\steamapps\common\total war warhammer iii\warhammer3.exe (The Creative Assembly Ltd -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{BB74E66F-18E2-4B7E-9B41-D2A640E647E5}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{666F6613-F11F-49A2-846A-FC6EF138A661}E:\games\hearts of iron iv no step back\hoi4.exe] => (Block) E:\games\hearts of iron iv no step back\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [{6848A8DE-747D-400B-B6CF-19EC2EF1173C}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{E51130E7-B6AD-4956-8F7C-151680D19A85}] => (Allow) C:\Quick Games\Steam\steamapps\common\Wolcen\win_x64\Wolcen.exe (Wolcen Studio) [File not signed]
FirewallRules: [{4A1078B5-11F9-492E-9B5E-8D686C8524F3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{1DC09D92-EDB8-45F4-93CF-22E21D33EF05}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Bloodhunt\Tiger.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{A50AB71E-F6B4-4156-9088-FD43C6A6A68C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{67A8502A-9A6E-4C8C-8242-240DBAADBFC9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{9D7DFD1D-874E-4FC4-8EA3-E15269D5A406}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{ECB032CC-99C9-419D-89AF-024FB4555ECE}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER II\launcher\launcher.exe => No File
FirewallRules: [{89E95E95-51B4-4461-B6B1-432118FD2560}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{31472397-64EA-4D4A-9F85-2574CD7E5A37}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Natural Selection 2\x64\NS2.exe (UNKNOWN WORLDS ENTERTAINMENT -> )
FirewallRules: [{5BD4E765-ACFE-4541-A8E3-6672FD29C0A7}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{70A7EA31-006A-44E2-89AA-FD8565E64464}] => (Allow) C:\Quick Games\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{5C59681B-6B76-4C8B-A320-B2CDD3E1DA5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{91438B91-BE75-4EE2-B025-AF17F4396A5B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Per Aspera\Per Aspera.exe () [File not signed]
FirewallRules: [{71B05DA4-38AA-48AB-BC52-9DED84B6A20B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{B00561B5-E73E-49D6-98BA-4EE64507F929}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto IV\GTAIV\PlayGTAIV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{70DF0C83-674B-4D7C-AE9E-38F22C6463BD}] => (Allow) C:\Program Files\Opera GX\88.0.4412.85\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{90353DF6-2762-4E85-B2A7-F3C9F08B3B9C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{41063086-D718-44DE-97FF-7E61AF611BC2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{04D73F0C-BB54-4B74-B5BB-6103F137CFFB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FAFF02D9-14B8-4DF7-819F-16917732042B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F35714EA-115D-4493-9BA0-2CFE74F93B6E}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{1BBA500A-B3E6-4DD1-AF58-9F93AD12880B}] => (Allow) C:\Quick Games\Steam\steamapps\common\Total War WARHAMMER III\launcher\launcher.exe (The Creative Assembly Ltd -> Creative Assembly Ltd)
FirewallRules: [{8203DEC9-E04B-4644-A9CE-DECA8239D47C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D6CC83F9-7D55-443D-85CA-C521C2244616}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3ED4F008-E057-4D6A-A078-9B7E6C4B2F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3D2B7FF7-58BB-4774-8575-42831DFE729B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{52B66FD7-C89D-43FD-A7C0-593AA5F03C67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{60D6A8CF-61C0-4D95-A277-172B172C0DEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A160ABF3-5C53-4A69-BE19-B55E1F67376F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2A23326-1E6F-462B-8CB7-2C2384A9C67E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5CE72EA4-5B91-49C8-BD4C-0960263791E9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A81D5FBE-EC72-4B3C-9506-AA06EA7F271C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.71\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ACA36C56-1B89-4B52-B1A6-65BADD987D4E}] => (Allow) C:\Program Files\Opera GX\89.0.4447.64\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{1E860CC0-347E-4100-8D21-B479B80AC21F}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{D3E9A615-12A6-4ADD-AA73-ED8F5A7D5E90}] => (Allow) C:\Quick Games\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
==================== Restore Points =========================
24-07-2022 09:02:26 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/30/2022 07:14:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15766
Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15766
Error: (07/28/2022 11:56:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15750
Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15750
Error: (07/25/2022 12:14:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/23/2022 12:37:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Nový svazek (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
System errors:
=============
Error: (07/30/2022 08:02:29 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.
Error: (07/27/2022 05:57:59 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} did not register with DCOM within the required timeout.
Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.ZuneVideo_10.22041.10091.0_x64__8wekyb3d8bbwe!Microsoft.ZuneVideo.AppXjgy0dfr6tssa93yj5px65cbv2gsc8r39.mca did not register with DCOM within the required timeout.
Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.WindowsFeedbackHub_1.2203.761.0_x64__8wekyb3d8bbwe!App.AppX8a6w88secebzyje9nrqc47xt488tkbmc.mca did not register with DCOM within the required timeout.
Error: (07/27/2022 12:41:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Error: (07/26/2022 03:01:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.MicrosoftOfficeHub_18.2205.1091.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXvhez9tbpytkh6zv5q0bx5fj12yay14wg.mca did not register with DCOM within the required timeout.
Error: (07/23/2022 08:57:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server Microsoft.MicrosoftOfficeHub_18.2205.1091.0_x64__8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub.AppXvhez9tbpytkh6zv5q0bx5fj12yay14wg.mca did not register with DCOM within the required timeout.
Error: (07/23/2022 01:39:29 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VGTMQ82)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2022-07-30 07:12:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-28 23:24:55
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-28 15:25:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-26 14:19:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-25 10:07:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-07-16 20:29:53
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-06-17 20:52:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 3.00 09/10/2015
Motherboard: MSI Z170A-G43 PLUS (MS-7970)
Processor: Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 16339.84 MB
Available physical RAM: 9186.95 MB
Total Virtual: 24275.84 MB
Available Virtual: 11297 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.89 GB) (Free:323.53 GB) (Model: CT1000P1SSD8) NTFS
Drive d: () (Fixed) (Total:1862.79 GB) (Free:774 GB) (Model: ST2000DM008-2FR102) NTFS
Drive e: (Nový svazek) (Fixed) (Total:1863.01 GB) (Free:940.75 GB) (Model: ST2000DM001-1ER164) NTFS
\\?\Volume{0f8c9d20-fca9-4cdd-933a-802f5df718e1}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{f1d397e9-2f37-4f10-b8b5-3bfd253f320c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 81190A92)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: B7FE9059)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
