www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770587/i-think-i-have-a-virus-that-uses-ram/#entry5342571
Effective URL: https://www.bleepingcomputer.com/forums/t/770587/i-think-i-have-a-virus-that-uses-ram/
Submission: On April 06 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770587/i-think-i-have-a-virus-that-uses-ram/
Submission: On April 06 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770587" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770587">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770587/i-think-i-have-a-virus-that-uses-ram/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Intel shuts down all business operations in Russia
Featured Deal: Launch your own WordPress site with this lifetime hosting deal
I THINK I HAVE A VIRUS THAT USES RAM
Started by RyuQi , Apr 04 2022 05:49 PM
* Please log in to reply
12 replies to this topic
#1 RYUQI
RyuQi
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted 04 April 2022 - 05:49 PM
Hi
Basically while im gaming the ram usage is 73% or so which is incredibly high
for my pc since im not running heavy games
the moment i open task manager to check whats using my ram the ram INSTANTLY
drops to 60
some apps have been crashing as well recently just random error texts that i
dont understand ive scanned my pc with windows defender which ofc didnt work and
didnt find anything but i cant afford a better anti virus program if anyone can
tell me whats going on since its not fun to have my pc just be 30% slower then
it usually :l
Thanks for the time ^^
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V157990 Read More
Read More Read More Read More Read More Read More Intel shuts down all business
operationsin Russia 1/1 Skip Ad Continue watching after the ad Visit Advertiser
websiteGO TO PAGE
--------------------------------------------------------------------------------
#2 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,722 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:40 AM
Posted 04 April 2022 - 08:22 PM
Greetings RyuQi and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal
forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please
call me Gary.
If you would allow me to call you by your first name I would prefer to do that.
===================================================
Ground Rules:
* First, please keep in mind most of us at BleepingComputer volunteer our
assistance for your benefit in your time of need. Please try to match our
commitment to you with your patience toward us.
* It is important to not run any tools or take any steps other than those I
will provide for you.
* Please perform all steps in the order they are listed. If things are not
clear or you experience problems be sure to stop and let me know.
* Please copy and paste all logs into your post unless otherwise requested.
* When your computer is clean I will let you know, provide instructions to
remove tools and reports, and offer you information about how you can combat
future infections.
* If you do not reply to your topic after 5 days I will assume it has been
abandoned and I will close it.
===================================================
Now that I am assisting you, you can expect that I will be very responsive to
your situation. If you are able, I would request you check this thread at least
once per day so that we can try to resolve your issues effectively and
efficiently. If you are going to be delayed please be considerate and let me
know.
Thank you for your patience thus far.
Please do this.
===================================================
Farbar Recovery Scan Tool (FRST)
--------------------
* Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and
save it to your Desktop. <<< Important
* Right click on the icon and select Run as administrator
* Note: If you receive any warning about the download it is a false positive
and you can ignore it
* Click Yes to the disclaimer
* Click Scan and allow the program to run
* Click OK on the Scan complete screen, then OK on the Addition.txt pop up
screen
* 2 Notepad documents should now be open on your desktop.
* Please copy and paste the contents of each report in separate reply windows
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
any requested log information unless you are asked to attach it.
* FRST.txt
* Addition.txt
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#3 RYUQI
RyuQi
* Topic Starter
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted Yesterday, 02:32 PM
Hey my name is Elmo and here is the first scan
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->)
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer
Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\Razer\Razer Services\Razer
Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program
Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->)
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer
Synapse Service Process.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common
Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(C:\Program Files\LGHUB\lghub.exe ->) (Logitech Inc -> Logitech, Inc.)
C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\LGHUB\lghub_agent.exe ->) (Logitech Inc -> Logitech, Inc.)
C:\Program Files\LGHUB\logi_crashpad_handler.exe <2>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia
Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA
GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia
Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA
Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co.
Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. ->
Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. ->
Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp.
-> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program
Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed]
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe <2>
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) (Riot Games, Inc. -> Riot
Games, Inc.) C:\Riot Games\Riot Client\UX\RiotClientUx.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) (Riot Games, Inc. -> Riot
Games, Inc.) D:\Games\Riot Games\League of Legends\LeagueClient.exe
(C:\Riot Games\Riot Client\UX\RiotClientUx.exe ->) (Riot Games, Inc. -> Riot
Games, Inc.) C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe <2>
(C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
->) (Skutta, Kristjan -> )
C:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Software
AS -> Opera Software) C:\Users\Elmanuel\AppData\Local\Programs\Opera
GX\84.0.4316.52\opera_crashreporter.exe
(D:\Games\Riot Games\League of Legends\LeagueClient.exe ->) (Riot Games, Inc. ->
) D:\Games\Riot Games\League of Legends\LeagueCrashHandler.exe
(D:\Games\Riot Games\League of Legends\LeagueClient.exe ->) (Riot Games, Inc. ->
Riot Games, Inc.) D:\Games\Riot Games\League of Legends\LeagueClientUx.exe
(D:\Games\Riot Games\League of Legends\LeagueClientUx.exe ->) (Intel Corporation
-> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(D:\Games\Riot Games\League of Legends\LeagueClientUx.exe ->) (Riot Games, Inc.
-> Riot Games, Inc.) D:\Games\Riot Games\League of
Legends\LeagueClientUxRender.exe <5>
(Discord Inc. -> Discord Inc.)
C:\Users\Elmanuel\AppData\Local\Discord\app-1.0.9004\Discord.exe <6>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program
Files\LGHUB\lghub.exe <4>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files
(x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot
Vanguard\vgtray.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common
Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Spotify AB -> Spotify Ltd)
C:\Users\Elmanuel\AppData\Roaming\Spotify\Spotify.exe <6>
(explorer.exe ->) (Unified Intents AB -> Unified Intents AB) D:\Phone\Unified
Remote 3\RemoteServerWin.exe
(explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files
(x86)\VB\Voicemeeter\voicemeeterpro.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA
Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Software AS -> Opera Software)
C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\opera.exe <32>
(Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot
Client\RiotClientServices.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program
Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files
(x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files
(x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program
Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.GamingServices_3.63.22003.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.GamingServices_3.63.22003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher ->
Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation)
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\Display.NvContainer\NVDisplay.Container.exe
<2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files
(x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer
Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer
Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer
Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files
(x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files
(x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor)
C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Skutta, Kristjan -> )
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program
Files\Tablet\Wacom\WTabletServicePro.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Microsoft OneDrive\22.055.0313.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Unarchiver) [File not signed]
C:\Users\Elmanuel\AppData\Roaming\Unarchiver\Unarchiver.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe
[857376 2019-01-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe
[3183328 2022-03-12] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop
Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. ->
Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams
Installer\Teams.exe [114671912 2021-02-10] (Microsoft Corporation -> Microsoft
Corporation)
HKLM-x32\...\Run: [Genshin Impact_launcher_pcepic_1_0] => [X]
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files
(x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2022-03-28] (Intel
Corporation -> Intel)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2623368 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Steam] =>
D:\steam\steam.exe [4279208 2022-03-14] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Battle.net] =>
C:\Program Files (x86)\Battle.net\Battle.net.exe [1079184 2021-06-10] (Blizzard
Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Overwolf] =>
D:\Overwolf\OverwolfLauncher.exe -overwolfsilent (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Spotify] =>
C:\Users\Elmanuel\AppData\Roaming\Spotify\Spotify.exe [20025272 2022-03-19]
(Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Krisp] => "C:\Program
Files\Krisp\Krisp.exe" -s (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Opera GX Browser
Assistant] => C:\Users\Elmanuel\AppData\Local\Programs\Opera
GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS ->
Opera Software)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [com.blitz.app] =>
C:\Users\Elmanuel\AppData\Local\Programs\Blitz\Blitz.exe --autostart (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Unified Remote V3] =>
D:\Phone\Unified Remote 3\RemoteServerWin.exe [3243784 2021-02-22] (Unified
Intents AB -> Unified Intents AB)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [LGHUB] => C:\Program
Files\LGHUB\lghub.exe [139935808 2022-03-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Synapse3] =>
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer
Synapse 3.exe [3524680 2022-02-28] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Web Companion] =>
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
--minimize (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [SignalRgb] =>
"C:\Users\Elmanuel\AppData\Local\VortxEngine\SignalRgbLauncher.exe" --silent (No
File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Discord] =>
C:\Users\Elmanuel\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord
Inc. -> GitHub)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [ut] =>
C:\Users\Elmanuel\AppData\Roaming\uTorrent\uTorrent.exe [2279720 2021-12-20]
(BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer:
[DisallowRun] 1
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[1] Autoruns.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[2] Autoruns64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[3] Autoruns64a.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[4] autorunsc.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[5] autorunsc64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[6] autorunsc64a.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2:
{1400b6c5-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2:
{1400bf94-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\Control
Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\WPXSCR~1.SCR [261280
2021-11-27] (Skutta, Kristjan -> )
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files
(x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
[3524680 2022-02-28] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Windows x64\Print Processors\sxj2mPC:
C:\Windows\System32\spool\prtprocs\x64\sxj2mpc.dll [43520 2022-04-04] (Microsoft
Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK
provider)
HKLM\...\Print\Monitors\sxj2m Langmon: C:\Windows\system32\sxj2mlm.dll [34304
2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-29]
(Google LLC -> Google LLC)
Startup: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2021-08-20]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files
(x86)\VB\Voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
Startup: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Изпращане в OneNote.lnk [2021-04-16]
ShortcutTarget: Изпращане в OneNote.lnk -> C:\Program Files\Microsoft
Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft
Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {03192E9C-B7F0-4783-BFD3-347622815292} - System32\Tasks\Adobe Acrobat
Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {16CD6EB8-EA2A-4D8F-8F6B-FA6E6889EE86} - System32\Tasks\Opera GX scheduled
assistant Autoupdate 1615884813 =>
C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\launcher.exe [2406096
2022-03-29] (Opera Software AS -> Opera Software) -> --scheduledautoupdate
--component-name=assistant
--component-path="C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\assistant"
$(Arg0)
Task: {18A43471-AF64-4D58-8EFD-05F09C3115F7} - System32\Tasks\OneDrive
Per-Machine Standalone Update Task => C:\Program Files\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
Task: {1E04BEE1-8E10-452F-B86D-4B8F468298F2} -
System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
Task: {21390ED5-D085-4267-80A7-6A20CD212AF8} - System32\Tasks\PCIeBusQueue =>
"wevtutil.exe" cl System
Task: {223FCFD5-98ED-43BC-8720-5CD820E7CBBB} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B2CDB42-C3AA-448B-ACF3-942126848ED5} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2021-03-06] (Google Inc -> Google
LLC)
Task: {2C711B69-2D39-45FC-851D-2679E4B1C63E} - System32\Tasks\PCIeBus =>
"wevtutil.exe" cl Application
Task: {311EB972-9B3F-4DDF-A232-9DFFE70E5C4F} -
System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832
2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {362ECEC0-912D-4328-99DE-57B015098BF7} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2021-03-06] (Google Inc -> Google
LLC)
Task: {3D3EC524-E7EC-4EA8-B43D-5C6D4E866918} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832
2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {40C0C7EE-BE3F-4A06-BEC4-14B0825B32CA} - System32\Tasks\NVIDIA GeForce
Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
[3341000 2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {41EAF56E-33E4-457D-8234-7FFA2BADFF9D} -
System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4102784
2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {45C6029A-40ED-4993-8B66-9CC0A036DBDD} -
System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {5BD6FE18-2484-47BC-94A4-8A8068DFDCFC} -
System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {5F93E7F6-562D-41BF-BE00-880C73DC05FA} -
System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {69238869-0FE4-4AF7-96D3-B68C4FFC3F86} -
System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {722B4855-1FF4-4709-BB70-372F9ED5AD80} - System32\Tasks\Overwolf Updater
Task => D:\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Task: {763149F2-F5C7-42F3-8A7B-B39B19B77959} - System32\Tasks\OneDrive Reporting
Task-S-1-5-21-1817627007-317576481-894513035-1001 => C:\Program Files\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
Task: {7AED4EA9-521D-40DF-9397-8AC8F419C791} -
System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
Task: {844AED51-95E5-406E-BDBB-1FCE7D2AC6D9} -
System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft
Shared\Office16\operfmon.exe [61336 2022-04-05] (Microsoft Corporation ->
Microsoft Corporation)
Task: {89F8DE12-45EE-4D41-B540-E98572825B87} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {8BFFF176-40F2-468E-B291-5608FFD4846C} -
System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648192
2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A88470F8-621F-499D-A36D-DD746387EFFE} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files\Microsoft Office\root\Office16\msoia.exe [8338896 2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Task: {C427EF0D-D0FB-4D3C-BE0F-DB1D5981EA29} -
System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
=> C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128
2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program
Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {CA4802A3-9348-4D32-9D81-C5F333D1EF5C} -
System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906872
2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CEC609EA-0EC8-416E-A6EB-80E38FF620DA} - System32\Tasks\Opera scheduled
Autoupdate 1640028758 =>
C:\Users\Elmanuel\AppData\Local\Programs\Opera\launcher.exe
--scheduledautoupdate $(Arg0) (No File)
Task: {D5550323-A0CB-4A2A-B55D-A7C28BA02317} -
System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906872
2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D9D8BFB5-F956-45E3-9101-24D0158274A0} -
System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program
Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft
Shared\Office16\OLicenseHeartbeat.exe [971696 2022-04-05] (Microsoft Corporation
-> Microsoft Corporation)
Task: {DE0830BB-83CF-4B64-AFE9-AB5E25D8F285} - System32\Tasks\ContentManagement
=> C:\Users\Elmanuel\AppData\Roaming\Unarchiver\Unarchiver.exe [275065686
2022-03-23] (Unarchiver) [File not signed] <==== ATTENTION
Task: {E181D5E6-D37C-430B-A22D-4E3BFF244261} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F272605B-5BD6-4587-B457-E96E119131F6} - System32\Tasks\Opera GX scheduled
Autoupdate 1615020787 => C:\Users\Elmanuel\AppData\Local\Programs\Opera
GX\launcher.exe [2406096 2022-03-29] (Opera Software AS -> Opera Software)
Task: {F2CCD71E-EA36-4870-8827-3F3C4BB3E5B6} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program
Files\Microsoft Office\root\Office16\msoia.exe [8338896 2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Task: {F7BAFCA0-3CB3-4696-832B-062640EFFA0B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128
2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392
2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{18a16ced-6923-4141-87e1-63e435daf535}: [DhcpNameServer]
192.168.0.1 0.0.0.0
Edge:
=======
Edge Profile: C:\Users\Elmanuel\AppData\Local\Microsoft\Edge\User Data\Default
[2022-03-13]
FireFox:
========
FF DefaultProfile: s2tsgoie.default
FF ProfilePath:
C:\Users\Elmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\s2tsgoie.default
[2021-03-06]
FF ProfilePath:
C:\Users\Elmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\9a1orpzb.default-esr
[2021-03-06]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program
Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-03-08] (Oracle
America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program
Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-03-08] (Oracle America, Inc.
-> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat
DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog
Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File
not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Mozilla
Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-04] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft
Corporation)
FF Plugin HKU\S-1-5-21-1817627007-317576481-894513035-1001:
@lightspark.github.com/Lightspark;version=1 ->
D:\Games\Lightspark\nplightsparkplugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Elmanuel\AppData\Local\Google\Chrome\User Data\Default
[2022-02-25]
CHR DownloadDir: D:\Download
CHR StartupUrls: Default -> "hxxp://www.google.bg/"
CHR NewTab: Default ->
Active:"chrome-extension://gdgpebnfpmghdcdcamhjndilicoajmdb/start/index.html",
Not-active:"chrome-extension://jgliccfghhliahhlickaepbpoodoojil/start/index.html"
CHR Extension: (Slides) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-06]
CHR Extension: (Safe Torrent Scanner) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-02-25]
CHR Extension: (Docs) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-06]
CHR Extension: (Google Drive) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-06]
CHR Extension: (Papas Cupcakeria Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bgafdfbeilmpdipkccdjddlbmnblkldf [2021-03-09]
CHR Extension: (Trocker) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bjojfeillmmoeadgobbcknkgdkngbcdb [2021-11-03]
CHR Extension: (YouTube) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-06]
CHR Extension: (uBlock Origin) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-02-25]
CHR Extension: (Tampermonkey) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-11-03]
CHR Extension: (User-Agent Switcher for Chrome) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2021-03-09]
CHR Extension: (Dark Mode) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2021-11-03]
CHR Extension: (Sheets) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-06]
CHR Extension: (Naruto VS Sasuke Backgrounds HD New Tab) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gdgpebnfpmghdcdcamhjndilicoajmdb [2021-11-19]
CHR Extension: (Google Docs Offline) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-25]
CHR Extension: (Papas Taco Mia Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gihjealcgeaoldokenminkbebjbjbhjm [2021-03-09]
CHR Extension: (Papa's Freezeria) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hhfgpeehinbpikhdpgheeknfgkkjiecp [2021-03-09]
CHR Extension: (Papas Pastaria Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ipgpdacoallahbdedblioplcgpkkgnig [2021-03-09]
CHR Extension: (Motorcycles - Motocross Dirt Bikes New Tab) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jgliccfghhliahhlickaepbpoodoojil [2021-03-09]
CHR Extension: (Pocket Legends) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2021-03-09]
CHR Extension: (Papas Hot Doggeria Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\njkhagialigbhdleagnpehgfnmaebfdh [2021-03-09]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-06]
CHR Extension: (Gmail) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-06]
CHR Profile: C:\Users\Elmanuel\AppData\Local\Google\Chrome\User Data\System
Profile [2021-03-09]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
Opera:
=======
OPR Profile: C:\Users\Elmanuel\AppData\Roaming\Opera Software\Opera Stable
[2021-12-20]
OPR Extension: (Rich Hints Agent) - C:\Users\Elmanuel\AppData\Roaming\Opera
Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-20]
OPR Extension: (Amazon Assistant Promotion) -
C:\Users\Elmanuel\AppData\Roaming\Opera Software\Opera
Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-20]
StartMenuInternet: (HKU\S-1-5-21-1817627007-317576481-894513035-1001) Opera
GXStable - "C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
[8901960 2022-01-23] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support
Assistant\DSAService.exe [39352 2022-03-28] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support
Assistant\DSAUpdateService.exe [184248 2022-03-28] (Intel Corporation -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520
2022-02-22] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online
Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-21] (Epic Games
Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft
OneDrive\22.055.0313.0001\FileSyncHelper.exe [3389824 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG
Galaxy\GalaxyClientService.exe [1990496 2021-09-30] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication;
C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832
2021-09-30] (GOG Sp. z o.o. -> GOG.com)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11099200
2022-03-22] (Logitech Inc -> Logitech, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [11100688 2021-09-07] (INCA Internet
Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe
/Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-03-06] (Microsoft
Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft
OneDrive\22.055.0313.0001\OneDriveUpdaterService.exe [3867512 2022-04-04]
(Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe
[2563288 2022-04-01] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files
(x86)\Origin\OriginWebHelperService.exe [3481824 2022-04-01] (Electronic Arts,
Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2021-08-19] (Even Balance,
Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma
SDK\bin\RzSDKServer.exe [2028568 2022-02-21] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma
SDK\bin\RzSDKService.exe [461336 2021-11-30] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma
SDK\bin\RzChromaStreamServer.exe [1349688 2022-02-21] (Razer USA Ltd. -> Razer
Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer
Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer
Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer
Synapse Service.exe [298056 2022-02-28] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; D:\Games\Launcher\RockstarService.exe [2017072 2021-12-31]
(Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer
Central\RazerCentralService.exe [533824 2022-02-18] (Razer USA Ltd. -> Razer
Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6254864 2022-04-03] (Microsoft Windows Publisher ->
Microsoft Corporation)
S3 ss_conn_launcher_service;
C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09]
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB
Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung
Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB
Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung
Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14661928
2021-05-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common
Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-23] (Wellbia.com
Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 UWPService; C:\Windows\SysWOW64\Creative.UWPRPCService.exe [357288
2021-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Creative
Technology Ltd)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10401912 2022-03-12] (Riot
Games, Inc. -> Riot Games, Inc.)
R2 Wallpaper Engine Service;
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
[129696 2021-12-05] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8737992 2022-01-23]
(PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem;
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\Display.NvContainer\NVDisplay.Container.exe
-s NVDisplay.ContainerLocalSystem -f
%ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\Display.NvContainer\plugins\LocalSystem
-r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 OverwolfUpdater; "D:\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08]
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10]
(Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo;
C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys
[33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher ->
Windows ® Win 7 DDK provider)
S3 e2esoft_ivcamaudio_simple; C:\Windows\system32\drivers\iVCamAud.sys [255464
2020-11-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R1 gvm; C:\Windows\system32\DRIVERS\gvm.sys [393712 2021-04-02] (Google LLC ->
Google LLC)
S3 HidHide; C:\Windows\System32\drivers\HidHide.sys [61408 2021-04-01]
(Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software
Solutions e.U.)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy
-> Windows ® Win 7 DDK provider)
S3 iriunvid;
C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_1abe69abaf98b7f7\iriunvid.sys
[157568 2021-05-01] (Iriun Oy -> Windows ® Win 7 DDK provider)
S3 iVCam; C:\Windows\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai
Yitu Information Technology Co., Ltd. -> e2eSoft)
R3 logi_audio_surround; C:\Windows\system32\drivers\logi_audio_surround.sys
[44488 2021-11-03] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [33528
2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [21704
2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [62904
2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [43456 2019-05-06]
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552
2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA
Corporation)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer
USA Ltd. -> Razer Inc)
R3 RzDev_0082; C:\Windows\System32\drivers\RzDev_0082.sys [56200 2020-08-24]
(Razer USA Ltd. -> Razer Inc)
R3 RzDev_0083; C:\Windows\System32\drivers\RzDev_0083.sys [54152 2020-08-24]
(Razer USA Ltd. -> Razer Inc)
S3 RzDev_0243; C:\Windows\System32\drivers\RzDev_0243.sys [54152 2020-08-24]
(Razer USA Ltd. -> Razer Inc)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce
James -> Scarlet.Crush Productions)
R2 SignalRgbDriver; C:\Windows\System32\Drivers\SignalRgbDriver.sys [25832
2022-01-10] (WHIRLWIND VIRTUAL REALITIES INC. -> )
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [14224 2022-04-04] (Microsoft
Windows Hardware Compatibility Publisher -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung
Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys
[45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co.,
Ltd.)
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [28128 2020-04-21] (Unified
Intents AB -> Windows ® Win 7 DDK provider)
R3 VBAudioVACMME; C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [41192
2021-08-18] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME;
C:\Windows\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2021-08-18]
(Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\drivers\vbaudio_vmvaio64_win10.sys
[71712 2021-08-18] (Vincent Burel -> Windows ® Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8508504 2022-03-11] (Riot Games,
Inc. -> Riot Games, Inc.)
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2020-12-14]
(Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software
Solutions e.U.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-03-15]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [439544 2022-03-15]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15]
(Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-01-23] (Wellbia.com Co., Ltd.
-> Wellbia.com Co., Ltd.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776
2022-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited
Corporation)
S3 BTMCOM; \SystemRoot\System32\Drivers\btmcom.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-05 22:27 - 2022-04-05 22:27 - 000043885 _____
C:\Users\Elmanuel\Desktop\FRST.txt
2022-04-05 22:27 - 2022-04-05 22:27 - 000000000 ____D C:\FRST
2022-04-05 21:56 - 2022-04-05 21:56 - 002365440 _____ (Farbar)
C:\Users\Elmanuel\Downloads\FRST64.exe
2022-04-05 21:56 - 2022-04-05 21:56 - 002365440 _____ (Farbar)
C:\Users\Elmanuel\Desktop\FRST64.exe
2022-04-04 21:08 - 2022-04-04 21:08 - 000000000 ____D
C:\Users\Elmanuel\AppData\LocalLow\NVIDIA
2022-04-04 21:05 - 2022-04-04 21:05 - 000153237 _____
C:\Users\Elmanuel\Downloads\da.pdf
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ___RD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D
C:\Windows\system32\Tasks\Leader Technologies
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Xerox
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Leadertech
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D C:\Program Files\Common
Files\Common Desktop Agent
2022-04-04 20:58 - 2022-04-04 20:49 - 001786880 ____N (Xerox/Leader
Technologies) C:\Windows\Xreg.exe
2022-04-04 20:57 - 2022-04-04 20:58 - 000000000 ____D C:\Program Files
(x86)\Xerox
2022-04-04 20:57 - 2022-04-04 20:57 - 000000000 ____D C:\ProgramData\Xerox
2022-04-04 20:57 - 2022-04-04 20:48 - 000151552 _____ (SS)
C:\Windows\system32\sxj2mci.exe
2022-04-04 20:57 - 2022-04-04 20:48 - 000089600 _____ (SS)
C:\Windows\system32\sxj2mci.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000034304 _____ ()
C:\Windows\system32\sxj2mlm.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000000359 _____
C:\Windows\system32\sxj2mlm.smt
2022-04-04 20:49 - 2022-04-04 20:49 - 000014224 ____N ()
C:\Windows\system32\Drivers\SSPORT.SYS
2022-04-03 16:31 - 2022-04-04 00:33 - 113770496 _____
C:\Windows\system32\config\SOFTWARE
2022-04-03 16:28 - 2022-04-03 16:31 - 000000000 ____D C:\Windows\Microsoft
Antimalware
2022-04-03 05:12 - 2022-04-03 05:12 - 000001516 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support
Assistant.lnk
2022-04-03 05:12 - 2022-04-03 05:12 - 000000000 ____D C:\ProgramData\Intel
2022-04-03 05:12 - 2022-04-03 05:12 - 000000000 ____D C:\Program Files
(x86)\Intel
2022-04-03 05:11 - 2022-04-03 05:11 - 000048640 _____ (Adobe Systems)
C:\Windows\system32\atmlib.dll
2022-04-03 05:11 - 2022-04-03 05:11 - 000039936 _____ (Adobe Systems)
C:\Windows\SysWOW64\atmlib.dll
2022-04-03 05:11 - 2022-04-03 05:11 - 000011791 _____
C:\Windows\system32\DrtmAuthTxt.wim
2022-04-03 05:10 - 2022-04-03 05:10 - 000162816 _____
C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-04-03 05:09 - 2022-04-03 05:09 - 000000000 ____D
C:\ProgramData\DriverTalent
2022-04-03 05:08 - 2022-04-03 05:11 - 000000000 ____D C:\Program Files
(x86)\OSTotoSoft
2022-04-03 05:08 - 2022-04-03 05:08 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\DriverTalent
2022-04-03 05:03 - 2022-04-03 05:03 - 000000000 ___HD C:\$WinREAgent
2022-04-01 23:31 - 2022-04-01 23:31 - 000803604 _____
C:\Users\Elmanuel\Downloads\razer-id-codes-1648845090471.pdf
2022-04-01 19:01 - 2022-03-17 19:33 - 000047792 _____ (NVIDIA Corporation)
C:\Windows\system32\Drivers\nvhdap64.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001905904 _____
C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001905904 _____
C:\Windows\system32\vulkaninfo.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001478392 _____
C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001478392 _____
C:\Windows\SysWOW64\vulkaninfo.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001467840 _____ (Khronos Group)
C:\Windows\system32\OpenCL.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001432312 _____
C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001432312 _____
C:\Windows\system32\vulkan-1.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001209400 _____ (Khronos Group)
C:\Windows\SysWOW64\OpenCL.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001145584 _____
C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001145584 _____
C:\Windows\SysWOW64\vulkan-1.dll
2022-04-01 19:00 - 2022-03-18 08:40 - 000795704 _____
C:\Windows\system32\nvofapi64.dll
2022-04-01 19:00 - 2022-03-18 08:40 - 000715944 _____ (NVIDIA Corporation)
C:\Windows\system32\nvml.dll
2022-04-01 19:00 - 2022-03-18 08:40 - 000636480 _____
C:\Windows\SysWOW64\nvofapi.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 002121688 _____ (NVIDIA Corporation)
C:\Windows\system32\NvFBC64.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 001600680 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\NvFBC.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 001529936 _____ (NVIDIA Corporation)
C:\Windows\system32\NvIFR64.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 001175696 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\NvIFR.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 000981648 _____ (NVIDIA Corporation)
C:\Windows\system32\nvEncodeAPI64.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 000792208 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 000712664 _____ (NVIDIA Corporation)
C:\Windows\system32\nvidia-smi.exe
2022-04-01 19:00 - 2022-03-18 08:38 - 008610472 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcuvid.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 007713872 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvcuvid.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 005729752 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcpl.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 005101528 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvcuda.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 000456872 _____ (NVIDIA Corporation)
C:\Windows\system32\nvdebugdump.exe
2022-04-01 19:00 - 2022-03-18 08:36 - 000850088 _____ (NVIDIA Corporation)
C:\Windows\system32\MCU.exe
2022-04-01 19:00 - 2022-03-18 08:35 - 006458872 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvapi.dll
2022-04-01 19:00 - 2022-03-17 19:33 - 000089337 _____
C:\Windows\system32\nvinfo.pb
2022-03-28 20:52 - 2022-03-28 20:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Genshin Impact
2022-03-26 15:52 - 2022-03-26 15:52 - 000233764 _____
C:\Users\Elmanuel\Downloads\Skyrim - Anniversay Edition [FitGirl Repack].torrent
2022-03-26 14:32 - 2022-03-26 14:32 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\FLT
2022-03-26 13:23 - 2022-03-26 15:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\LocalLow\uTorrent
2022-03-23 11:18 - 2022-03-23 11:18 - 000062904 _____ (Logitech)
C:\Windows\system32\Drivers\logi_joy_xlcore.sys
2022-03-23 11:18 - 2022-03-23 11:18 - 000033528 _____ (Logitech)
C:\Windows\system32\Drivers\logi_joy_bus_enum.sys
2022-03-23 11:18 - 2022-03-23 11:18 - 000021704 _____ (Logitech)
C:\Windows\system32\Drivers\logi_joy_vir_hid.sys
2022-03-23 11:18 - 2022-03-23 11:18 - 000000650 _____
C:\Users\Public\Desktop\Logitech G HUB.lnk
2022-03-23 11:18 - 2022-03-23 11:18 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-03-23 11:18 - 2022-03-23 11:18 - 000000000 ____D C:\Program Files\LGHUB
2022-03-23 00:25 - 2022-03-23 00:25 - 000000869 _____
C:\Users\Elmanuel\Desktop\ImmortalsFenyxRising.exe.lnk
2022-03-23 00:25 - 2022-03-23 00:25 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\Immortals Fenyx Rising
2022-03-23 00:25 - 2022-03-23 00:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Goldberg UplayEmu Saves
2022-03-23 00:25 - 2022-03-23 00:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\EMPRESS
2022-03-23 00:24 - 2022-03-23 00:24 - 000003552 _____
C:\Windows\system32\Tasks\ContentManagement
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____
C:\Windows\system32\Tasks\PCIeBusQueue
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____
C:\Windows\system32\Tasks\PCIeBus
2022-03-23 00:24 - 2022-03-23 00:24 - 000000606 _____
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Immortals Fenyx
Rising.lnk
2022-03-23 00:24 - 2022-03-23 00:24 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Unarchiver
2022-03-22 21:13 - 2022-03-22 21:13 - 000000627 _____
C:\Users\Public\Desktop\Yakuza 6 - The Song of Life.lnk
2022-03-22 18:39 - 2022-03-26 17:08 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Skyrim Special Edition
2022-03-20 12:03 - 2022-03-20 12:03 - 000001772 _____
C:\Users\Public\Desktop\Project Zomboid.lnk
2022-03-20 12:03 - 2022-03-20 12:03 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Zomboid [GOG.com]
2022-03-20 11:55 - 2022-03-20 11:55 - 000000000 ____D C:\GOG Games
2022-03-20 11:31 - 2022-03-27 01:40 - 000000000 ____D C:\Users\Elmanuel\Zomboid
2022-03-19 13:49 - 2022-03-19 13:49 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Sifu
2022-03-13 22:44 - 2022-03-13 22:45 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\User Data
2022-03-13 22:44 - 2022-03-13 22:44 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\nwjs
2022-03-13 22:38 - 2022-03-13 22:38 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\gpc_storage
2022-03-13 22:38 - 2022-03-13 22:38 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\game_patches
2022-03-13 00:32 - 2022-04-05 01:18 - 000000000 ____D C:\Program Files\Cheat
Engine 7.4
2022-03-13 00:32 - 2022-03-13 00:32 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\My Cheat Tables
2022-03-11 15:58 - 2022-03-11 15:58 - 002260992 _____
C:\Windows\system32\TextInputMethodFormatter.dll
2022-03-11 15:58 - 2022-03-11 15:58 - 002254336 _____
C:\Windows\system32\dwmscene.dll
2022-03-11 15:58 - 2022-03-11 15:58 - 000272896 _____
C:\Windows\system32\TpmTool.exe
2022-03-11 15:58 - 2022-03-11 15:58 - 000223744 _____
C:\Windows\SysWOW64\TpmTool.exe
2022-03-11 15:58 - 2022-03-11 15:58 - 000195584 _____
C:\Windows\system32\uwfcfgmgmt.dll
2022-03-10 16:02 - 2022-03-10 16:04 - 191226758 _____
C:\Users\Elmanuel\Downloads\TheDailyLaws366MeditationsonPowerSeductionMasteryStrategyandHumanNature_ep5.aax
2022-03-10 15:53 - 2022-03-10 15:57 - 339963303 _____
C:\Users\Elmanuel\Downloads\48LawsofPower_ep5.aax
2022-03-09 22:29 - 2022-03-09 22:29 - 003682788 _____
C:\Users\Elmanuel\Downloads\VgFSwJS - Imgur.mp4
2022-03-08 21:44 - 2022-04-05 21:51 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Discord
2022-03-06 15:08 - 2022-03-06 15:08 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RazerCentral
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-05 22:28 - 2021-03-06 11:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\discord
2022-04-05 22:18 - 2021-03-07 18:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Spotify
2022-04-05 21:59 - 2021-03-07 18:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Spotify
2022-04-05 21:58 - 2021-06-02 00:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\WTablet
2022-04-05 21:58 - 2021-04-16 09:47 - 000000000 ____D C:\Program Files\Microsoft
Office
2022-04-05 21:57 - 2021-03-07 18:19 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-05 21:54 - 2021-03-06 01:28 - 000000000 ____D C:\Program Files
(x86)\Google
2022-04-05 21:51 - 2021-08-09 18:00 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\LGHUB
2022-04-05 21:51 - 2021-08-09 18:00 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\LGHUB
2022-04-05 21:51 - 2021-03-07 18:23 - 000000000 ____D C:\ProgramData\Riot Games
2022-04-05 21:51 - 2021-03-06 01:02 - 000000000 ___RD C:\Users\Elmanuel\OneDrive
2022-04-05 01:50 - 2021-08-18 22:20 - 000038066 _____
C:\Users\Elmanuel\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-04-05 01:50 - 2019-12-07 12:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-04-05 01:25 - 2021-06-01 21:32 - 000000000 ____D C:\ProgramData\Unified
Remote
2022-04-05 01:19 - 2021-06-16 03:43 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\e2eSoft
2022-04-05 01:19 - 2021-03-07 17:59 - 000000000 ____D C:\SteamLibrary
2022-04-05 01:19 - 2021-03-06 01:19 - 000000000 ___HD C:\Program Files
(x86)\InstallShield Installation Information
2022-04-05 01:18 - 2021-03-20 18:37 - 000000000 ____D
C:\Users\Elmanuel\Desktop\Dumping folder
2022-04-05 00:42 - 2021-03-07 18:38 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\CrashDumps
2022-04-04 21:50 - 2021-12-11 20:04 - 000003588 _____
C:\Windows\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-1817627007-317576481-894513035-1001
2022-04-04 21:50 - 2021-09-09 22:52 - 000000000 ____D C:\Program Files\Microsoft
OneDrive
2022-04-04 21:50 - 2021-03-18 11:06 - 000003194 _____
C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-04-04 21:50 - 2021-03-18 11:06 - 000002138 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-04 20:57 - 2019-12-07 12:13 - 000000000 ____D C:\Windows\INF
2022-04-04 20:36 - 2020-09-27 17:33 - 000000000 ____D
C:\Windows\system32\SleepStudy
2022-04-04 00:41 - 2021-03-06 00:32 - 000840838 _____
C:\Windows\system32\PerfStringBackup.INI
2022-04-04 00:37 - 2021-03-08 00:31 - 000000001 _____
C:\Windows\vgkbootstatus.dat
2022-04-04 00:34 - 2021-05-30 23:10 - 000000000 ____D C:\Program
Files\TeamViewer
2022-04-04 00:34 - 2020-09-27 17:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-04-04 00:34 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ServiceState
2022-04-04 00:33 - 2019-12-07 12:03 - 000786432 _____
C:\Windows\system32\config\BBI
2022-04-03 16:36 - 2020-09-27 17:36 - 000002444 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-03 16:36 - 2019-12-07 12:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-04-03 16:36 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\AppReadiness
2022-04-03 07:38 - 2021-05-02 02:14 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Origin
2022-04-03 07:38 - 2021-03-08 22:10 - 000000000 ____D C:\ProgramData\Origin
2022-04-03 06:30 - 2021-05-02 02:14 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Origin
2022-04-03 05:31 - 2020-09-27 17:33 - 000446776 _____
C:\Windows\system32\FNTCACHE.DAT
2022-04-03 05:27 - 2019-12-07 12:54 - 000000000 ____D C:\Program Files\Windows
Defender Advanced Threat Protection
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ___RD
C:\Windows\ImmersiveControlPanel
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SystemResources
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\oobe
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\Dism
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\ShellExperiences
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\Provisioning
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\PolicyDefinitions
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\bcastdvr
2022-04-03 05:13 - 2021-03-06 01:57 - 000000000 ____D C:\ProgramData\Package
Cache
2022-04-03 05:13 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\CbsTemp
2022-04-01 23:26 - 2021-05-02 02:14 - 000000000 ____D C:\Program Files
(x86)\Origin
2022-04-01 19:02 - 2021-03-06 01:58 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\NVIDIA
2022-04-01 18:58 - 2021-03-07 19:26 - 000004308 _____
C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003976 _____
C:\Windows\system32\Tasks\NVIDIA GeForce Experience
SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003940 _____
C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003894 _____
C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003654 _____
C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000000000 ____D C:\Program Files
(x86)\NVIDIA Corporation
2022-04-01 18:58 - 2021-03-06 00:32 - 000000000 ____D C:\ProgramData\NVIDIA
Corporation
2022-04-01 18:58 - 2021-03-06 00:32 - 000000000 ____D C:\Program Files\NVIDIA
Corporation
2022-03-31 13:33 - 2021-11-28 13:21 - 000000000 ____D C:\Program Files\Genshin
Impact
2022-03-31 13:13 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\LiveKernelReports
2022-03-29 22:39 - 2021-03-06 01:28 - 000002307 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-29 22:38 - 2021-03-06 11:53 - 000004200 _____
C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1615020787
2022-03-29 22:38 - 2021-03-06 11:53 - 000001449 _____
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX
Browser.lnk
2022-03-29 17:51 - 2021-03-06 01:00 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Packages
2022-03-28 23:16 - 2021-08-18 22:00 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\Voicemeeter
2022-03-28 20:51 - 2021-09-13 23:34 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\miHoYo
2022-03-26 19:24 - 2021-03-06 01:57 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\D3DSCache
2022-03-26 16:28 - 2021-03-06 01:45 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\uTorrent
2022-03-26 14:32 - 2021-03-08 00:35 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\UnrealEngine
2022-03-24 11:55 - 2021-12-18 17:23 - 002258408 _____ (Microsoft Corporation)
C:\Windows\system32\xgameruntime.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000337384 _____ (Microsoft Corporation)
C:\Windows\system32\gameplatformservices.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000218600 _____ (Microsoft Corporation)
C:\Windows\system32\gamingservicesproxy.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000198120 _____ (Microsoft Corporation)
C:\Windows\system32\gameconfighelper.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000131072 _____ (Microsoft Corporation)
C:\Windows\system32\gamingtcuihelpers.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000120296 _____ (Microsoft Corporation)
C:\Windows\system32\gamelaunchhelper.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000062952 _____ (Microsoft Corporation)
C:\Windows\system32\gamemodcontrol.exe
2022-03-23 12:58 - 2021-11-11 10:45 - 000004562 _____
C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-03-23 12:58 - 2021-11-11 10:45 - 000002079 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-03-23 11:18 - 2021-03-06 11:53 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\ElevatedDiagnostics
2022-03-23 07:16 - 2021-03-07 19:26 - 002859128 _____ (NVIDIA Corporation)
C:\Windows\system32\nvspcap64.dll
2022-03-23 07:16 - 2021-03-07 19:26 - 002199760 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvspcap.dll
2022-03-23 07:16 - 2021-03-07 19:26 - 001294024 _____ (NVIDIA Corporation)
C:\Windows\system32\NvRtmpStreamer64.dll
2022-03-22 19:45 - 2021-03-07 20:24 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\.minecraft
2022-03-22 19:43 - 2021-03-07 20:26 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\.tlauncher
2022-03-22 18:39 - 2021-03-12 22:20 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\My Games
2022-03-22 01:56 - 2021-03-07 19:26 - 000168656 _____ (NVIDIA Corporation)
C:\Windows\system32\nvaudcap64v.dll
2022-03-22 01:56 - 2021-03-07 19:26 - 000144592 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvaudcap32v.dll
2022-03-21 14:16 - 2021-03-07 19:26 - 000082552 _____
C:\Windows\system32\FvSDK_x64.dll
2022-03-21 14:16 - 2021-03-07 19:26 - 000071288 _____
C:\Windows\SysWOW64\FvSDK_x86.dll
2022-03-20 11:31 - 2021-03-06 01:00 - 000000000 ____D C:\Users\Elmanuel
2022-03-18 08:38 - 2021-10-12 22:31 - 002931856 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcuda.dll
2022-03-18 08:35 - 2021-03-06 00:32 - 007611808 _____ (NVIDIA Corporation)
C:\Windows\system32\nvapi64.dll
2022-03-17 19:33 - 2021-03-06 00:32 - 000134832 _____ (NVIDIA Corporation)
C:\Windows\system32\Drivers\nvhda64v.sys
2022-03-15 00:15 - 2020-09-27 17:34 - 000000000 ____D
C:\Windows\system32\Drivers\wd
2022-03-15 00:04 - 2021-10-10 01:26 - 000000000 ____D C:\Program Files\Riot
Vanguard
2022-03-11 16:02 - 2019-12-07 12:54 - 000000000 ___SD C:\Windows\system32\AppV
2022-03-11 16:02 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\system32\WinBioPlugIns
2022-03-11 16:02 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-03-11 16:02 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\servicing
2022-03-11 16:00 - 2021-03-06 02:54 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2022-03-11 15:58 - 2020-09-27 17:36 - 002877952 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\PrintConfig.dll
2022-03-11 15:53 - 2021-03-06 02:44 - 000000000 ____D C:\Windows\system32\MRT
2022-03-11 15:51 - 2021-03-06 02:44 - 145666720 ____C (Microsoft Corporation)
C:\Windows\system32\MRT.exe
2022-03-10 15:45 - 2020-09-27 17:36 - 000003590 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-10 15:45 - 2020-09-27 17:36 - 000003466 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-08 21:44 - 2021-04-02 21:16 - 000002250 _____
C:\Users\Elmanuel\Desktop\Discord.lnk
2022-03-08 21:44 - 2021-03-06 11:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord
Inc
2022-03-08 21:44 - 2021-03-06 11:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\SquirrelTemp
2022-03-08 21:43 - 2022-02-25 11:14 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra
2022-03-06 15:10 - 2021-03-06 12:01 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-03-06 15:08 - 2021-03-06 12:00 - 000000000 ____D C:\Program Files
(x86)\Razer Chroma SDK
==================== Files in the root of some directories ========
2021-11-11 21:49 - 2021-11-11 21:49 - 000001298 _____ ()
C:\Users\Elmanuel\listing.exe
2021-08-18 22:20 - 2022-04-05 01:50 - 000038066 _____ ()
C:\Users\Elmanuel\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-02-07 23:57 - 2022-02-07 23:57 - 000000218 _____ ()
C:\Users\Elmanuel\AppData\Local\recently-used.xbel
2021-03-07 18:18 - 2022-02-13 18:09 - 000007607 _____ ()
C:\Users\Elmanuel\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
And heres the second scan file
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1817627007-317576481-894513035-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-1817627007-317576481-894513035-503 - Limited -
Disabled)
Elmanuel (S-1-5-21-1817627007-317576481-894513035-1001 - Administrator -
Enabled) => C:\Users\Elmanuel
Guest (S-1-5-21-1817627007-317576481-894513035-501 - Limited - Disabled)
Philip (S-1-5-21-1817627007-317576481-894513035-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1817627007-317576481-894513035-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\uTorrent)
(Version: 3.5.5.46090 - BitTorrent Inc.)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000})
(Version: 19.00.00.0 - Igor Pavlov)
7-Zip 21.00 alpha (x64) (HKLM\...\7-Zip) (Version: 21.00 alpha - Igor Pavlov)
A Normal Lost Phone
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\AmazonGames/A Normal Lost
Phone) (Version: - Plug In Digital)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700})
(Version: 22.001.20085 - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2_4) (Version: 21.2.4.323 - Adobe
Inc.)
Amazon Games
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568})
(Version: 2.1.6190.2 - Amazon.com Services, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
Another Lost Phone: Laura's Story
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\AmazonGames/Another Lost
Phone - Laura's Story) (Version: - Plug In Digital)
Audacity 3.1.2 (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team)
Autodesk SketchBook (HKLM\...\{AE6C5657-8710-4968-BEB5-1E2ED89CB2D2}) (Version:
8.71.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version:
1.0.64.43202 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA
Digital Illusions CE AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 -
Apple Inc.)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version:
1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Discord) (Version:
1.0.9004 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.5.2 - DEV47APPS)
Dying Light: Platinum Edition (HKLM-x32\...\Dying Light: Platinum Edition_is1)
(Version: - )
ELDEN RING (HKLM-x32\...\ELDEN RING_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847})
(Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64)
(HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8})
(Version: 2.0.28.0 - Epic Games, Inc.)
Facecheck
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Overwolf_fiekjlgoffmlmgfmggnoeoljkmfkcapcdmcgcfgm)
(Version: 0.8.7.11 - Overwolf app)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.16.1.0 - miHoYo Co.,Ltd)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:
- GOG.com)
Google Chrome (HKLM\...\{3887A4F3-6B98-3B9D-BA15-654AE6C48ABA}) (Version:
99.0.4844.84 - Google LLC)
Guilded 1.0.9115342-release
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\37acac95-e961-5909-9d05-c98f2db949a9)
(Version: 1.0.9115342-release - Guilded, Inc.)
Hollow Knight (HKLM-x32\...\Hollow Knight_is1) (Version: - )
Immortals Fenyx Rising version final (HKLM-x32\...\Immortals Fenyx Rising_is1)
(Version: final - The)
Intel Driver && Support Assistant
(HKLM-x32\...\{47300990-0B6C-4802-B40D-52B4003329AE}) (Version: 22.2.14.5 -
Intel) Hidden
Intel® Driver & Support Assistant
(HKLM-x32\...\{db3348f2-3be7-48d6-aa17-0e39785c9598}) (Version: 22.2.14.5 -
Intel)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0})
(Version: 8.0.2810.9 - Oracle Corporation)
Journey to the Savage Planet (HKLM-x32\...\1519147341_is1) (Version: 1.0.10 -
GOG.com)
Journey to the Savage Planet: Hot Garbage (HKLM-x32\...\1240193021_is1)
(Version: 1.0.10 - GOG.com)
Launcher Prerequisites (x64)
(HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
Legends of Runeterra (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Riot
Game bacon.live) (Version: - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:
2022.3.242300 - Logitech)
Lovense Browser version 30.3.2
(HKLM-x32\...\{EF65AAC0-AC86-4FA6-9A84-1630357761F9}_is1) (Version: 30.3.2 -
Hytto Ltd.)
Lovense Connect version 1.4.6
(HKLM-x32\...\{75E923E0-E92E-473F-BCFC-2106D3CD5D85}_is1) (Version: 1.4.6 -
Hytto Ltd.)
MediBang Paint Pro 27.2 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version:
27.2 - Medibang)
Microsoft .NET Runtime - 5.0.13 (x64)
(HKLM-x32\...\{39e101fa-a1d2-4cea-a853-cf1eb6c70e4d}) (Version: 5.0.13.30715 -
Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us)
(Version: 16.0.15028.20160 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft
Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version:
100.0.1185.29 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 -
Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Teams)
(Version: 1.4.00.26376 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9})
(Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
(HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
(HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
(HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
(HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
(HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
(HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
(HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816
(HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037
(HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704
(HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 -
Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.13 (x64)
(HKLM-x32\...\{e2d1ae32-dd1d-4ad7-a298-10e42e7840fc}) (Version: 5.0.13.30717 -
Microsoft Corporation)
Needy Streamer Overload (HKLM-x32\...\Needy Streamer Overload_is1) (Version: -
)
Nefarius Virtual Gamepad Emulation Bus Driver
(HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 -
Nefarius Software Solutions e.U.)
NoxPlayer (HKLM-x32\...\Nox) (Version: 7.0.1.3 - Duodian Technology Co. Ltd.)
NVIDIA FrameView SDK 1.2.7521.31103277
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version:
1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.26
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version:
3.25.1.26 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.15
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version:
512.15 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version:
1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version:
9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 -
NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component
(HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component
(HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 -
Microsoft Corporation) Hidden
Opera GX Stable 84.0.4316.52
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Opera GX 84.0.4316.52)
(Version: 84.0.4316.52 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.111.50299 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.166.1.16 - Overwolf Ltd.)
Pokemon: Sword/Shield (HKLM-x32\...\Pokemon: Sword/Shield_is1) (Version: - )
Project Zomboid (HKLM-x32\...\1453298883_is1) (Version: 41.66 - GOG.com)
PS Remote Play (HKLM-x32\...\{899B5915-9704-4267-9768-0C1CC59D9B46}) (Version:
4.1.0.04020 - Sony Interactive Entertainment Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance,
Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.0228.022817 - Razer
Inc.)
Realtek High Definition Audio Driver
(HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8619 -
Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version:
1.0.53.576 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version:
2.0.9.3 - Rockstar Games)
Rogue Heroes: Ruins of Tasos
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\AmazonGames/Rogue Heroes -
Ruins of Tasos) (Version: - Team17 Digital Ltd)
Samsung DeX (HKLM-x32\...\{24639BA3-44DD-4648-806D-8046771E6722}) (Version:
2.0.0.20 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{51af111f-4665-4995-8982-55e0e02163e7}) (Version:
2.0.0.20 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones
(HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung
Electronics Co., Ltd.)
SIFU (HKLM-x32\...\SIFU_is1) (Version: - )
Spotify (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Spotify) (Version:
1.1.81.604.gccacfc8c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamElements SE.Live (HKLM-x32\...\StreamElements OBS.Live) (Version:
22.2.23.795 - StreamElements)
Streamlabs OBS 0.27.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version:
0.27.1 - General Workings, Inc.)
Super Smash Bros. Ultimate (HKLM-x32\...\Super Smash Bros. Ultimate_is1)
(Version: - )
Teams Machine-Wide Installer
(HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.4167 -
Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.18.4 - TeamViewer)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1)
(Version: 3.10.0 - Unified Intents AB)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version:
1.0.0.0 - Motiga)
VALORANT (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Riot Game
valorant.live) (Version: - Riot Games, Inc)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469})
(Version: - VB-Audio Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter
{17359A74-1236-5467}) (Version: - VB-Audio Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.43-3 - Wacom
Technology Corp.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows 11 Installation Assistant
(HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.1285 -
Microsoft Corporation)
Windows Driver Package - Nordic Semiconductor ASA (libusbK) Nordic Semiconductor
DFU (11/17/2017 1.0.0.0) (HKLM\...\9E604C253CF23E22559521E18F5477442849274E)
(Version: 11/17/2017 1.0.0.0 - Nordic Semiconductor ASA)
Windows Driver Package - Nordic Semiconductor ASA (usbser) Ports (05/11/2018
1.0.1.0) (HKLM\...\8BE37708EC0B1921B47CD432537BB725532CEF79) (Version:
05/11/2018 1.0.1.0 - Nordic Semiconductor ASA)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version:
1.03.97.02(6.6.2021 г.) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version:
3.70.18.0 - Xerox Corporation)
Xerox Phaser 3020 (HKLM-x32\...\Xerox Phaser 3020) (Version: V1.06 (6.7.2021 г.)
- Xerox Corporation)
Yakuza 6: The Song of Life (HKLM-x32\...\Yakuza 6: The Song of Life_is1)
(Version: - )
Приложения на Microsoft 365 за предприятия - bg-bg (HKLM\...\O365ProPlusRetail -
bg-bg) (Version: 16.0.15028.20160 - Microsoft Corporation)
Packages:
=========
Companion For Valorant -> C:\Program
Files\WindowsApps\25178TusharRaj.CompanionForValorant_1.4.1.0_x64__e6rj32ztk5xre
[2021-11-06] (Tushar Raj)
Galaxy Buds -> C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.GalaxyBuds_2.1.3.0_x64__3c1yjt4zspk6g
[2022-03-29] (Samsung Electronics Co. Ltd.)
Microsoft Whiteboard -> C:\Program
Files\WindowsApps\Microsoft.Whiteboard_52.10315.352.0_x64__8wekyb3d8bbwe
[2022-03-31] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program
Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj
[2022-04-01] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program
Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj
[2021-03-06] (Realtek Semiconductor Corp)
Samsung Flow -> C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy
[2022-03-04] (Samsung Electronics Co, Ltd.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32
->
C:\Users\Elmanuel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll
(Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] ->
{056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] ->
{05B38830-F4E9-4329-978B-1DD28605D202} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] ->
{0596C850-7BDD-4C9D-AFDF-873BE6890637} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll
[2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2021-01-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
=> D:\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} =>
C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28]
(Sysprogs OU) [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>
C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28]
(Sysprogs OU) [File not signed]
ContextMenuHandlers3: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll
[2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2021-01-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll
[2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] ->
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} =>
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\nvshext.dll
[2022-03-18] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2021-01-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>
C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28]
(Sysprogs OU) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype за
бизнеса.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe
(Microsoft Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Изпращане в OneNote.lnk -> C:\Program Files\Microsoft
Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) -> /tsr <==== Cyrillic
ShortcutWithArgument: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google
Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2022-03-23 11:18 - 2022-03-22 22:32 - 000151040 _____ () [File not signed]
\\?\C:\Program
Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2022-01-24 13:43 - 2022-01-24 13:43 - 005745664 _____ () [File not signed]
C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2021-08-18 21:51 - 2021-08-18 21:51 - 000967168 _____ () [File not signed]
C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2021-03-23 01:43 - 2021-01-19 18:00 - 000077312 _____ (Igor Pavlov) [File not
signed] C:\Program Files\7-Zip\7-zip.dll
2021-05-21 14:04 - 2021-05-21 14:04 - 000130048 _____ (Sam Grogan) [File not
signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support
Assistant\NotifyIconWin32.dll
2021-06-01 21:32 - 2016-10-10 06:27 - 000556544 _____ (Soft Service Company)
[File not signed] D:\Phone\Unified Remote 3\wcl.dll
2017-02-12 03:28 - 2015-09-28 21:08 - 000255488 _____ (Sysprogs OU) [File not
signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
2021-06-01 21:32 - 2017-05-29 04:55 - 001846272 _____ (The OpenSSL Project,
hxxp://www.openssl.org/) [File not signed] D:\Phone\Unified Remote
3\libcryptoMD.dll
2021-06-01 21:32 - 2017-05-29 04:55 - 000382976 _____ (The OpenSSL Project,
hxxp://www.openssl.org/) [File not signed] D:\Phone\Unified Remote
3\libsslMD.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\µTorrent.lnk:27CED3D9D4 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Access.lnk:A1B76439FE [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Audacity.lnk:09A0A90EF3 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic
Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Excel.lnk:B96E9B8455 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Lovense Connect.lnk:9CAB585B4D [10]
AlternateDataStreams: C:\Users\Elmanuel\Application
Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams:
C:\Users\Elmanuel\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7974]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->
C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-03-08] (Oracle America,
Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-03-08] (Oracle America,
Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
[2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\localhost
-> localhost
IE trusted site:
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\sharepoint.com ->
hxxps://advancebelibrezi-files.sharepoint.com
IE trusted site:
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\webcompanion.com ->
hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 12:14 - 2021-12-20 21:17 - 000002552 _____
C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path ->
C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma
SDK\bin;C:\Program Files (x86)\Common
Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files
(x86)\Razer\ChromaBroadcast\bin;C:\Program
Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;;C:\Program
Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA
Corporation\PhysX\Common;C:\Program Files\dotnet\
HKU\S-1-5-21-1817627007-317576481-894513035-1001\Control
Panel\Desktop\\Wallpaper ->
c:\users\elmanuel\downloads\uhdpaper.com-download-pc-4k-wallpaper-877@1@e.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\StartupFolder:
=> "Изпращане в OneNote.lnk"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Battle.net"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Spotify"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Steam"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Discord"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Overwolf"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Opera GX Browser Assistant"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"ut"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{379299DA-3E22-4B3A-AF4C-C423E2BEADB0}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{36CC3488-EFE2-43A3-A7D8-F5E378E6E5D7}] => (Allow) C:\Program
Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{70639925-9662-491E-8186-ED8E3683D8FD}] => (Allow) C:\Program
Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{3AB26CB3-57DF-476E-8F9E-39AA1CC9EF36}] => (Allow)
D:\steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0CF08166-B2A2-4860-BCB5-EEB6463E45BB}] => (Allow)
D:\steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{14D206EC-754F-4E1D-970C-5D23A9FDB104}] => (Allow)
D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve
Corporation)
FirewallRules: [{52792D02-A69E-4645-91E1-544619FDC69B}] => (Allow)
D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve
Corporation)
FirewallRules: [{318759E4-D580-4A73-87FA-DE3BD23846F2}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan
-> )
FirewallRules: [{33AA74BF-64AC-4AE7-B13C-82512C5764AD}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan
-> )
FirewallRules: [TCP Query
User{6C5AC0BB-A3CA-4D58-A997-F2796C76B17B}C:\users\elmanuel\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB ->
Spotify Ltd)
FirewallRules: [UDP Query
User{AB82216F-0B38-4F44-90B0-9495BC7C65A5}C:\users\elmanuel\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB ->
Spotify Ltd)
FirewallRules: [{FE55E6A7-BE3D-4D8C-ABFF-FC68990CF761}] => (Block)
C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify
Ltd)
FirewallRules: [{701613B9-444F-44A0-9298-EB50A4385863}] => (Block)
C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify
Ltd)
FirewallRules: [{E4D6F9E9-4B65-4AA2-866E-598145C63FAA}] => (Allow)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [{10820A56-A19B-481A-AFBD-A7193510F1AE}] => (Allow)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [{E57D0190-FBF0-40DB-AECF-B964A652360B}] => (Block)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [{A839279C-7A34-4B64-B644-EB105815D406}] => (Block)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [TCP Query User{D6CFB425-2253-448D-9452-61479635DC67}C:\program
files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{5EEF3671-1DF7-4832-A62B-22AE501BFE24}C:\program
files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.)
FirewallRules: [{F37AD2B1-572D-48AE-8C4D-8F55EDB7E09C}] => (Block) C:\program
files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{35C7421D-C6F9-46E9-950D-8948850F870D}] => (Block) C:\program
files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{52575ABA-60E0-495E-86E7-32C50A0E620F}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{46B57CF6-1C27-43B9-90C1-FB886313450D}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [TCP Query
User{BEDFA006-912A-471B-B635-E3DC66BDEAE8}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.408\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.408\opera.exe => No
File
FirewallRules: [UDP Query
User{60E1F3BE-83BF-441C-9A65-E4EA679E5A98}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.408\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.408\opera.exe => No
File
FirewallRules: [{A304B09E-2D18-46F4-987C-4E728819F8AA}] => (Allow)
D:\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy
-> EasyAntiCheat Ltd)
FirewallRules: [{2AD21D12-4E50-4C71-8949-F4577A3BD5B6}] => (Allow)
D:\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy
-> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{3BC775BA-EA95-4134-BC3C-0B697DC51C6E}C:\program
files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program
files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{D0DB4764-8A93-4DA2-8575-74F6C73E9D85}C:\program
files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program
files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{87AAB17F-7A21-4FEA-AA45-920D0C7497E2}] => (Allow)
D:\steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat
Oy -> EasyAntiCheat Ltd)
FirewallRules: [{3E6CB7F1-5C28-498C-B771-FBEC3E9FE443}] => (Allow)
D:\steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat
Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query
User{EB1600BA-CE13-4B94-A190-2BC10C34EBCF}D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe
=> No File
FirewallRules: [UDP Query
User{9728A279-115C-4976-993D-E83EE4935C64}D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe
=> No File
FirewallRules: [{D685D27C-E585-4C91-A85F-FF47D063E966}] => (Allow)
D:\Phone\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung
Electronics Co., Ltd.)
FirewallRules: [{7569AB4D-FE4B-405C-A476-A82C80B699DE}] => (Allow)
D:\Phone\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung
Electronics Co., Ltd.)
FirewallRules: [TCP Query User{4A4C9564-D9FA-4B28-BA7A-51C5E79F4C38}C:\program
files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files
(x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{5FDCE4A1-4EED-4A4A-A207-24A63A8B72DA}C:\program
files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files
(x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query
User{8599BFC7-B218-4B2A-A5D0-AD371610609F}D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic
Games, Inc.)
FirewallRules: [UDP Query
User{30ED4A0F-F9A5-45F1-8E2A-23A24DE7E3F7}D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic
Games, Inc.)
FirewallRules: [TCP Query
User{BFDEEB9A-E7D4-4BA5-9AAC-BF2201B67BDC}D:\games\epic
games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow)
D:\games\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe =>
No File
FirewallRules: [UDP Query
User{DCE80D9D-4E16-47EC-A9B8-79E8187630AC}D:\games\epic
games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow)
D:\games\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe =>
No File
FirewallRules: [TCP Query
User{33EAC79F-65F6-433A-8607-B10165DB34FE}C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe]
=> (Allow) C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query
User{31CECF9A-26FC-485B-8A34-AC65925F5F90}C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe]
=> (Allow) C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query
User{99A7FA74-12C3-4C69-93E8-8E7568FA3AB3}D:\battlenet\overwatch\_retail_\overwatch.exe]
=> (Allow) D:\battlenet\overwatch\_retail_\overwatch.exe (Blizzard
Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query
User{16BC07C3-7BCD-4DBF-B72C-4DE8BFE3C509}D:\battlenet\overwatch\_retail_\overwatch.exe]
=> (Allow) D:\battlenet\overwatch\_retail_\overwatch.exe (Blizzard
Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query
User{0BB24D2E-AB57-44B8-9F47-580DC9FA15B5}D:\games\overwolf\0.166.1.16\overwolfbrowser.exe]
=> (Allow) D:\games\overwolf\0.166.1.16\overwolfbrowser.exe (Overwolf Ltd ->
Overwolf LTD)
FirewallRules: [UDP Query
User{F3EFF7E0-BFB0-4AA2-AC82-08C794E346D4}D:\games\overwolf\0.166.1.16\overwolfbrowser.exe]
=> (Allow) D:\games\overwolf\0.166.1.16\overwolfbrowser.exe (Overwolf Ltd ->
Overwolf LTD)
FirewallRules: [TCP Query
User{212A6F98-9E8D-486A-A39D-6CC77AE3F855}D:\games\titanfall 2\titanfall2.exe]
=> (Allow) D:\games\titanfall 2\titanfall2.exe => No File
FirewallRules: [UDP Query
User{634A0180-EED0-470B-9CC3-D705B76A191E}D:\games\titanfall 2\titanfall2.exe]
=> (Allow) D:\games\titanfall 2\titanfall2.exe => No File
FirewallRules: [{43EA1371-9AB9-4DB2-AB62-F010DA08DF76}] => (Allow)
D:\steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{0453755E-51D8-4015-B5B9-12FCE71A2F95}] => (Allow)
D:\steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [TCP Query
User{66572059-DE44-4076-BFB2-5BB8FFF0D4B5}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [UDP Query
User{9848B4CE-2EB5-4EBE-A9DF-269FA7CB6E22}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [TCP Query
User{B36D5945-719F-4644-B7C1-99EC37B4F374}D:\streaming\streamlabs obs\streamlabs
obs.exe] => (Allow) D:\streaming\streamlabs obs\streamlabs obs.exe (Streamlabs
(General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query
User{F7C0AE11-069F-437F-A2C1-10B620CC4DD9}D:\streaming\streamlabs obs\streamlabs
obs.exe] => (Allow) D:\streaming\streamlabs obs\streamlabs obs.exe (Streamlabs
(General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [TCP Query User{555207C6-D61E-4047-B4A7-D9141E5E55E9}D:\android
studio\bin\studio64.exe] => (Allow) D:\android studio\bin\studio64.exe (Google
LLC -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{341BA1DB-6A07-4186-89BE-1D42AF57DF35}D:\android
studio\bin\studio64.exe] => (Allow) D:\android studio\bin\studio64.exe (Google
LLC -> JetBrains s.r.o.)
FirewallRules: [TCP Query
User{9BE7E48E-7701-4F52-B573-FE921B258796}D:\battlenet\call of duty modern
warfare\modernwarfare.exe] => (Allow) D:\battlenet\call of duty modern
warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query
User{DCB32E09-EC2B-43E4-AEA5-CB80DF8E0FA7}D:\battlenet\call of duty modern
warfare\modernwarfare.exe] => (Allow) D:\battlenet\call of duty modern
warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query
User{D3DA8824-A202-4203-B14C-A048A52696CA}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [UDP Query
User{0D22A267-C4B8-440E-8088-8E9445D6D07D}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [TCP Query
User{2D9DE9B5-884C-4AD9-A129-6093F7293CC8}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.434\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.434\opera.exe => No
File
FirewallRules: [UDP Query
User{21F96DB0-55D7-4715-AA97-8CDB107C666F}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.434\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.434\opera.exe => No
File
FirewallRules: [{ED503F37-6636-4EBE-9B64-B7B51D03D334}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{4B6D2957-7E41-4DCB-A1D1-426BA313B5A8}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [TCP Query
User{D324F06C-CE81-47BE-8E5D-2450FBF8FDF5}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.438\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.438\opera.exe => No
File
FirewallRules: [UDP Query
User{D8777ED3-2096-47B1-956A-ED819863B32A}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.438\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.438\opera.exe => No
File
FirewallRules: [TCP Query User{97AAC706-C5E3-4ECB-B60D-7894E509381B}D:\smart
view.exe] => (Allow) D:\smart view.exe => No File
FirewallRules: [UDP Query User{543765E7-B693-4FFB-89A0-C59F3F096662}D:\smart
view.exe] => (Allow) D:\smart view.exe => No File
FirewallRules: [TCP Query
User{3E641431-3001-43F7-B6BC-1F162144A8B7}D:\steam\crossout\launcher.exe] =>
(Allow) D:\steam\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query
User{2553DD15-7946-48AF-B8FE-9684CBBA60EC}D:\steam\crossout\launcher.exe] =>
(Allow) D:\steam\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [{8CA57C4D-B76C-40FF-A294-5652A1434A68}] => (Allow)
D:\Drivers\Iriun Webcam\webcam.exe => No File
FirewallRules: [{C9DCABF4-7D42-4CE6-80E5-D243DD630251}] => (Allow)
D:\Games\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive
Entertainment Inc.)
FirewallRules: [TCP Query
User{F4688B84-0845-4227-82C0-31E1F8F54FB7}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.259\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No
File
FirewallRules: [UDP Query
User{39D6872B-CDBB-4AB2-AE8B-7E3A56EC8D97}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.259\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No
File
FirewallRules: [{41CB30B1-B5C7-4086-B93A-32019B44EFD5}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany
GmbH)
FirewallRules: [{1CC8B28F-6916-47A7-B676-9E370E15524C}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany
GmbH)
FirewallRules: [{36F64AF6-3A16-4703-9CD8-DA45B0A4F5E7}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer
Germany GmbH)
FirewallRules: [{031F81D9-3407-463E-BE05-290061F8C1BD}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer
Germany GmbH)
FirewallRules: [TCP Query
User{6CDB86A4-8FC9-4751-AFC2-0389B5588E67}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [UDP Query
User{DD1E1CB9-AEB0-43BF-8360-2642EECB3596}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [TCP Query
User{D5BA940A-EA9D-4838-9FCE-06C2EB3AA8A8}D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe
=> No File
FirewallRules: [UDP Query
User{E06735BD-2159-43E8-AA51-5F9B4E384599}D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe
=> No File
FirewallRules: [TCP Query
User{B303477F-BBFD-45A9-86D7-8BE8D3606D35}D:\games\droidcam\droidcamapp.exe] =>
(Allow) D:\games\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query
User{4FB66747-27A6-4078-B17C-BCECB5FC23E4}D:\games\droidcam\droidcamapp.exe] =>
(Allow) D:\games\droidcam\droidcamapp.exe => No File
FirewallRules: [{597A9F3C-2E76-48C6-BA16-C1D35B5477CB}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F9B7C809-FA21-4D39-B3E7-59BC93957F15}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DE828D14-A4F8-4F6C-9543-0B54275267E0}] => (Allow) C:\Program
Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{03CD7FA6-7511-4F76-88AB-D8071614C7EC}] => (Allow) C:\Program
Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query
User{0585D0F1-F940-4ADA-A733-0BDEB41419A6}D:\games\ivcam\ivcam.exe] => (Allow)
D:\games\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query
User{282FCFC8-16F0-4E60-9435-540A1E440BE6}D:\games\ivcam\ivcam.exe] => (Allow)
D:\games\ivcam\ivcam.exe => No File
FirewallRules: [TCP Query
User{49AEE2D8-E14C-4A54-8C35-2F4A17C2C9D6}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.285\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No
File
FirewallRules: [UDP Query
User{DE28AF2D-EF6D-4B08-A0E0-B51D5C3B2606}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.285\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No
File
FirewallRules: [TCP Query
User{470142B5-8A04-4AF3-A634-384284F54A41}D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe]
=> (Allow)
D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe
(Hytto Ltd.) [File not signed]
FirewallRules: [UDP Query
User{0EC79C57-13CF-4C3C-B560-A5E4A808FD45}D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe]
=> (Allow)
D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe
(Hytto Ltd.) [File not signed]
FirewallRules: [TCP Query User{95DB344B-1F89-4513-951E-EA417D3A17CB}C:\riot
games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot
client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{E2F2C61C-31C9-4110-BFA0-8887CEDDA4A0}C:\riot
games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot
client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query
User{86F9CC40-9953-418C-B621-BC8D3E96AE10}C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query
User{A272A95A-2BD1-4076-9AB3-317709B655E6}C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query
User{78DF9028-E05A-4180-9D36-526E7BBE37EE}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [UDP Query
User{98B152AE-4D44-432A-950F-8859663A30AC}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [TCP Query
User{AF8711A1-550C-498C-8F17-EBB24C57F982}C:\users\elmanuel\appdata\local\programs\opera
gx\77.0.4054.275\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => No
File
FirewallRules: [UDP Query
User{AFA10620-514F-4125-9940-1E48523E89EE}C:\users\elmanuel\appdata\local\programs\opera
gx\77.0.4054.275\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => No
File
FirewallRules: [TCP Query
User{CBF0074C-32F1-404B-81F5-247470AD5368}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.153\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => No
File
FirewallRules: [UDP Query
User{DD6D63F2-AE43-415A-AD36-3B0B61BFF200}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.153\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => No
File
FirewallRules: [TCP Query User{A1904CF8-960E-4819-A35D-DEBFA6136F26}C:\program
files (x86)\vb\voicemeeter\vban2midi.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\vban2midi.exe (Vincent Burel -> Audio Mechanic & Sound
Breeder)
FirewallRules: [UDP Query User{D3A9ADA3-9999-4154-917A-D40A14132737}C:\program
files (x86)\vb\voicemeeter\vban2midi.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\vban2midi.exe (Vincent Burel -> Audio Mechanic & Sound
Breeder)
FirewallRules: [{42630AC6-D023-4422-BAEE-FED8663BD3AC}] => (Allow)
C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{391282DC-2960-4FCE-9B5C-846989F0C29A}] => (Allow)
C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{63F8C7F2-D0B9-4F9D-A780-27A773FF51B3}] => (Allow)
C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{9AB586B7-22C3-4F01-87F6-3DADC927DD2D}] => (Allow)
C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{832DC759-9DAA-45C3-8D4D-6C96084EE1E4}] => (Allow)
D:\steam\steamapps\common\College
Bound\CollegeBound-Steam.Ep.1-market\CollegeBound.exe => No File
FirewallRules: [{B4577EB2-0D90-426C-A18F-9A5EDD7F382C}] => (Allow)
D:\steam\steamapps\common\College
Bound\CollegeBound-Steam.Ep.1-market\CollegeBound.exe => No File
FirewallRules: [TCP Query
User{A4C85526-7757-4A2D-97B1-7C1E502E6A02}D:\steam\steamapps\common\battlefield
4\bf4.exe] => (Allow) D:\steam\steamapps\common\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query
User{10B8BE09-DB75-4E47-BD48-A725BB053A0D}D:\steam\steamapps\common\battlefield
4\bf4.exe] => (Allow) D:\steam\steamapps\common\battlefield 4\bf4.exe => No File
FirewallRules: [{79A37533-227F-4409-BC17-7AB90DE10E4E}] => (Allow)
D:\steam\steamapps\common\MMORPG Tycoon 2\MT2.exe () [File not signed]
FirewallRules: [{2F30214F-4068-4799-A028-7BA37D6C0576}] => (Allow)
D:\steam\steamapps\common\MMORPG Tycoon 2\MT2.exe () [File not signed]
FirewallRules: [TCP Query
User{F713D4D8-DC34-4AE7-8B5C-52B41ADF53C2}D:\games\epic games\nioh\nioh.exe] =>
(Allow) D:\games\epic games\nioh\nioh.exe (KOEI TECMO GAMES CO., LTD. -> KOEI
TECMO GAMES CO., LTD.)
FirewallRules: [UDP Query
User{552AB713-1488-4E6F-9A39-6169AC418515}D:\games\epic games\nioh\nioh.exe] =>
(Allow) D:\games\epic games\nioh\nioh.exe (KOEI TECMO GAMES CO., LTD. -> KOEI
TECMO GAMES CO., LTD.)
FirewallRules: [TCP Query
User{2C46262C-5EB1-4779-ADF6-8E8AE9E8757B}D:\games\epic
games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow)
D:\games\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No
File
FirewallRules: [UDP Query
User{1D233BDC-EEA1-412D-BE06-EDD7DE1351A3}D:\games\epic
games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow)
D:\games\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No
File
FirewallRules: [TCP Query
User{84C7A0F9-4A29-42DA-A971-3B0EBD321ED8}D:\steam\steamapps\common\sword art
online fatal bullet\saofb\binaries\win64\saofb-win64-shipping.exe] => (Allow)
D:\steam\steamapps\common\sword art online fatal
bullet\saofb\binaries\win64\saofb-win64-shipping.exe => No File
FirewallRules: [UDP Query
User{497A1809-4D1C-4959-877F-5B9BF2C9FC84}D:\steam\steamapps\common\sword art
online fatal bullet\saofb\binaries\win64\saofb-win64-shipping.exe] => (Allow)
D:\steam\steamapps\common\sword art online fatal
bullet\saofb\binaries\win64\saofb-win64-shipping.exe => No File
FirewallRules: [TCP Query
User{928B9A5B-E09A-49B1-B465-3B6D00497587}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.186\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => No
File
FirewallRules: [UDP Query
User{FF0FCBE1-50F3-47FF-AEBD-C23E17A3229F}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.186\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => No
File
FirewallRules: [{3C3F1662-4047-4630-ACED-9D363B3D8A11}] => (Allow)
D:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc.
-> Rockstar Games)
FirewallRules: [{A3535715-A060-4F0F-BD02-8264A6DAD511}] => (Allow)
D:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc.
-> Rockstar Games)
FirewallRules: [TCP Query
User{6EEA1705-3FA3-456D-A4D1-E549F3733DA4}D:\steam\steamapps\common\grand theft
auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto
v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query
User{BBA1C5E5-13B0-42ED-8401-07025404AB48}D:\steam\steamapps\common\grand theft
auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto
v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{295A6B1A-8E9C-4CE8-B008-DD1C8DDF1975}] => (Allow)
D:\steam\steamapps\common\PHANTASYSTARONLINE2_NA_STEAM\pso2_bin\pso2launcher.exe
(SEGA Games Co., Ltd. -> SEGA)
FirewallRules: [{0A41FD0D-51FF-44AD-BA64-02B543BDB313}] => (Allow)
D:\steam\steamapps\common\PHANTASYSTARONLINE2_NA_STEAM\pso2_bin\pso2launcher.exe
(SEGA Games Co., Ltd. -> SEGA)
FirewallRules: [TCP Query
User{D09656DB-DD59-49EA-A0EF-F1EA5CC7481E}C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe] => (Allow) C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query
User{E5C963BA-488D-4F02-B84D-AD4442DAF064}C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe] => (Allow) C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query
User{FF0B73F5-E1DB-41BB-AD0A-E7C7F57187C3}C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai
asmodeus\hentai asmodeus.exe] => (Allow)
C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai asmodeus\hentai
asmodeus.exe => No File
FirewallRules: [UDP Query
User{826700BD-090D-4CCA-862C-D655ED583F27}C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai
asmodeus\hentai asmodeus.exe] => (Allow)
C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai asmodeus\hentai
asmodeus.exe => No File
FirewallRules: [TCP Query
User{3D9A65F5-4D51-4C88-834F-D97C87509056}D:\games\youtubers life 2\youtubers
life 2.exe] => (Allow) D:\games\youtubers life 2\youtubers life 2.exe => No File
FirewallRules: [UDP Query
User{B2A10EBD-7ECE-488B-92FB-7D9BF6988C82}D:\games\youtubers life 2\youtubers
life 2.exe] => (Allow) D:\games\youtubers life 2\youtubers life 2.exe => No File
FirewallRules: [{250CB943-7E56-40BC-8EDA-027EB0F47029}] => (Allow)
D:\Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital
Illusions CE AB)
FirewallRules: [{B8E1FFBD-BC54-4017-B4B1-6C27FAF37F35}] => (Allow)
D:\Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital
Illusions CE AB)
FirewallRules: [{F317776F-C54F-48F8-A49F-00FEACE3C8F0}] => (Allow)
D:\Games\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{13FAE958-29F3-4FAF-BE88-AF81AD5D7006}] => (Allow)
D:\Games\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query
User{342CF780-812E-45FF-A40A-FC59566AF3E0}D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe]
=> (Allow)
D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe (SEGA
Games Co., Ltd. -> )
FirewallRules: [UDP Query
User{40A2DBA6-7D95-4747-89A9-CC6C723EF272}D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe]
=> (Allow)
D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe (SEGA
Games Co., Ltd. -> )
FirewallRules: [TCP Query
User{DCE0276E-1119-4E3B-A10E-0C5E50137D91}D:\games\genshin impact
game\genshinimpact.exe] => (Allow) D:\games\genshin impact
game\genshinimpact.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [UDP Query
User{C2119031-F00A-48A5-9966-00278461C53C}D:\games\genshin impact
game\genshinimpact.exe] => (Allow) D:\games\genshin impact
game\genshinimpact.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [TCP Query
User{1E33755C-D4D3-4F0C-9694-90A339FAB1DC}C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe]
=> (Allow) C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe
(Skutta, Kristjan -> )
FirewallRules: [UDP Query
User{14B48A0C-BA3D-4206-B059-3B691D7D6454}C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe]
=> (Allow) C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe
(Skutta, Kristjan -> )
FirewallRules: [{249A5373-F02C-4A47-AF7F-87D57E33B6E1}] => (Allow)
D:\steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{7B4B15EE-74D9-45B5-AE91-DA0C9F8B63C7}] => (Allow)
D:\steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{C3D42BC5-A37B-4D54-8FA2-0960DE8C1D91}] => (Allow)
C:\Users\Elmanuel\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc ->
BitTorrent Inc.)
FirewallRules: [{68ACF994-82D7-4EAB-8BDA-99CEF5D634D9}] => (Allow)
C:\Users\Elmanuel\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc ->
BitTorrent Inc.)
FirewallRules: [{E2882900-2F40-49C9-B31A-CC4919865E09}] => (Allow)
C:\Users\Elmanuel\AppData\Local\Programs\Opera\82.0.4227.33\opera.exe => No File
FirewallRules: [{B26B211E-36D9-4F28-B970-709DD339D47B}] => (Allow)
D:\steam\steamapps\common\My Catgirl Maid Thinks She Runs the
Place\MyCatgirlMaidComplete-1.0-pc\MyCatgirlMaidComplete.exe () [File not
signed]
FirewallRules: [{D62AB806-48F4-42AB-890E-F33AEB2E1F03}] => (Allow)
D:\steam\steamapps\common\My Catgirl Maid Thinks She Runs the
Place\MyCatgirlMaidComplete-1.0-pc\MyCatgirlMaidComplete.exe () [File not
signed]
FirewallRules: [TCP Query
User{B5FE75C8-DA34-4C3E-9975-6EDEA3FC85E6}C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe]
=> (Allow)
C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe
=> No File
FirewallRules: [UDP Query
User{9F7EAE62-1746-4AFE-A6CA-9102D9806E3E}C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe]
=> (Allow)
C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe
=> No File
FirewallRules: [{391C9221-374E-48A9-BB11-C75A8F182478}] => (Allow)
D:\steam\steamapps\common\8BitB\8BB.exe () [File not signed]
FirewallRules: [{B6033BE0-D2BE-40A0-BF3B-F8B5E9AFFC46}] => (Allow)
D:\steam\steamapps\common\8BitB\8BB.exe () [File not signed]
FirewallRules: [{51C38D9F-5118-4D09-93B0-C8143D66FE2C}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{263FB070-5734-448D-8AA5-2FEF44DFBFDB}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{B924AA2C-0186-4E72-8873-D5B012A945F1}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{1A0E0923-F5DF-49C8-809F-24CBA4A2DA52}] => (Allow)
D:\steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG
CORPORATION -> KRAFTON, Inc.)
FirewallRules: [{81BFE6BB-DCFC-4DDA-83F4-2F7F2CF3CFD0}] => (Allow)
D:\steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG
CORPORATION -> KRAFTON, Inc.)
FirewallRules: [TCP Query
User{4BF153B6-81A3-4051-A0A7-D8786918857B}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
(PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [UDP Query
User{E6860187-0D46-45EC-8DC2-0D80F150174B}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
(PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [TCP Query
User{AAB2B4C8-9513-4151-B783-23249444B39E}C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe]
=> (Block)
C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe
=> No File
FirewallRules: [UDP Query
User{684FB00A-9C08-401D-9EBF-4C67CEBD4D3B}C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe]
=> (Block)
C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe
=> No File
FirewallRules: [TCP Query
User{4E1D36DA-61B2-4DC6-B0E8-3105C259BFCD}C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query
User{FEEDA86A-0845-493B-B014-9B2044493378}C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query
User{AC5E372D-500C-4AA1-BA8F-F2B9D1E61E58}D:\games\dying light - platinum
edition\dyinglightgame.exe] => (Allow) D:\games\dying light - platinum
edition\dyinglightgame.exe (Techland Sp. z o.o. -> Techland) [File not signed]
FirewallRules: [UDP Query
User{7A60E261-4197-4581-8892-2B90EA3F8FD6}D:\games\dying light - platinum
edition\dyinglightgame.exe] => (Allow) D:\games\dying light - platinum
edition\dyinglightgame.exe (Techland Sp. z o.o. -> Techland) [File not signed]
FirewallRules: [TCP Query
User{2AE010C4-CE2E-4692-834C-7B3CCEAE0EA8}D:\games\epic games\epic
games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic
games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games
Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query
User{CB7B87F9-7C2B-43B3-9C37-48A44C6C79CD}D:\games\epic games\epic
games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic
games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games
Inc. -> Epic Games, Inc.)
FirewallRules: [{6F6A0EC7-539B-41C1-8C64-1BEFCF428EC8}] => (Allow)
D:\steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat
Oy -> Epic Games, Inc)
FirewallRules: [{2C9FBAE1-72E1-408C-ADE0-ABD65D287AB6}] => (Allow)
D:\steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat
Oy -> Epic Games, Inc)
FirewallRules: [TCP Query
User{C4D9C518-446D-46DD-88E5-9D9AAA2F26E4}D:\games\needy streamer
overload\windose.exe] => (Allow) D:\games\needy streamer overload\windose.exe ()
[File not signed]
FirewallRules: [UDP Query
User{B95DCA7E-A282-413D-92E4-C788713FE946}D:\games\needy streamer
overload\windose.exe] => (Allow) D:\games\needy streamer overload\windose.exe ()
[File not signed]
FirewallRules: [{A25D5FCC-8F5B-42FF-AAE5-6B48A92FBE4F}] => (Allow) D:\Program
Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{3D54A22A-CF6C-4574-A627-6C881F3C2E74}] => (Allow) C:\Program
Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited
Corporation)
FirewallRules: [TCP Query
User{1AE2907E-FE4C-4223-B075-2ADAF0BA01AD}D:\games\elden ring\advguide\elden
ring adventure guide.exe] => (Allow) D:\games\elden ring\advguide\elden ring
adventure guide.exe () [File not signed]
FirewallRules: [UDP Query
User{9977D99A-84F1-4A8D-9B6D-CD378B1B5C09}D:\games\elden ring\advguide\elden
ring adventure guide.exe] => (Allow) D:\games\elden ring\advguide\elden ring
adventure guide.exe () [File not signed]
FirewallRules: [TCP Query
User{691B3AA1-8839-4221-AB39-4EEDF49DE009}D:\games\elden ring\artbookost\elden
ring digital artbook & soundtrack.exe] => (Allow) D:\games\elden
ring\artbookost\elden ring digital artbook & soundtrack.exe () [File not signed]
FirewallRules: [UDP Query
User{CD87759D-89A5-4C8D-A56A-D2AB16BD4414}D:\games\elden ring\artbookost\elden
ring digital artbook & soundtrack.exe] => (Allow) D:\games\elden
ring\artbookost\elden ring digital artbook & soundtrack.exe () [File not signed]
FirewallRules: [{B2E9DA89-1113-48CB-B3BA-99463E20B015}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [{3D5EDFCC-367E-4CC4-9AD8-5C394C6949B7}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [{A4AD9CE5-5686-4CD6-BFC5-3CFF8E4BD5BC}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [{994EC7B5-10D3-4E68-84C7-C56DF39C41D0}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [TCP Query
User{CA57AF16-C25E-44F8-B4CC-03387F2CEA59}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [UDP Query
User{9E3AC1F1-57BE-4B26-BC1D-E25010BD1440}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [TCP Query
User{6573AA09-C4BD-4159-B12C-C6B656CAF66D}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe
=> No File
FirewallRules: [UDP Query
User{760E4C60-A09D-402F-8281-31B7A0DCC990}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe
=> No File
FirewallRules: [TCP Query
User{4C8A2812-F721-4B37-A683-839C7AB4199C}C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow) C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [UDP Query
User{D6E1B49D-17B8-43CF-93E0-48EEF532FAA4}C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow) C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [TCP Query User{A021BD37-C7EC-4229-99B5-37D6E50624FF}C:\gog
games\project zomboid\projectzomboid64.exe] => (Allow) C:\gog games\project
zomboid\projectzomboid64.exe () [File not signed]
FirewallRules: [UDP Query User{CCF50314-1C1F-4B1B-9814-AED52DB795D2}C:\gog
games\project zomboid\projectzomboid64.exe] => (Allow) C:\gog games\project
zomboid\projectzomboid64.exe () [File not signed]
FirewallRules: [TCP Query User{DE62F785-E3FF-45CD-9A15-0F7FBE949F8F}C:\program
files (x86)\vb\voicemeeter\voicemeeterpro.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
FirewallRules: [UDP Query User{755E69F9-A662-406E-89DA-1AA9D66C4AB4}C:\program
files (x86)\vb\voicemeeter\voicemeeterpro.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
FirewallRules: [{D66C186E-0D30-46EB-A268-84B1EEE49D0E}] => (Allow) C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F5B75346-DC13-4073-9346-276FBA5ADB79}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{E9F3A248-4A64-4E6E-B7A9-BD1ADB20A19A}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{0F1ACA54-F6CE-468F-89F4-5EBB7EFEBC7D}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{202F2A9F-01D0-4858-B304-3C2054652421}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{A9936FFE-4CE4-4872-955E-B0C39E424B76}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta,
Kristjan -> )
FirewallRules: [{62A960EA-41A8-47A1-A581-34D489246626}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta,
Kristjan -> )
FirewallRules: [{D340CF2B-7607-4588-8A01-7F4345F051A4}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan
-> )
FirewallRules: [{B3C58C24-D87C-49B5-A826-D0A2CB5CCFE0}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan
-> )
FirewallRules: [{441D81C1-5725-4AC7-8146-8F40B04D561B}] => (Allow) C:\Program
Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe => No File
FirewallRules: [{A66D0062-21AF-4F83-9E95-1382E577B7CA}] => (Allow) C:\Program
Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll => No File
FirewallRules: [{27A8E2A9-3640-4A85-B29B-E9E2B2DF6A52}] => (Allow) C:\Program
Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe => No File
FirewallRules: [{821CD5D7-893B-4FFD-9C44-558D68E6D3A0}] => (Allow) C:\Program
Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D2E3EDA8-649B-48BC-94A8-85FA99FB1DDD}] => (Allow) C:\Program
Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO.,
LTD. -> )
FirewallRules: [{A0981BCA-1F4D-4F34-AAFA-986AFF9E47C6}] => (Allow) C:\Program
Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO.,
LTD. -> )
FirewallRules: [{6E20A955-59A6-4295-B05D-12B9ED581518}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{04480C6C-F644-435A-AC39-BB94D8334EB2}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{5C76D343-0816-408A-858E-FD84ED05DAB3}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{FD5AD9C1-2323-4193-A852-59C7E00D3AAE}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{752A391A-A823-4951-AE21-6F0E8783F8DC}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.)
[File not signed]
FirewallRules: [{EFB2C9FF-12AF-499E-A86E-EBB89D7639E2}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.)
[File not signed]
FirewallRules: [{8585DCA4-076B-414B-A3F5-D47782F533A1}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File
not signed]
FirewallRules: [{A6902CD9-F0A8-4F9C-901A-6C5541390874}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File
not signed]
FirewallRules: [{6F1510B4-A325-4629-8B7A-BD044D4F5BAE}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{DAA071E2-CD67-424E-A40E-BFDD1A1695CD}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{D00E239F-C556-4DD9-86EC-AE81B35A87D0}] => (Allow) C:\Program
Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics
CO., LTD. -> )
FirewallRules: [{6E480BE4-A0E9-4C04-83D1-6E0086DCC06F}] => (Allow) C:\Program
Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics
CO., LTD. -> )
==================== Restore Points =========================
20-03-2022 12:03:09 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
26-03-2022 21:47:03 Windows Modules Installer
03-04-2022 05:03:07 Windows Modules Installer
05-04-2022 01:18:36 Removed AniTuner
05-04-2022 01:19:05 Removed Gigantic Launcher
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
System errors:
=============
Windows Defender:
================
Date: 2022-04-04 00:30:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-03 05:21:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-03 00:16:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-01 02:09:19
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/OfferCore&threatid=311999&enterprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Elmanuel\Downloads\CheatEngine74.exe;
webfile:_C:\Users\Elmanuel\Downloads\CheatEngine74.exe|https://d1tvmj3dyb0q0v.cloudfront.net/installer/15934534307248459/357770|pid:22368,ProcessStart:132915939315515005;
webfile:_C:\Users\Elmanuel\Downloads\CheatEngine74.exe|https://d1tvmj3dyb0q0v.cloudfront.net/installer/4883649/36724166993864659568|pid:21604,ProcessStart:132915937643550803
Detection Origin: Internet
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.1099.0, AS: 1.361.1099.0, NIS:
1.361.1099.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-31 13:35:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-04-05 22:19:28
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Microsoft signing level requirements.
Date: 2022-04-05 21:58:35
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. P4.20 06/19/2020
Motherboard: ASRock B450 Gaming K4
Processor: AMD Ryzen 5 2600X Six-Core Processor
Percentage of memory in use: 62%
Total physical RAM: 16314 MB
Available physical RAM: 6095.68 MB
Total Virtual: 32186 MB
Available Virtual: 15152.58 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:237.87 GB) (Free:54.79 GB) NTFS
Drive d: (Data) (Fixed) (Total:1863 GB) (Free:516.44 GB) NTFS
\\?\Volume{85f118b6-e9d4-476f-8f5d-da7f0401994c}\ () (Fixed) (Total:0.49 GB)
(Free:0.08 GB) NTFS
\\?\Volume{807d690e-c315-4ecf-9479-ab451ba51596}\ () (Fixed) (Total:0.09 GB)
(Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
Edited by RyuQi, Yesterday, 02:40 PM.
* Back to top
--------------------------------------------------------------------------------
#4 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,722 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:40 AM
Posted Yesterday, 04:46 PM
Greetings Elmo.
The header of each report is missing. Can you re-post the reports, using
separate replies if the content is too long or, if the reports themselves don't
have headers, run another scan.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#5 RYUQI
RyuQi
* Topic Starter
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted Yesterday, 05:26 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by Elmanuel (05-04-2022 22:28:46)
Running from C:\Users\Elmanuel\Desktop
Microsoft Windows 10 Pro for Workstations Version 21H2 19044.1620 (X64)
(2021-03-05 21:30:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1817627007-317576481-894513035-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-1817627007-317576481-894513035-503 - Limited -
Disabled)
Elmanuel (S-1-5-21-1817627007-317576481-894513035-1001 - Administrator -
Enabled) => C:\Users\Elmanuel
Guest (S-1-5-21-1817627007-317576481-894513035-501 - Limited - Disabled)
Philip (S-1-5-21-1817627007-317576481-894513035-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1817627007-317576481-894513035-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\uTorrent)
(Version: 3.5.5.46090 - BitTorrent Inc.)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000})
(Version: 19.00.00.0 - Igor Pavlov)
7-Zip 21.00 alpha (x64) (HKLM\...\7-Zip) (Version: 21.00 alpha - Igor Pavlov)
A Normal Lost Phone
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\AmazonGames/A Normal Lost
Phone) (Version: - Plug In Digital)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700})
(Version: 22.001.20085 - Adobe)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2_4) (Version: 21.2.4.323 - Adobe
Inc.)
Amazon Games
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568})
(Version: 2.1.6190.2 - Amazon.com Services, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
Another Lost Phone: Laura's Story
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\AmazonGames/Another Lost
Phone - Laura's Story) (Version: - Plug In Digital)
Audacity 3.1.2 (HKLM\...\Audacity_is1) (Version: 3.1.2 - Audacity Team)
Autodesk SketchBook (HKLM\...\{AE6C5657-8710-4968-BEB5-1E2ED89CB2D2}) (Version:
8.71.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version:
1.0.64.43202 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA
Digital Illusions CE AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 -
Apple Inc.)
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version:
1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Discord) (Version:
1.0.9004 - Discord Inc.)
DroidCam Client (HKLM-x32\...\DroidCam) (Version: 6.5.2 - DEV47APPS)
Dying Light: Platinum Edition (HKLM-x32\...\Dying Light: Platinum Edition_is1)
(Version: - )
ELDEN RING (HKLM-x32\...\ELDEN RING_is1) (Version: - )
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847})
(Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64)
(HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8})
(Version: 2.0.28.0 - Epic Games, Inc.)
Facecheck
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Overwolf_fiekjlgoffmlmgfmggnoeoljkmfkcapcdmcgcfgm)
(Version: 0.8.7.11 - Overwolf app)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.16.1.0 - miHoYo Co.,Ltd)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:
- GOG.com)
Google Chrome (HKLM\...\{3887A4F3-6B98-3B9D-BA15-654AE6C48ABA}) (Version:
99.0.4844.84 - Google LLC)
Guilded 1.0.9115342-release
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\37acac95-e961-5909-9d05-c98f2db949a9)
(Version: 1.0.9115342-release - Guilded, Inc.)
Hollow Knight (HKLM-x32\...\Hollow Knight_is1) (Version: - )
Immortals Fenyx Rising version final (HKLM-x32\...\Immortals Fenyx Rising_is1)
(Version: final - The)
Intel Driver && Support Assistant
(HKLM-x32\...\{47300990-0B6C-4802-B40D-52B4003329AE}) (Version: 22.2.14.5 -
Intel) Hidden
Intel® Driver & Support Assistant
(HKLM-x32\...\{db3348f2-3be7-48d6-aa17-0e39785c9598}) (Version: 22.2.14.5 -
Intel)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0})
(Version: 8.0.2810.9 - Oracle Corporation)
Journey to the Savage Planet (HKLM-x32\...\1519147341_is1) (Version: 1.0.10 -
GOG.com)
Journey to the Savage Planet: Hot Garbage (HKLM-x32\...\1240193021_is1)
(Version: 1.0.10 - GOG.com)
Launcher Prerequisites (x64)
(HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic
Games, Inc.) Hidden
Legends of Runeterra (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Riot
Game bacon.live) (Version: - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:
2022.3.242300 - Logitech)
Lovense Browser version 30.3.2
(HKLM-x32\...\{EF65AAC0-AC86-4FA6-9A84-1630357761F9}_is1) (Version: 30.3.2 -
Hytto Ltd.)
Lovense Connect version 1.4.6
(HKLM-x32\...\{75E923E0-E92E-473F-BCFC-2106D3CD5D85}_is1) (Version: 1.4.6 -
Hytto Ltd.)
MediBang Paint Pro 27.2 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version:
27.2 - Medibang)
Microsoft .NET Runtime - 5.0.13 (x64)
(HKLM-x32\...\{39e101fa-a1d2-4cea-a853-cf1eb6c70e4d}) (Version: 5.0.13.30715 -
Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us)
(Version: 16.0.15028.20160 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.29 - Microsoft
Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version:
100.0.1185.29 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.055.0313.0001 -
Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Teams)
(Version: 1.4.00.26376 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9})
(Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
(HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
(HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
(HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
(HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
(HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
(HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
(HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015 RC Redistributable (x64) - 14.0.22816
(HKLM-x32\...\{e2495eb6-cca8-47aa-91ea-3410ca44d7b7}) (Version: 14.0.22816.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037
(HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704
(HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 -
Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.13 (x64)
(HKLM-x32\...\{e2d1ae32-dd1d-4ad7-a298-10e42e7840fc}) (Version: 5.0.13.30717 -
Microsoft Corporation)
Needy Streamer Overload (HKLM-x32\...\Needy Streamer Overload_is1) (Version: -
)
Nefarius Virtual Gamepad Emulation Bus Driver
(HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 -
Nefarius Software Solutions e.U.)
NoxPlayer (HKLM-x32\...\Nox) (Version: 7.0.1.3 - Duodian Technology Co. Ltd.)
NVIDIA FrameView SDK 1.2.7521.31103277
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version:
1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.26
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version:
3.25.1.26 - NVIDIA Corporation)
NVIDIA Graphics Driver 512.15
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version:
512.15 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.3
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version:
1.3.39.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version:
9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832
(HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 -
NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component
(HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component
(HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 -
Microsoft Corporation) Hidden
Opera GX Stable 84.0.4316.52
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Opera GX 84.0.4316.52)
(Version: 84.0.4316.52 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.111.50299 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.166.1.16 - Overwolf Ltd.)
Pokemon: Sword/Shield (HKLM-x32\...\Pokemon: Sword/Shield_is1) (Version: - )
Project Zomboid (HKLM-x32\...\1453298883_is1) (Version: 41.66 - GOG.com)
PS Remote Play (HKLM-x32\...\{899B5915-9704-4267-9768-0C1CC59D9B46}) (Version:
4.1.0.04020 - Sony Interactive Entertainment Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance,
Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.0228.022817 - Razer
Inc.)
Realtek High Definition Audio Driver
(HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8619 -
Realtek Semiconductor Corp.)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version:
1.0.53.576 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version:
2.0.9.3 - Rockstar Games)
Rogue Heroes: Ruins of Tasos
(HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\AmazonGames/Rogue Heroes -
Ruins of Tasos) (Version: - Team17 Digital Ltd)
Samsung DeX (HKLM-x32\...\{24639BA3-44DD-4648-806D-8046771E6722}) (Version:
2.0.0.20 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{51af111f-4665-4995-8982-55e0e02163e7}) (Version:
2.0.0.20 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones
(HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung
Electronics Co., Ltd.)
SIFU (HKLM-x32\...\SIFU_is1) (Version: - )
Spotify (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Spotify) (Version:
1.1.81.604.gccacfc8c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamElements SE.Live (HKLM-x32\...\StreamElements OBS.Live) (Version:
22.2.23.795 - StreamElements)
Streamlabs OBS 0.27.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version:
0.27.1 - General Workings, Inc.)
Super Smash Bros. Ultimate (HKLM-x32\...\Super Smash Bros. Ultimate_is1)
(Version: - )
Teams Machine-Wide Installer
(HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.4167 -
Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.18.4 - TeamViewer)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1)
(Version: 3.10.0 - Unified Intents AB)
univcredist (HKLM-x32\...\{2d9d4a60-1d22-46c1-84bb-1de04b4715d7}) (Version:
1.0.0.0 - Motiga)
VALORANT (HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Riot Game
valorant.live) (Version: - Riot Games, Inc)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469})
(Version: - VB-Audio Software)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter
{17359A74-1236-5467}) (Version: - VB-Audio Software)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.43-3 - Wacom
Technology Corp.)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.1 - Sysprogs)
Windows 11 Installation Assistant
(HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.1285 -
Microsoft Corporation)
Windows Driver Package - Nordic Semiconductor ASA (libusbK) Nordic Semiconductor
DFU (11/17/2017 1.0.0.0) (HKLM\...\9E604C253CF23E22559521E18F5477442849274E)
(Version: 11/17/2017 1.0.0.0 - Nordic Semiconductor ASA)
Windows Driver Package - Nordic Semiconductor ASA (usbser) Ports (05/11/2018
1.0.1.0) (HKLM\...\8BE37708EC0B1921B47CD432537BB725532CEF79) (Version:
05/11/2018 1.0.1.0 - Nordic Semiconductor ASA)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version:
1.03.97.02(6.6.2021 г.) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version:
3.70.18.0 - Xerox Corporation)
Xerox Phaser 3020 (HKLM-x32\...\Xerox Phaser 3020) (Version: V1.06 (6.7.2021 г.)
- Xerox Corporation)
Yakuza 6: The Song of Life (HKLM-x32\...\Yakuza 6: The Song of Life_is1)
(Version: - )
Приложения на Microsoft 365 за предприятия - bg-bg (HKLM\...\O365ProPlusRetail -
bg-bg) (Version: 16.0.15028.20160 - Microsoft Corporation)
Packages:
=========
Companion For Valorant -> C:\Program
Files\WindowsApps\25178TusharRaj.CompanionForValorant_1.4.1.0_x64__e6rj32ztk5xre
[2021-11-06] (Tushar Raj)
Galaxy Buds -> C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.GalaxyBuds_2.1.3.0_x64__3c1yjt4zspk6g
[2022-03-29] (Samsung Electronics Co. Ltd.)
Microsoft Whiteboard -> C:\Program
Files\WindowsApps\Microsoft.Whiteboard_52.10315.352.0_x64__8wekyb3d8bbwe
[2022-03-31] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program
Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj
[2022-04-01] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program
Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj
[2021-03-06] (Realtek Semiconductor Corp)
Samsung Flow -> C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy
[2022-03-04] (Samsung Electronics Co, Ltd.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32
-> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID:
HKU\S-1-5-21-1817627007-317576481-894513035-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32
->
C:\Users\Elmanuel\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21161.4\x64\Microsoft.Teams.AddinLoader.dll
(Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] ->
{056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] ->
{05B38830-F4E9-4329-978B-1DD28605D202} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] ->
{0596C850-7BDD-4C9D-AFDF-873BE6890637} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll
[2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2021-01-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
=> D:\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinCDEmu] -> {D0E37FD2-F675-426F-B09A-2CF37BA46FD5} =>
C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28]
(Sysprogs OU) [File not signed]
ContextMenuHandlers2: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>
C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28]
(Sysprogs OU) [File not signed]
ContextMenuHandlers3: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll
[2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2021-01-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>
C:\Program Files\Microsoft OneDrive\22.055.0313.0001\FileSyncShell64.dll
[2022-04-04] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] ->
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} =>
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\nvshext.dll
[2022-03-18] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>
C:\Program Files\7-Zip\7-zip.dll [2021-01-19] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [WinCDEmu] -> {A9901FCD-B4DF-43A1-BD5D-6C9F88679497} =>
C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll [2015-09-28]
(Sysprogs OU) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype за
бизнеса.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe
(Microsoft Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Изпращане в OneNote.lnk -> C:\Program Files\Microsoft
Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) -> /tsr <==== Cyrillic
ShortcutWithArgument: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google
Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2022-03-23 11:18 - 2022-03-22 22:32 - 000151040 _____ () [File not signed]
\\?\C:\Program
Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2022-01-24 13:43 - 2022-01-24 13:43 - 005745664 _____ () [File not signed]
C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2021-08-18 21:51 - 2021-08-18 21:51 - 000967168 _____ () [File not signed]
C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2021-03-23 01:43 - 2021-01-19 18:00 - 000077312 _____ (Igor Pavlov) [File not
signed] C:\Program Files\7-Zip\7-zip.dll
2021-05-21 14:04 - 2021-05-21 14:04 - 000130048 _____ (Sam Grogan) [File not
signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support
Assistant\NotifyIconWin32.dll
2021-06-01 21:32 - 2016-10-10 06:27 - 000556544 _____ (Soft Service Company)
[File not signed] D:\Phone\Unified Remote 3\wcl.dll
2017-02-12 03:28 - 2015-09-28 21:08 - 000255488 _____ (Sysprogs OU) [File not
signed] C:\Program Files (x86)\WinCDEmu\x64\WinCDEmuContextMenu.dll
2021-06-01 21:32 - 2017-05-29 04:55 - 001846272 _____ (The OpenSSL Project,
hxxp://www.openssl.org/) [File not signed] D:\Phone\Unified Remote
3\libcryptoMD.dll
2021-06-01 21:32 - 2017-05-29 04:55 - 000382976 _____ (The OpenSSL Project,
hxxp://www.openssl.org/) [File not signed] D:\Phone\Unified Remote
3\libsslMD.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\µTorrent.lnk:27CED3D9D4 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Access.lnk:A1B76439FE [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Audacity.lnk:09A0A90EF3 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic
Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Excel.lnk:B96E9B8455 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Lovense Connect.lnk:9CAB585B4D [10]
AlternateDataStreams: C:\Users\Elmanuel\Application
Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams:
C:\Users\Elmanuel\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7974]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Internet
Explorer\Main,Start Page = about:blank
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
-> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->
C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-03-08] (Oracle America,
Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->
C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-03-08] (Oracle America,
Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
[2022-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft
Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\localhost
-> localhost
IE trusted site:
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\sharepoint.com ->
hxxps://advancebelibrezi-files.sharepoint.com
IE trusted site:
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\webcompanion.com ->
hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 12:14 - 2021-12-20 21:17 - 000002552 _____
C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path ->
C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma
SDK\bin;C:\Program Files (x86)\Common
Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files
(x86)\Razer\ChromaBroadcast\bin;C:\Program
Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;;C:\Program
Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA
Corporation\PhysX\Common;C:\Program Files\dotnet\
HKU\S-1-5-21-1817627007-317576481-894513035-1001\Control
Panel\Desktop\\Wallpaper ->
c:\users\elmanuel\downloads\uhdpaper.com-download-pc-4k-wallpaper-877@1@e.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\StartupFolder:
=> "Изпращане в OneNote.lnk"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Battle.net"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Spotify"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Steam"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Discord"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Overwolf"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"Opera GX Browser Assistant"
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\StartupApproved\Run: =>
"ut"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{379299DA-3E22-4B3A-AF4C-C423E2BEADB0}] => (Allow) C:\Program
Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{36CC3488-EFE2-43A3-A7D8-F5E378E6E5D7}] => (Allow) C:\Program
Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{70639925-9662-491E-8186-ED8E3683D8FD}] => (Allow) C:\Program
Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{3AB26CB3-57DF-476E-8F9E-39AA1CC9EF36}] => (Allow)
D:\steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0CF08166-B2A2-4860-BCB5-EEB6463E45BB}] => (Allow)
D:\steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{14D206EC-754F-4E1D-970C-5D23A9FDB104}] => (Allow)
D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve
Corporation)
FirewallRules: [{52792D02-A69E-4645-91E1-544619FDC69B}] => (Allow)
D:\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve
Corporation)
FirewallRules: [{318759E4-D580-4A73-87FA-DE3BD23846F2}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan
-> )
FirewallRules: [{33AA74BF-64AC-4AE7-B13C-82512C5764AD}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan
-> )
FirewallRules: [TCP Query
User{6C5AC0BB-A3CA-4D58-A997-F2796C76B17B}C:\users\elmanuel\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB ->
Spotify Ltd)
FirewallRules: [UDP Query
User{AB82216F-0B38-4F44-90B0-9495BC7C65A5}C:\users\elmanuel\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB ->
Spotify Ltd)
FirewallRules: [{FE55E6A7-BE3D-4D8C-ABFF-FC68990CF761}] => (Block)
C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify
Ltd)
FirewallRules: [{701613B9-444F-44A0-9298-EB50A4385863}] => (Block)
C:\users\elmanuel\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify
Ltd)
FirewallRules: [{E4D6F9E9-4B65-4AA2-866E-598145C63FAA}] => (Allow)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [{10820A56-A19B-481A-AFBD-A7193510F1AE}] => (Allow)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [{E57D0190-FBF0-40DB-AECF-B964A652360B}] => (Block)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [{A839279C-7A34-4B64-B644-EB105815D406}] => (Block)
D:\Overwolf\0.166.1.16\OverwolfBrowser.exe => No File
FirewallRules: [TCP Query User{D6CFB425-2253-448D-9452-61479635DC67}C:\program
files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{5EEF3671-1DF7-4832-A62B-22AE501BFE24}C:\program
files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.)
FirewallRules: [{F37AD2B1-572D-48AE-8C4D-8F55EDB7E09C}] => (Block) C:\program
files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{35C7421D-C6F9-46E9-950D-8948850F870D}] => (Block) C:\program
files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{52575ABA-60E0-495E-86E7-32C50A0E620F}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{46B57CF6-1C27-43B9-90C1-FB886313450D}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [TCP Query
User{BEDFA006-912A-471B-B635-E3DC66BDEAE8}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.408\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.408\opera.exe => No
File
FirewallRules: [UDP Query
User{60E1F3BE-83BF-441C-9A65-E4EA679E5A98}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.408\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.408\opera.exe => No
File
FirewallRules: [{A304B09E-2D18-46F4-987C-4E728819F8AA}] => (Allow)
D:\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy
-> EasyAntiCheat Ltd)
FirewallRules: [{2AD21D12-4E50-4C71-8949-F4577A3BD5B6}] => (Allow)
D:\steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy
-> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{3BC775BA-EA95-4134-BC3C-0B697DC51C6E}C:\program
files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program
files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{D0DB4764-8A93-4DA2-8575-74F6C73E9D85}C:\program
files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program
files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{87AAB17F-7A21-4FEA-AA45-920D0C7497E2}] => (Allow)
D:\steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat
Oy -> EasyAntiCheat Ltd)
FirewallRules: [{3E6CB7F1-5C28-498C-B771-FBEC3E9FE443}] => (Allow)
D:\steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe (EasyAntiCheat
Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query
User{EB1600BA-CE13-4B94-A190-2BC10C34EBCF}D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe
=> No File
FirewallRules: [UDP Query
User{9728A279-115C-4976-993D-E83EE4935C64}D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe
=> No File
FirewallRules: [{D685D27C-E585-4C91-A85F-FF47D063E966}] => (Allow)
D:\Phone\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung
Electronics Co., Ltd.)
FirewallRules: [{7569AB4D-FE4B-405C-A476-A82C80B699DE}] => (Allow)
D:\Phone\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung
Electronics Co., Ltd.)
FirewallRules: [TCP Query User{4A4C9564-D9FA-4B28-BA7A-51C5E79F4C38}C:\program
files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files
(x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{5FDCE4A1-4EED-4A4A-A207-24A63A8B72DA}C:\program
files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files
(x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query
User{8599BFC7-B218-4B2A-A5D0-AD371610609F}D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic
Games, Inc.)
FirewallRules: [UDP Query
User{30ED4A0F-F9A5-45F1-8E2A-23A24DE7E3F7}D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe] => (Allow) D:\games\epic
games\ue_4.26\engine\binaries\win64\ue4editor.exe (Epic Games Inc. -> Epic
Games, Inc.)
FirewallRules: [TCP Query
User{BFDEEB9A-E7D4-4BA5-9AAC-BF2201B67BDC}D:\games\epic
games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow)
D:\games\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe =>
No File
FirewallRules: [UDP Query
User{DCE80D9D-4E16-47EC-A9B8-79E8187630AC}D:\games\epic
games\roguecompany\roguecompany\binaries\win64\roguecompany.exe] => (Allow)
D:\games\epic games\roguecompany\roguecompany\binaries\win64\roguecompany.exe =>
No File
FirewallRules: [TCP Query
User{33EAC79F-65F6-433A-8607-B10165DB34FE}C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe]
=> (Allow) C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query
User{31CECF9A-26FC-485B-8A34-AC65925F5F90}C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe]
=> (Allow) C:\users\elmanuel\appdata\local\microsoft\teams\current\teams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query
User{99A7FA74-12C3-4C69-93E8-8E7568FA3AB3}D:\battlenet\overwatch\_retail_\overwatch.exe]
=> (Allow) D:\battlenet\overwatch\_retail_\overwatch.exe (Blizzard
Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query
User{16BC07C3-7BCD-4DBF-B72C-4DE8BFE3C509}D:\battlenet\overwatch\_retail_\overwatch.exe]
=> (Allow) D:\battlenet\overwatch\_retail_\overwatch.exe (Blizzard
Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query
User{0BB24D2E-AB57-44B8-9F47-580DC9FA15B5}D:\games\overwolf\0.166.1.16\overwolfbrowser.exe]
=> (Allow) D:\games\overwolf\0.166.1.16\overwolfbrowser.exe (Overwolf Ltd ->
Overwolf LTD)
FirewallRules: [UDP Query
User{F3EFF7E0-BFB0-4AA2-AC82-08C794E346D4}D:\games\overwolf\0.166.1.16\overwolfbrowser.exe]
=> (Allow) D:\games\overwolf\0.166.1.16\overwolfbrowser.exe (Overwolf Ltd ->
Overwolf LTD)
FirewallRules: [TCP Query
User{212A6F98-9E8D-486A-A39D-6CC77AE3F855}D:\games\titanfall 2\titanfall2.exe]
=> (Allow) D:\games\titanfall 2\titanfall2.exe => No File
FirewallRules: [UDP Query
User{634A0180-EED0-470B-9CC3-D705B76A191E}D:\games\titanfall 2\titanfall2.exe]
=> (Allow) D:\games\titanfall 2\titanfall2.exe => No File
FirewallRules: [{43EA1371-9AB9-4DB2-AB62-F010DA08DF76}] => (Allow)
D:\steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{0453755E-51D8-4015-B5B9-12FCE71A2F95}] => (Allow)
D:\steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [TCP Query
User{66572059-DE44-4076-BFB2-5BB8FFF0D4B5}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [UDP Query
User{9848B4CE-2EB5-4EBE-A9DF-269FA7CB6E22}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.415\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.415\opera.exe => No
File
FirewallRules: [TCP Query
User{B36D5945-719F-4644-B7C1-99EC37B4F374}D:\streaming\streamlabs obs\streamlabs
obs.exe] => (Allow) D:\streaming\streamlabs obs\streamlabs obs.exe (Streamlabs
(General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query
User{F7C0AE11-069F-437F-A2C1-10B620CC4DD9}D:\streaming\streamlabs obs\streamlabs
obs.exe] => (Allow) D:\streaming\streamlabs obs\streamlabs obs.exe (Streamlabs
(General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [TCP Query User{555207C6-D61E-4047-B4A7-D9141E5E55E9}D:\android
studio\bin\studio64.exe] => (Allow) D:\android studio\bin\studio64.exe (Google
LLC -> JetBrains s.r.o.)
FirewallRules: [UDP Query User{341BA1DB-6A07-4186-89BE-1D42AF57DF35}D:\android
studio\bin\studio64.exe] => (Allow) D:\android studio\bin\studio64.exe (Google
LLC -> JetBrains s.r.o.)
FirewallRules: [TCP Query
User{9BE7E48E-7701-4F52-B573-FE921B258796}D:\battlenet\call of duty modern
warfare\modernwarfare.exe] => (Allow) D:\battlenet\call of duty modern
warfare\modernwarfare.exe => No File
FirewallRules: [UDP Query
User{DCB32E09-EC2B-43E4-AEA5-CB80DF8E0FA7}D:\battlenet\call of duty modern
warfare\modernwarfare.exe] => (Allow) D:\battlenet\call of duty modern
warfare\modernwarfare.exe => No File
FirewallRules: [TCP Query
User{D3DA8824-A202-4203-B14C-A048A52696CA}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [UDP Query
User{0D22A267-C4B8-440E-8088-8E9445D6D07D}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.424\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.424\opera.exe => No
File
FirewallRules: [TCP Query
User{2D9DE9B5-884C-4AD9-A129-6093F7293CC8}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.434\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.434\opera.exe => No
File
FirewallRules: [UDP Query
User{21F96DB0-55D7-4715-AA97-8CDB107C666F}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.434\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.434\opera.exe => No
File
FirewallRules: [{ED503F37-6636-4EBE-9B64-B7B51D03D334}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{4B6D2957-7E41-4DCB-A1D1-426BA313B5A8}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [TCP Query
User{D324F06C-CE81-47BE-8E5D-2450FBF8FDF5}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.438\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.438\opera.exe => No
File
FirewallRules: [UDP Query
User{D8777ED3-2096-47B1-956A-ED819863B32A}C:\users\elmanuel\appdata\local\programs\opera
gx\73.0.3856.438\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\73.0.3856.438\opera.exe => No
File
FirewallRules: [TCP Query User{97AAC706-C5E3-4ECB-B60D-7894E509381B}D:\smart
view.exe] => (Allow) D:\smart view.exe => No File
FirewallRules: [UDP Query User{543765E7-B693-4FFB-89A0-C59F3F096662}D:\smart
view.exe] => (Allow) D:\smart view.exe => No File
FirewallRules: [TCP Query
User{3E641431-3001-43F7-B6BC-1F162144A8B7}D:\steam\crossout\launcher.exe] =>
(Allow) D:\steam\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [UDP Query
User{2553DD15-7946-48AF-B8FE-9684CBBA60EC}D:\steam\crossout\launcher.exe] =>
(Allow) D:\steam\crossout\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [{8CA57C4D-B76C-40FF-A294-5652A1434A68}] => (Allow)
D:\Drivers\Iriun Webcam\webcam.exe => No File
FirewallRules: [{C9DCABF4-7D42-4CE6-80E5-D243DD630251}] => (Allow)
D:\Games\RemotePlay.exe (Sony Interactive Entertainment Inc. -> Sony Interactive
Entertainment Inc.)
FirewallRules: [TCP Query
User{F4688B84-0845-4227-82C0-31E1F8F54FB7}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.259\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No
File
FirewallRules: [UDP Query
User{39D6872B-CDBB-4AB2-AE8B-7E3A56EC8D97}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.259\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.259\opera.exe => No
File
FirewallRules: [{41CB30B1-B5C7-4086-B93A-32019B44EFD5}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany
GmbH)
FirewallRules: [{1CC8B28F-6916-47A7-B676-9E370E15524C}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany
GmbH)
FirewallRules: [{36F64AF6-3A16-4703-9CD8-DA45B0A4F5E7}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer
Germany GmbH)
FirewallRules: [{031F81D9-3407-463E-BE05-290061F8C1BD}] => (Allow) C:\Program
Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer
Germany GmbH)
FirewallRules: [TCP Query
User{6CDB86A4-8FC9-4751-AFC2-0389B5588E67}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [UDP Query
User{DD1E1CB9-AEB0-43BF-8360-2642EECB3596}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [TCP Query
User{D5BA940A-EA9D-4838-9FCE-06C2EB3AA8A8}D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe
=> No File
FirewallRules: [UDP Query
User{E06735BD-2159-43E8-AA51-5F9B4E384599}D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe]
=> (Allow)
D:\steam\steamapps\common\scavengers\scavenger\binaries\win64\scavenger-win64-shipping.exe
=> No File
FirewallRules: [TCP Query
User{B303477F-BBFD-45A9-86D7-8BE8D3606D35}D:\games\droidcam\droidcamapp.exe] =>
(Allow) D:\games\droidcam\droidcamapp.exe => No File
FirewallRules: [UDP Query
User{4FB66747-27A6-4078-B17C-BCECB5FC23E4}D:\games\droidcam\droidcamapp.exe] =>
(Allow) D:\games\droidcam\droidcamapp.exe => No File
FirewallRules: [{597A9F3C-2E76-48C6-BA16-C1D35B5477CB}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F9B7C809-FA21-4D39-B3E7-59BC93957F15}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DE828D14-A4F8-4F6C-9543-0B54275267E0}] => (Allow) C:\Program
Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{03CD7FA6-7511-4F76-88AB-D8071614C7EC}] => (Allow) C:\Program
Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query
User{0585D0F1-F940-4ADA-A733-0BDEB41419A6}D:\games\ivcam\ivcam.exe] => (Allow)
D:\games\ivcam\ivcam.exe => No File
FirewallRules: [UDP Query
User{282FCFC8-16F0-4E60-9435-540A1E440BE6}D:\games\ivcam\ivcam.exe] => (Allow)
D:\games\ivcam\ivcam.exe => No File
FirewallRules: [TCP Query
User{49AEE2D8-E14C-4A54-8C35-2F4A17C2C9D6}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.285\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No
File
FirewallRules: [UDP Query
User{DE28AF2D-EF6D-4B08-A0E0-B51D5C3B2606}C:\users\elmanuel\appdata\local\programs\opera
gx\75.0.3969.285\opera.exe] => (Block)
C:\users\elmanuel\appdata\local\programs\opera gx\75.0.3969.285\opera.exe => No
File
FirewallRules: [TCP Query
User{470142B5-8A04-4AF3-A634-384284F54A41}D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe]
=> (Allow)
D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe
(Hytto Ltd.) [File not signed]
FirewallRules: [UDP Query
User{0EC79C57-13CF-4C3C-B560-A5E4A808FD45}D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe]
=> (Allow)
D:\nuggetbich\gradle\wrapper\scoped_dir6188_898613544\connect\lovense_connect.exe
(Hytto Ltd.) [File not signed]
FirewallRules: [TCP Query User{95DB344B-1F89-4513-951E-EA417D3A17CB}C:\riot
games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot
client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{E2F2C61C-31C9-4110-BFA0-8887CEDDA4A0}C:\riot
games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot
client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query
User{86F9CC40-9953-418C-B621-BC8D3E96AE10}C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query
User{A272A95A-2BD1-4076-9AB3-317709B655E6}C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.tlauncher\jvms\jre1.8.0_281\bin\javaw.exe
FirewallRules: [TCP Query
User{78DF9028-E05A-4180-9D36-526E7BBE37EE}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [UDP Query
User{98B152AE-4D44-432A-950F-8859663A30AC}D:\phone\unified remote
3\remoteserverwin.exe] => (Allow) D:\phone\unified remote 3\remoteserverwin.exe
(Unified Intents AB -> Unified Intents AB)
FirewallRules: [TCP Query
User{AF8711A1-550C-498C-8F17-EBB24C57F982}C:\users\elmanuel\appdata\local\programs\opera
gx\77.0.4054.275\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => No
File
FirewallRules: [UDP Query
User{AFA10620-514F-4125-9940-1E48523E89EE}C:\users\elmanuel\appdata\local\programs\opera
gx\77.0.4054.275\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\77.0.4054.275\opera.exe => No
File
FirewallRules: [TCP Query
User{CBF0074C-32F1-404B-81F5-247470AD5368}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.153\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => No
File
FirewallRules: [UDP Query
User{DD6D63F2-AE43-415A-AD36-3B0B61BFF200}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.153\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.153\opera.exe => No
File
FirewallRules: [TCP Query User{A1904CF8-960E-4819-A35D-DEBFA6136F26}C:\program
files (x86)\vb\voicemeeter\vban2midi.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\vban2midi.exe (Vincent Burel -> Audio Mechanic & Sound
Breeder)
FirewallRules: [UDP Query User{D3A9ADA3-9999-4154-917A-D40A14132737}C:\program
files (x86)\vb\voicemeeter\vban2midi.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\vban2midi.exe (Vincent Burel -> Audio Mechanic & Sound
Breeder)
FirewallRules: [{42630AC6-D023-4422-BAEE-FED8663BD3AC}] => (Allow)
C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{391282DC-2960-4FCE-9B5C-846989F0C29A}] => (Allow)
C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{63F8C7F2-D0B9-4F9D-A780-27A773FF51B3}] => (Allow)
C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{9AB586B7-22C3-4F01-87F6-3DADC927DD2D}] => (Allow)
C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{832DC759-9DAA-45C3-8D4D-6C96084EE1E4}] => (Allow)
D:\steam\steamapps\common\College
Bound\CollegeBound-Steam.Ep.1-market\CollegeBound.exe => No File
FirewallRules: [{B4577EB2-0D90-426C-A18F-9A5EDD7F382C}] => (Allow)
D:\steam\steamapps\common\College
Bound\CollegeBound-Steam.Ep.1-market\CollegeBound.exe => No File
FirewallRules: [TCP Query
User{A4C85526-7757-4A2D-97B1-7C1E502E6A02}D:\steam\steamapps\common\battlefield
4\bf4.exe] => (Allow) D:\steam\steamapps\common\battlefield 4\bf4.exe => No File
FirewallRules: [UDP Query
User{10B8BE09-DB75-4E47-BD48-A725BB053A0D}D:\steam\steamapps\common\battlefield
4\bf4.exe] => (Allow) D:\steam\steamapps\common\battlefield 4\bf4.exe => No File
FirewallRules: [{79A37533-227F-4409-BC17-7AB90DE10E4E}] => (Allow)
D:\steam\steamapps\common\MMORPG Tycoon 2\MT2.exe () [File not signed]
FirewallRules: [{2F30214F-4068-4799-A028-7BA37D6C0576}] => (Allow)
D:\steam\steamapps\common\MMORPG Tycoon 2\MT2.exe () [File not signed]
FirewallRules: [TCP Query
User{F713D4D8-DC34-4AE7-8B5C-52B41ADF53C2}D:\games\epic games\nioh\nioh.exe] =>
(Allow) D:\games\epic games\nioh\nioh.exe (KOEI TECMO GAMES CO., LTD. -> KOEI
TECMO GAMES CO., LTD.)
FirewallRules: [UDP Query
User{552AB713-1488-4E6F-9A39-6169AC418515}D:\games\epic games\nioh\nioh.exe] =>
(Allow) D:\games\epic games\nioh\nioh.exe (KOEI TECMO GAMES CO., LTD. -> KOEI
TECMO GAMES CO., LTD.)
FirewallRules: [TCP Query
User{2C46262C-5EB1-4779-ADF6-8E8AE9E8757B}D:\games\epic
games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow)
D:\games\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No
File
FirewallRules: [UDP Query
User{1D233BDC-EEA1-412D-BE06-EDD7DE1351A3}D:\games\epic
games\genshinimpact\genshin impact game\genshinimpact.exe] => (Allow)
D:\games\epic games\genshinimpact\genshin impact game\genshinimpact.exe => No
File
FirewallRules: [TCP Query
User{84C7A0F9-4A29-42DA-A971-3B0EBD321ED8}D:\steam\steamapps\common\sword art
online fatal bullet\saofb\binaries\win64\saofb-win64-shipping.exe] => (Allow)
D:\steam\steamapps\common\sword art online fatal
bullet\saofb\binaries\win64\saofb-win64-shipping.exe => No File
FirewallRules: [UDP Query
User{497A1809-4D1C-4959-877F-5B9BF2C9FC84}D:\steam\steamapps\common\sword art
online fatal bullet\saofb\binaries\win64\saofb-win64-shipping.exe] => (Allow)
D:\steam\steamapps\common\sword art online fatal
bullet\saofb\binaries\win64\saofb-win64-shipping.exe => No File
FirewallRules: [TCP Query
User{928B9A5B-E09A-49B1-B465-3B6D00497587}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.186\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => No
File
FirewallRules: [UDP Query
User{FF0FCBE1-50F3-47FF-AEBD-C23E17A3229F}C:\users\elmanuel\appdata\local\programs\opera
gx\78.0.4093.186\opera.exe] => (Allow)
C:\users\elmanuel\appdata\local\programs\opera gx\78.0.4093.186\opera.exe => No
File
FirewallRules: [{3C3F1662-4047-4630-ACED-9D363B3D8A11}] => (Allow)
D:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc.
-> Rockstar Games)
FirewallRules: [{A3535715-A060-4F0F-BD02-8264A6DAD511}] => (Allow)
D:\steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc.
-> Rockstar Games)
FirewallRules: [TCP Query
User{6EEA1705-3FA3-456D-A4D1-E549F3733DA4}D:\steam\steamapps\common\grand theft
auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto
v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query
User{BBA1C5E5-13B0-42ED-8401-07025404AB48}D:\steam\steamapps\common\grand theft
auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto
v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{295A6B1A-8E9C-4CE8-B008-DD1C8DDF1975}] => (Allow)
D:\steam\steamapps\common\PHANTASYSTARONLINE2_NA_STEAM\pso2_bin\pso2launcher.exe
(SEGA Games Co., Ltd. -> SEGA)
FirewallRules: [{0A41FD0D-51FF-44AD-BA64-02B543BDB313}] => (Allow)
D:\steam\steamapps\common\PHANTASYSTARONLINE2_NA_STEAM\pso2_bin\pso2launcher.exe
(SEGA Games Co., Ltd. -> SEGA)
FirewallRules: [TCP Query
User{D09656DB-DD59-49EA-A0EF-F1EA5CC7481E}C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe] => (Allow) C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query
User{E5C963BA-488D-4F02-B84D-AD4442DAF064}C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe] => (Allow) C:\users\elmanuel\appdata\local\programs\opera
gx\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query
User{FF0B73F5-E1DB-41BB-AD0A-E7C7F57187C3}C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai
asmodeus\hentai asmodeus.exe] => (Allow)
C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai asmodeus\hentai
asmodeus.exe => No File
FirewallRules: [UDP Query
User{826700BD-090D-4CCA-862C-D655ED583F27}C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai
asmodeus\hentai asmodeus.exe] => (Allow)
C:\users\elmanuel\desktop\hentai_asmodeus\hentai.asmodeus\hentai asmodeus\hentai
asmodeus.exe => No File
FirewallRules: [TCP Query
User{3D9A65F5-4D51-4C88-834F-D97C87509056}D:\games\youtubers life 2\youtubers
life 2.exe] => (Allow) D:\games\youtubers life 2\youtubers life 2.exe => No File
FirewallRules: [UDP Query
User{B2A10EBD-7ECE-488B-92FB-7D9BF6988C82}D:\games\youtubers life 2\youtubers
life 2.exe] => (Allow) D:\games\youtubers life 2\youtubers life 2.exe => No File
FirewallRules: [{250CB943-7E56-40BC-8EDA-027EB0F47029}] => (Allow)
D:\Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital
Illusions CE AB)
FirewallRules: [{B8E1FFBD-BC54-4017-B4B1-6C27FAF37F35}] => (Allow)
D:\Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital
Illusions CE AB)
FirewallRules: [{F317776F-C54F-48F8-A49F-00FEACE3C8F0}] => (Allow)
D:\Games\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{13FAE958-29F3-4FAF-BE88-AF81AD5D7006}] => (Allow)
D:\Games\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query
User{342CF780-812E-45FF-A40A-FC59566AF3E0}D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe]
=> (Allow)
D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe (SEGA
Games Co., Ltd. -> )
FirewallRules: [UDP Query
User{40A2DBA6-7D95-4747-89A9-CC6C723EF272}D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe]
=> (Allow)
D:\steam\steamapps\common\phantasystaronline2_na_steam\pso2_bin\pso2.exe (SEGA
Games Co., Ltd. -> )
FirewallRules: [TCP Query
User{DCE0276E-1119-4E3B-A10E-0C5E50137D91}D:\games\genshin impact
game\genshinimpact.exe] => (Allow) D:\games\genshin impact
game\genshinimpact.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [UDP Query
User{C2119031-F00A-48A5-9966-00278461C53C}D:\games\genshin impact
game\genshinimpact.exe] => (Allow) D:\games\genshin impact
game\genshinimpact.exe (COGNOSPHERE PTE. LTD. -> )
FirewallRules: [TCP Query
User{1E33755C-D4D3-4F0C-9694-90A339FAB1DC}C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe]
=> (Allow) C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe
(Skutta, Kristjan -> )
FirewallRules: [UDP Query
User{14B48A0C-BA3D-4206-B059-3B691D7D6454}C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe]
=> (Allow) C:\steamlibrary\steamapps\common\wallpaper_engine\bin\ui32.exe
(Skutta, Kristjan -> )
FirewallRules: [{249A5373-F02C-4A47-AF7F-87D57E33B6E1}] => (Allow)
D:\steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{7B4B15EE-74D9-45B5-AE91-DA0C9F8B63C7}] => (Allow)
D:\steam\steamapps\common\RuneScape\bin\win64\RuneScape.exe => No File
FirewallRules: [{C3D42BC5-A37B-4D54-8FA2-0960DE8C1D91}] => (Allow)
C:\Users\Elmanuel\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc ->
BitTorrent Inc.)
FirewallRules: [{68ACF994-82D7-4EAB-8BDA-99CEF5D634D9}] => (Allow)
C:\Users\Elmanuel\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc ->
BitTorrent Inc.)
FirewallRules: [{E2882900-2F40-49C9-B31A-CC4919865E09}] => (Allow)
C:\Users\Elmanuel\AppData\Local\Programs\Opera\82.0.4227.33\opera.exe => No File
FirewallRules: [{B26B211E-36D9-4F28-B970-709DD339D47B}] => (Allow)
D:\steam\steamapps\common\My Catgirl Maid Thinks She Runs the
Place\MyCatgirlMaidComplete-1.0-pc\MyCatgirlMaidComplete.exe () [File not
signed]
FirewallRules: [{D62AB806-48F4-42AB-890E-F33AEB2E1F03}] => (Allow)
D:\steam\steamapps\common\My Catgirl Maid Thinks She Runs the
Place\MyCatgirlMaidComplete-1.0-pc\MyCatgirlMaidComplete.exe () [File not
signed]
FirewallRules: [TCP Query
User{B5FE75C8-DA34-4C3E-9975-6EDEA3FC85E6}C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe]
=> (Allow)
C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe
=> No File
FirewallRules: [UDP Query
User{9F7EAE62-1746-4AFE-A6CA-9102D9806E3E}C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe]
=> (Allow)
C:\users\elmanuel\appdata\local\vortxengine\app-2.2.18\signal-x64\signalrgb.exe
=> No File
FirewallRules: [{391C9221-374E-48A9-BB11-C75A8F182478}] => (Allow)
D:\steam\steamapps\common\8BitB\8BB.exe () [File not signed]
FirewallRules: [{B6033BE0-D2BE-40A0-BF3B-F8B5E9AFFC46}] => (Allow)
D:\steam\steamapps\common\8BitB\8BB.exe () [File not signed]
FirewallRules: [{51C38D9F-5118-4D09-93B0-C8143D66FE2C}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{263FB070-5734-448D-8AA5-2FEF44DFBFDB}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{B924AA2C-0186-4E72-8873-D5B012A945F1}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{1A0E0923-F5DF-49C8-809F-24CBA4A2DA52}] => (Allow)
D:\steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG
CORPORATION -> KRAFTON, Inc.)
FirewallRules: [{81BFE6BB-DCFC-4DDA-83F4-2F7F2CF3CFD0}] => (Allow)
D:\steam\steamapps\common\PUBG\TslGame\Binaries\Win64\ExecPubg.exe (PUBG
CORPORATION -> KRAFTON, Inc.)
FirewallRules: [TCP Query
User{4BF153B6-81A3-4051-A0A7-D8786918857B}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
(PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [UDP Query
User{E6860187-0D46-45EC-8DC2-0D80F150174B}D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe]
=> (Allow) D:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
(PUBG CORPORATION -> Bluehole GinnoGames, Inc.)
FirewallRules: [TCP Query
User{AAB2B4C8-9513-4151-B783-23249444B39E}C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe]
=> (Block)
C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe
=> No File
FirewallRules: [UDP Query
User{684FB00A-9C08-401D-9EBF-4C67CEBD4D3B}C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe]
=> (Block)
C:\users\elmanuel\appdata\roaming\salad\plugin-bin\phoenixminer-5.7b\phoenixminer.exe
=> No File
FirewallRules: [TCP Query
User{4E1D36DA-61B2-4DC6-B0E8-3105C259BFCD}C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query
User{FEEDA86A-0845-493B-B014-9B2044493378}C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe]
=> (Allow)
C:\users\elmanuel\appdata\roaming\.minecraft\runtime\java-runtime-beta\windows\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query
User{AC5E372D-500C-4AA1-BA8F-F2B9D1E61E58}D:\games\dying light - platinum
edition\dyinglightgame.exe] => (Allow) D:\games\dying light - platinum
edition\dyinglightgame.exe (Techland Sp. z o.o. -> Techland) [File not signed]
FirewallRules: [UDP Query
User{7A60E261-4197-4581-8892-2B90EA3F8FD6}D:\games\dying light - platinum
edition\dyinglightgame.exe] => (Allow) D:\games\dying light - platinum
edition\dyinglightgame.exe (Techland Sp. z o.o. -> Techland) [File not signed]
FirewallRules: [TCP Query
User{2AE010C4-CE2E-4692-834C-7B3CCEAE0EA8}D:\games\epic games\epic
games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic
games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games
Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query
User{CB7B87F9-7C2B-43B3-9C37-48A44C6C79CD}D:\games\epic games\epic
games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\games\epic
games\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games
Inc. -> Epic Games, Inc.)
FirewallRules: [{6F6A0EC7-539B-41C1-8C64-1BEFCF428EC8}] => (Allow)
D:\steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat
Oy -> Epic Games, Inc)
FirewallRules: [{2C9FBAE1-72E1-408C-ADE0-ABD65D287AB6}] => (Allow)
D:\steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat
Oy -> Epic Games, Inc)
FirewallRules: [TCP Query
User{C4D9C518-446D-46DD-88E5-9D9AAA2F26E4}D:\games\needy streamer
overload\windose.exe] => (Allow) D:\games\needy streamer overload\windose.exe ()
[File not signed]
FirewallRules: [UDP Query
User{B95DCA7E-A282-413D-92E4-C788713FE946}D:\games\needy streamer
overload\windose.exe] => (Allow) D:\games\needy streamer overload\windose.exe ()
[File not signed]
FirewallRules: [{A25D5FCC-8F5B-42FF-AAE5-6B48A92FBE4F}] => (Allow) D:\Program
Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{3D54A22A-CF6C-4574-A627-6C881F3C2E74}] => (Allow) C:\Program
Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited
Corporation)
FirewallRules: [TCP Query
User{1AE2907E-FE4C-4223-B075-2ADAF0BA01AD}D:\games\elden ring\advguide\elden
ring adventure guide.exe] => (Allow) D:\games\elden ring\advguide\elden ring
adventure guide.exe () [File not signed]
FirewallRules: [UDP Query
User{9977D99A-84F1-4A8D-9B6D-CD378B1B5C09}D:\games\elden ring\advguide\elden
ring adventure guide.exe] => (Allow) D:\games\elden ring\advguide\elden ring
adventure guide.exe () [File not signed]
FirewallRules: [TCP Query
User{691B3AA1-8839-4221-AB39-4EEDF49DE009}D:\games\elden ring\artbookost\elden
ring digital artbook & soundtrack.exe] => (Allow) D:\games\elden
ring\artbookost\elden ring digital artbook & soundtrack.exe () [File not signed]
FirewallRules: [UDP Query
User{CD87759D-89A5-4C8D-A56A-D2AB16BD4414}D:\games\elden ring\artbookost\elden
ring digital artbook & soundtrack.exe] => (Allow) D:\games\elden
ring\artbookost\elden ring digital artbook & soundtrack.exe () [File not signed]
FirewallRules: [{B2E9DA89-1113-48CB-B3BA-99463E20B015}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [{3D5EDFCC-367E-4CC4-9AD8-5C394C6949B7}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [{A4AD9CE5-5686-4CD6-BFC5-3CFF8E4BD5BC}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [{994EC7B5-10D3-4E68-84C7-C56DF39C41D0}] => (Allow) C:\Program
Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.8.9.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
(Samsung Electronics CO., LTD. -> )
FirewallRules: [TCP Query
User{CA57AF16-C25E-44F8-B4CC-03387F2CEA59}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [UDP Query
User{9E3AC1F1-57BE-4B26-BC1D-E25010BD1440}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [TCP Query
User{6573AA09-C4BD-4159-B12C-C6B656CAF66D}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe
=> No File
FirewallRules: [UDP Query
User{760E4C60-A09D-402F-8281-31B7A0DCC990}C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe]
=> (Allow)
C:\users\elmanuel\desktop\project.zomboid.v41.68\project.zomboid.v41.68\project.zomboid.v41.68\projectzomboid32.exe
=> No File
FirewallRules: [TCP Query
User{4C8A2812-F721-4B37-A683-839C7AB4199C}C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow) C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [UDP Query
User{D6E1B49D-17B8-43CF-93E0-48EEF532FAA4}C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe]
=> (Allow) C:\users\elmanuel\desktop\project.zomboid.v41.68\projectzomboid64.exe
=> No File
FirewallRules: [TCP Query User{A021BD37-C7EC-4229-99B5-37D6E50624FF}C:\gog
games\project zomboid\projectzomboid64.exe] => (Allow) C:\gog games\project
zomboid\projectzomboid64.exe () [File not signed]
FirewallRules: [UDP Query User{CCF50314-1C1F-4B1B-9814-AED52DB795D2}C:\gog
games\project zomboid\projectzomboid64.exe] => (Allow) C:\gog games\project
zomboid\projectzomboid64.exe () [File not signed]
FirewallRules: [TCP Query User{DE62F785-E3FF-45CD-9A15-0F7FBE949F8F}C:\program
files (x86)\vb\voicemeeter\voicemeeterpro.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
FirewallRules: [UDP Query User{755E69F9-A662-406E-89DA-1AA9D66C4AB4}C:\program
files (x86)\vb\voicemeeter\voicemeeterpro.exe] => (Allow) C:\program files
(x86)\vb\voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
FirewallRules: [{D66C186E-0D30-46EB-A268-84B1EEE49D0E}] => (Allow) C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F5B75346-DC13-4073-9346-276FBA5ADB79}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{E9F3A248-4A64-4E6E-B7A9-BD1ADB20A19A}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{0F1ACA54-F6CE-468F-89F4-5EBB7EFEBC7D}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{202F2A9F-01D0-4858-B304-3C2054652421}] => (Allow) C:\Program
Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation ->
NVIDIA Corporation)
FirewallRules: [{A9936FFE-4CE4-4872-955E-B0C39E424B76}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta,
Kristjan -> )
FirewallRules: [{62A960EA-41A8-47A1-A581-34D489246626}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta,
Kristjan -> )
FirewallRules: [{D340CF2B-7607-4588-8A01-7F4345F051A4}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan
-> )
FirewallRules: [{B3C58C24-D87C-49B5-A826-D0A2CB5CCFE0}] => (Allow)
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan
-> )
FirewallRules: [{441D81C1-5725-4AC7-8146-8F40B04D561B}] => (Allow) C:\Program
Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe => No File
FirewallRules: [{A66D0062-21AF-4F83-9E95-1382E577B7CA}] => (Allow) C:\Program
Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll => No File
FirewallRules: [{27A8E2A9-3640-4A85-B29B-E9E2B2DF6A52}] => (Allow) C:\Program
Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe => No File
FirewallRules: [{821CD5D7-893B-4FFD-9C44-558D68E6D3A0}] => (Allow) C:\Program
Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.29\msedgewebview2.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D2E3EDA8-649B-48BC-94A8-85FA99FB1DDD}] => (Allow) C:\Program
Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO.,
LTD. -> )
FirewallRules: [{A0981BCA-1F4D-4F34-AAFA-986AFF9E47C6}] => (Allow) C:\Program
Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO.,
LTD. -> )
FirewallRules: [{6E20A955-59A6-4295-B05D-12B9ED581518}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{04480C6C-F644-435A-AC39-BB94D8334EB2}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{5C76D343-0816-408A-858E-FD84ED05DAB3}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{FD5AD9C1-2323-4193-A852-59C7E00D3AAE}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{752A391A-A823-4951-AE21-6F0E8783F8DC}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.)
[File not signed]
FirewallRules: [{EFB2C9FF-12AF-499E-A86E-EBB89D7639E2}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.)
[File not signed]
FirewallRules: [{8585DCA4-076B-414B-A3F5-D47782F533A1}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File
not signed]
FirewallRules: [{A6902CD9-F0A8-4F9C-901A-6C5541390874}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File
not signed]
FirewallRules: [{6F1510B4-A325-4629-8B7A-BD044D4F5BAE}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{DAA071E2-CD67-424E-A40E-BFDD1A1695CD}] => (Allow) C:\Program
Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox
Corporation.) [File not signed]
FirewallRules: [{D00E239F-C556-4DD9-86EC-AE81B35A87D0}] => (Allow) C:\Program
Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics
CO., LTD. -> )
FirewallRules: [{6E480BE4-A0E9-4C04-83D1-6E0086DCC06F}] => (Allow) C:\Program
Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics
CO., LTD. -> )
==================== Restore Points =========================
20-03-2022 12:03:09 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
26-03-2022 21:47:03 Windows Modules Installer
03-04-2022 05:03:07 Windows Modules Installer
05-04-2022 01:18:36 Removed AniTuner
05-04-2022 01:19:05 Removed Gigantic Launcher
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
System errors:
=============
Windows Defender:
================
Date: 2022-04-04 00:30:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-03 05:21:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-03 00:16:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-04-01 02:09:19
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/OfferCore&threatid=311999&enterprise=0
Name: PUADlManager:Win32/OfferCore
Severity: Low
Category: Potentially Unwanted Software
Path: file:_C:\Users\Elmanuel\Downloads\CheatEngine74.exe;
webfile:_C:\Users\Elmanuel\Downloads\CheatEngine74.exe|https://d1tvmj3dyb0q0v.cloudfront.net/installer/15934534307248459/357770|pid:22368,ProcessStart:132915939315515005;
webfile:_C:\Users\Elmanuel\Downloads\CheatEngine74.exe|https://d1tvmj3dyb0q0v.cloudfront.net/installer/4883649/36724166993864659568|pid:21604,ProcessStart:132915937643550803
Detection Origin: Internet
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.361.1099.0, AS: 1.361.1099.0, NIS:
1.361.1099.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-31 13:35:35
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-04-05 22:19:28
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Microsoft signing level requirements.
Date: 2022-04-05 21:58:35
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Windows signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. P4.20 06/19/2020
Motherboard: ASRock B450 Gaming K4
Processor: AMD Ryzen 5 2600X Six-Core Processor
Percentage of memory in use: 62%
Total physical RAM: 16314 MB
Available physical RAM: 6095.68 MB
Total Virtual: 32186 MB
Available Virtual: 15152.58 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:237.87 GB) (Free:54.79 GB) NTFS
Drive d: (Data) (Fixed) (Total:1863 GB) (Free:516.44 GB) NTFS
\\?\Volume{85f118b6-e9d4-476f-8f5d-da7f0401994c}\ () (Fixed) (Total:0.49 GB)
(Free:0.08 GB) NTFS
\\?\Volume{807d690e-c315-4ecf-9479-ab451ba51596}\ () (Fixed) (Total:0.09 GB)
(Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by Elmanuel (administrator) on ELMANUEL (05-04-2022 22:27:15)
Running from C:\Users\Elmanuel\Desktop
Loaded Profiles: Elmanuel
Platform: Microsoft Windows 10 Pro for Workstations Version 21H2 19044.1620
(X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->)
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer
Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\Razer\Razer Services\Razer
Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program
Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->)
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer
Synapse Service Process.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common
Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(C:\Program Files\LGHUB\lghub.exe ->) (Logitech Inc -> Logitech, Inc.)
C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\LGHUB\lghub_agent.exe ->) (Logitech Inc -> Logitech, Inc.)
C:\Program Files\LGHUB\logi_crashpad_handler.exe <2>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia
Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA
GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia
Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA
Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co.
Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. ->
Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. ->
Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp.
-> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program
Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy\YourPhoneAppProxy.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [File not signed]
C:\Riot Games\Riot Client\RiotClientCrashHandler.exe <2>
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) (Riot Games, Inc. -> Riot
Games, Inc.) C:\Riot Games\Riot Client\UX\RiotClientUx.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) (Riot Games, Inc. -> Riot
Games, Inc.) D:\Games\Riot Games\League of Legends\LeagueClient.exe
(C:\Riot Games\Riot Client\UX\RiotClientUx.exe ->) (Riot Games, Inc. -> Riot
Games, Inc.) C:\Riot Games\Riot Client\UX\RiotClientUxRender.exe <2>
(C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
->) (Skutta, Kristjan -> )
C:\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper32.exe
(C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Software
AS -> Opera Software) C:\Users\Elmanuel\AppData\Local\Programs\Opera
GX\84.0.4316.52\opera_crashreporter.exe
(D:\Games\Riot Games\League of Legends\LeagueClient.exe ->) (Riot Games, Inc. ->
) D:\Games\Riot Games\League of Legends\LeagueCrashHandler.exe
(D:\Games\Riot Games\League of Legends\LeagueClient.exe ->) (Riot Games, Inc. ->
Riot Games, Inc.) D:\Games\Riot Games\League of Legends\LeagueClientUx.exe
(D:\Games\Riot Games\League of Legends\LeagueClientUx.exe ->) (Intel Corporation
-> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(D:\Games\Riot Games\League of Legends\LeagueClientUx.exe ->) (Riot Games, Inc.
-> Riot Games, Inc.) D:\Games\Riot Games\League of
Legends\LeagueClientUxRender.exe <5>
(Discord Inc. -> Discord Inc.)
C:\Users\Elmanuel\AppData\Local\Discord\app-1.0.9004\Discord.exe <6>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program
Files\LGHUB\lghub.exe <4>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files
(x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot
Vanguard\vgtray.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common
Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Spotify AB -> Spotify Ltd)
C:\Users\Elmanuel\AppData\Roaming\Spotify\Spotify.exe <6>
(explorer.exe ->) (Unified Intents AB -> Unified Intents AB) D:\Phone\Unified
Remote 3\RemoteServerWin.exe
(explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files
(x86)\VB\Voicemeeter\voicemeeterpro.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA
Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Software AS -> Opera Software)
C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\opera.exe <32>
(Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot
Client\RiotClientServices.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program
Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files
(x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files
(x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program
Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.GamingServices_3.63.22003.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.GamingServices_3.63.22003.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher ->
Creative Technology Ltd) C:\Windows\SysWOW64\Creative.UWPRPCService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program
Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation)
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\Display.NvContainer\NVDisplay.Container.exe
<2>
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files
(x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer
Chroma SDK\bin\RzChromaStreamServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer
Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer
Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files
(x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files
(x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor)
C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Skutta, Kristjan -> )
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program
Files\Tablet\Wacom\WTabletServicePro.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Microsoft OneDrive\22.055.0313.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Unarchiver) [File not signed]
C:\Users\Elmanuel\AppData\Roaming\Unarchiver\Unarchiver.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe
[857376 2019-01-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe
[3183328 2022-03-12] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop
Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. ->
Oracle Corporation)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams
Installer\Teams.exe [114671912 2021-02-10] (Microsoft Corporation -> Microsoft
Corporation)
HKLM-x32\...\Run: [Genshin Impact_launcher_pcepic_1_0] => [X]
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files
(x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2022-03-28] (Intel
Corporation -> Intel)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [OneDrive] =>
C:\Program Files\Microsoft OneDrive\OneDrive.exe [2623368 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Steam] =>
D:\steam\steam.exe [4279208 2022-03-14] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Battle.net] =>
C:\Program Files (x86)\Battle.net\Battle.net.exe [1079184 2021-06-10] (Blizzard
Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Overwolf] =>
D:\Overwolf\OverwolfLauncher.exe -overwolfsilent (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Spotify] =>
C:\Users\Elmanuel\AppData\Roaming\Spotify\Spotify.exe [20025272 2022-03-19]
(Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Krisp] => "C:\Program
Files\Krisp\Krisp.exe" -s (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Opera GX Browser
Assistant] => C:\Users\Elmanuel\AppData\Local\Programs\Opera
GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS ->
Opera Software)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [com.blitz.app] =>
C:\Users\Elmanuel\AppData\Local\Programs\Blitz\Blitz.exe --autostart (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Unified Remote V3] =>
D:\Phone\Unified Remote 3\RemoteServerWin.exe [3243784 2021-02-22] (Unified
Intents AB -> Unified Intents AB)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [LGHUB] => C:\Program
Files\LGHUB\lghub.exe [139935808 2022-03-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Synapse3] =>
C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer
Synapse 3.exe [3524680 2022-02-28] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Web Companion] =>
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
--minimize (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [SignalRgb] =>
"C:\Users\Elmanuel\AppData\Local\VortxEngine\SignalRgbLauncher.exe" --silent (No
File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Discord] =>
C:\Users\Elmanuel\AppData\Local\Discord\Update.exe [1512616 2022-02-17] (Discord
Inc. -> GitHub)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [ut] =>
C:\Users\Elmanuel\AppData\Roaming\uTorrent\uTorrent.exe [2279720 2021-12-20]
(BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer:
[DisallowRun] 1
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[1] Autoruns.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[2] Autoruns64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[3] Autoruns64a.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[4] autorunsc.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[5] autorunsc64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[6] autorunsc64a.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2:
{1400b6c5-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2:
{1400bf94-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\Control
Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\WPXSCR~1.SCR [261280
2021-11-27] (Skutta, Kristjan -> )
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files
(x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
[3524680 2022-02-28] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Windows x64\Print Processors\sxj2mPC:
C:\Windows\System32\spool\prtprocs\x64\sxj2mpc.dll [43520 2022-04-04] (Microsoft
Windows Hardware Compatibility Publisher -> Windows ® Codename Longhorn DDK
provider)
HKLM\...\Print\Monitors\sxj2m Langmon: C:\Windows\system32\sxj2mlm.dll [34304
2022-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\99.0.4844.84\Installer\chrmstp.exe [2022-03-29]
(Google LLC -> Google LLC)
Startup: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2021-08-20]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files
(x86)\VB\Voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
Startup: C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Изпращане в OneNote.lnk [2021-04-16]
ShortcutTarget: Изпращане в OneNote.lnk -> C:\Program Files\Microsoft
Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft
Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {03192E9C-B7F0-4783-BFD3-347622815292} - System32\Tasks\Adobe Acrobat
Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {16CD6EB8-EA2A-4D8F-8F6B-FA6E6889EE86} - System32\Tasks\Opera GX scheduled
assistant Autoupdate 1615884813 =>
C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\launcher.exe [2406096
2022-03-29] (Opera Software AS -> Opera Software) -> --scheduledautoupdate
--component-name=assistant
--component-path="C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\assistant"
$(Arg0)
Task: {18A43471-AF64-4D58-8EFD-05F09C3115F7} - System32\Tasks\OneDrive
Per-Machine Standalone Update Task => C:\Program Files\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
Task: {1E04BEE1-8E10-452F-B86D-4B8F468298F2} -
System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
Task: {21390ED5-D085-4267-80A7-6A20CD212AF8} - System32\Tasks\PCIeBusQueue =>
"wevtutil.exe" cl System
Task: {223FCFD5-98ED-43BC-8720-5CD820E7CBBB} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B2CDB42-C3AA-448B-ACF3-942126848ED5} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2021-03-06] (Google Inc -> Google
LLC)
Task: {2C711B69-2D39-45FC-851D-2679E4B1C63E} - System32\Tasks\PCIeBus =>
"wevtutil.exe" cl Application
Task: {311EB972-9B3F-4DDF-A232-9DFFE70E5C4F} -
System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832
2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {362ECEC0-912D-4328-99DE-57B015098BF7} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [155432 2021-03-06] (Google Inc -> Google
LLC)
Task: {3D3EC524-E7EC-4EA8-B43D-5C6D4E866918} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832
2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {40C0C7EE-BE3F-4A06-BEC4-14B0825B32CA} - System32\Tasks\NVIDIA GeForce
Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program
Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
[3341000 2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {41EAF56E-33E4-457D-8234-7FFA2BADFF9D} -
System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4102784
2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {45C6029A-40ED-4993-8B66-9CC0A036DBDD} -
System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {5BD6FE18-2484-47BC-94A4-8A8068DFDCFC} -
System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {5F93E7F6-562D-41BF-BE00-880C73DC05FA} -
System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {69238869-0FE4-4AF7-96D3-B68C4FFC3F86} -
System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656440 2022-03-23]
(Nvidia Corporation -> NVIDIA Corporation)
Task: {722B4855-1FF4-4709-BB70-372F9ED5AD80} - System32\Tasks\Overwolf Updater
Task => D:\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Task: {763149F2-F5C7-42F3-8A7B-B39B19B77959} - System32\Tasks\OneDrive Reporting
Task-S-1-5-21-1817627007-317576481-894513035-1001 => C:\Program Files\Microsoft
OneDrive\OneDriveStandaloneUpdater.exe [4200320 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
Task: {7AED4EA9-521D-40DF-9397-8AC8F419C791} -
System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [138680 2022-04-05]
(Microsoft Corporation -> Microsoft Corporation)
Task: {844AED51-95E5-406E-BDBB-1FCE7D2AC6D9} -
System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft
Shared\Office16\operfmon.exe [61336 2022-04-05] (Microsoft Corporation ->
Microsoft Corporation)
Task: {89F8DE12-45EE-4D41-B540-E98572825B87} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {8BFFF176-40F2-468E-B291-5608FFD4846C} -
System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648192
2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A88470F8-621F-499D-A36D-DD746387EFFE} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program
Files\Microsoft Office\root\Office16\msoia.exe [8338896 2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Task: {C427EF0D-D0FB-4D3C-BE0F-DB1D5981EA29} -
System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
=> C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128
2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program
Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f
C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {CA4802A3-9348-4D32-9D81-C5F333D1EF5C} -
System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906872
2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CEC609EA-0EC8-416E-A6EB-80E38FF620DA} - System32\Tasks\Opera scheduled
Autoupdate 1640028758 =>
C:\Users\Elmanuel\AppData\Local\Programs\Opera\launcher.exe
--scheduledautoupdate $(Arg0) (No File)
Task: {D5550323-A0CB-4A2A-B55D-A7C28BA02317} -
System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} =>
C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906872
2022-03-23] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D9D8BFB5-F956-45E3-9101-24D0158274A0} -
System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program
Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft
Shared\Office16\OLicenseHeartbeat.exe [971696 2022-04-05] (Microsoft Corporation
-> Microsoft Corporation)
Task: {DE0830BB-83CF-4B64-AFE9-AB5E25D8F285} - System32\Tasks\ContentManagement
=> C:\Users\Elmanuel\AppData\Roaming\Unarchiver\Unarchiver.exe [275065686
2022-03-23] (Unarchiver) [File not signed] <==== ATTENTION
Task: {E181D5E6-D37C-430B-A22D-4E3BFF244261} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F272605B-5BD6-4587-B457-E96E119131F6} - System32\Tasks\Opera GX scheduled
Autoupdate 1615020787 => C:\Users\Elmanuel\AppData\Local\Programs\Opera
GX\launcher.exe [2406096 2022-03-29] (Opera Software AS -> Opera Software)
Task: {F2CCD71E-EA36-4870-8827-3F3C4BB3E5B6} -
System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program
Files\Microsoft Office\root\Office16\msoia.exe [8338896 2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
Task: {F7BAFCA0-3CB3-4696-832B-062640EFFA0B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128
2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392
2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{18a16ced-6923-4141-87e1-63e435daf535}: [DhcpNameServer]
192.168.0.1 0.0.0.0
Edge:
=======
Edge Profile: C:\Users\Elmanuel\AppData\Local\Microsoft\Edge\User Data\Default
[2022-03-13]
FireFox:
========
FF DefaultProfile: s2tsgoie.default
FF ProfilePath:
C:\Users\Elmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\s2tsgoie.default
[2021-03-06]
FF ProfilePath:
C:\Users\Elmanuel\AppData\Roaming\Mozilla\Firefox\Profiles\9a1orpzb.default-esr
[2021-03-06]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program
Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-03-08] (Oracle
America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program
Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-03-08] (Oracle America, Inc.
-> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program
Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat
DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog
Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File
not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Mozilla
Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-04] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft
Corporation)
FF Plugin HKU\S-1-5-21-1817627007-317576481-894513035-1001:
@lightspark.github.com/Lightspark;version=1 ->
D:\Games\Lightspark\nplightsparkplugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Elmanuel\AppData\Local\Google\Chrome\User Data\Default
[2022-02-25]
CHR DownloadDir: D:\Download
CHR StartupUrls: Default -> "hxxp://www.google.bg/"
CHR NewTab: Default ->
Active:"chrome-extension://gdgpebnfpmghdcdcamhjndilicoajmdb/start/index.html",
Not-active:"chrome-extension://jgliccfghhliahhlickaepbpoodoojil/start/index.html"
CHR Extension: (Slides) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-06]
CHR Extension: (Safe Torrent Scanner) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-02-25]
CHR Extension: (Docs) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-06]
CHR Extension: (Google Drive) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-06]
CHR Extension: (Papas Cupcakeria Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bgafdfbeilmpdipkccdjddlbmnblkldf [2021-03-09]
CHR Extension: (Trocker) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\bjojfeillmmoeadgobbcknkgdkngbcdb [2021-11-03]
CHR Extension: (YouTube) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-06]
CHR Extension: (uBlock Origin) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-02-25]
CHR Extension: (Tampermonkey) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-11-03]
CHR Extension: (User-Agent Switcher for Chrome) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2021-03-09]
CHR Extension: (Dark Mode) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dmghijelimhndkbmpgbldicpogfkceaj [2021-11-03]
CHR Extension: (Sheets) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-06]
CHR Extension: (Naruto VS Sasuke Backgrounds HD New Tab) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gdgpebnfpmghdcdcamhjndilicoajmdb [2021-11-19]
CHR Extension: (Google Docs Offline) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-25]
CHR Extension: (Papas Taco Mia Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gihjealcgeaoldokenminkbebjbjbhjm [2021-03-09]
CHR Extension: (Papa's Freezeria) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hhfgpeehinbpikhdpgheeknfgkkjiecp [2021-03-09]
CHR Extension: (Papas Pastaria Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ipgpdacoallahbdedblioplcgpkkgnig [2021-03-09]
CHR Extension: (Motorcycles - Motocross Dirt Bikes New Tab) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\jgliccfghhliahhlickaepbpoodoojil [2021-03-09]
CHR Extension: (Pocket Legends) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp [2021-03-09]
CHR Extension: (Papas Hot Doggeria Game) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\njkhagialigbhdleagnpehgfnmaebfdh [2021-03-09]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-06]
CHR Extension: (Gmail) - C:\Users\Elmanuel\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-06]
CHR Profile: C:\Users\Elmanuel\AppData\Local\Google\Chrome\User Data\System
Profile [2021-03-09]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
Opera:
=======
OPR Profile: C:\Users\Elmanuel\AppData\Roaming\Opera Software\Opera Stable
[2021-12-20]
OPR Extension: (Rich Hints Agent) - C:\Users\Elmanuel\AppData\Roaming\Opera
Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-12-20]
OPR Extension: (Amazon Assistant Promotion) -
C:\Users\Elmanuel\AppData\Roaming\Opera Software\Opera
Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-20]
StartMenuInternet: (HKU\S-1-5-21-1817627007-317576481-894513035-1001) Opera
GXStable - "C:\Users\Elmanuel\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
[8901960 2022-01-23] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-05] (Microsoft
Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support
Assistant\DSAService.exe [39352 2022-03-28] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support
Assistant\DSAUpdateService.exe [184248 2022-03-28] (Intel Corporation -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [812520
2022-02-22] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online
Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-21] (Epic Games
Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft
OneDrive\22.055.0313.0001\FileSyncHelper.exe [3389824 2022-04-04] (Microsoft
Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG
Galaxy\GalaxyClientService.exe [1990496 2021-09-30] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication;
C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832
2021-09-30] (GOG Sp. z o.o. -> GOG.com)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11099200
2022-03-22] (Logitech Inc -> Logitech, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [11100688 2021-09-07] (INCA Internet
Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe
/Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2021-03-06] (Microsoft
Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft
OneDrive\22.055.0313.0001\OneDriveUpdaterService.exe [3867512 2022-04-04]
(Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe
[2563288 2022-04-01] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files
(x86)\Origin\OriginWebHelperService.exe [3481824 2022-04-01] (Electronic Arts,
Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2021-08-19] (Even Balance,
Inc. -> )
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma
SDK\bin\RzSDKServer.exe [2028568 2022-02-21] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma
SDK\bin\RzSDKService.exe [461336 2021-11-30] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma
SDK\bin\RzChromaStreamServer.exe [1349688 2022-02-21] (Razer USA Ltd. -> Razer
Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer
Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer
Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer
Synapse Service.exe [298056 2022-02-28] (Razer USA Ltd. -> Razer Inc.)
S3 Rockstar Service; D:\Games\Launcher\RockstarService.exe [2017072 2021-12-31]
(Rockstar Games, Inc. -> Rockstar Games)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer
Central\RazerCentralService.exe [533824 2022-02-18] (Razer USA Ltd. -> Razer
Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat
Protection\MsSense.exe [6254864 2022-04-03] (Microsoft Windows Publisher ->
Microsoft Corporation)
S3 ss_conn_launcher_service;
C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09]
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB
Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung
Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB
Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung
Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [14661928
2021-05-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common
Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-23] (Wellbia.com
Co., Ltd. -> Wellbia.com Co., Ltd.)
R2 UWPService; C:\Windows\SysWOW64\Creative.UWPRPCService.exe [357288
2021-01-29] (Microsoft Windows Hardware Compatibility Publisher -> Creative
Technology Ltd)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10401912 2022-03-12] (Riot
Games, Inc. -> Riot Games, Inc.)
R2 Wallpaper Engine Service;
C:\SteamLibrary\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
[129696 2021-12-05] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-15] (Microsoft
Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8737992 2022-01-23]
(PUBG CORPORATION -> PUBG Corporation)
R2 NVDisplay.ContainerLocalSystem;
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\Display.NvContainer\NVDisplay.Container.exe
-s NVDisplay.ContainerLocalSystem -f
%ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d
C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c0e159863e7afdde\Display.NvContainer\plugins\LocalSystem
-r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 OverwolfUpdater; "D:\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08]
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10]
(Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
R3 DroidCamVideo;
C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys
[33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher ->
Windows ® Win 7 DDK provider)
S3 e2esoft_ivcamaudio_simple; C:\Windows\system32\drivers\iVCamAud.sys [255464
2020-11-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R1 gvm; C:\Windows\system32\DRIVERS\gvm.sys [393712 2021-04-02] (Google LLC ->
Google LLC)
S3 HidHide; C:\Windows\System32\drivers\HidHide.sys [61408 2021-04-01]
(Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software
Solutions e.U.)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy
-> Windows ® Win 7 DDK provider)
S3 iriunvid;
C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_1abe69abaf98b7f7\iriunvid.sys
[157568 2021-05-01] (Iriun Oy -> Windows ® Win 7 DDK provider)
S3 iVCam; C:\Windows\system32\DRIVERS\iVCam.sys [1090536 2020-11-02] (Shanghai
Yitu Information Technology Co., Ltd. -> e2eSoft)
R3 logi_audio_surround; C:\Windows\system32\drivers\logi_audio_surround.sys
[44488 2021-11-03] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [33528
2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [21704
2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [62904
2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 MBfilt; C:\Windows\system32\drivers\MBfilt64.sys [43456 2019-05-06]
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552
2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA
Corporation)
R3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer
USA Ltd. -> Razer Inc)
R3 RzDev_0082; C:\Windows\System32\drivers\RzDev_0082.sys [56200 2020-08-24]
(Razer USA Ltd. -> Razer Inc)
R3 RzDev_0083; C:\Windows\System32\drivers\RzDev_0083.sys [54152 2020-08-24]
(Razer USA Ltd. -> Razer Inc)
S3 RzDev_0243; C:\Windows\System32\drivers\RzDev_0243.sys [54152 2020-08-24]
(Razer USA Ltd. -> Razer Inc)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce
James -> Scarlet.Crush Productions)
R2 SignalRgbDriver; C:\Windows\System32\Drivers\SignalRgbDriver.sys [25832
2022-01-10] (WHIRLWIND VIRTUAL REALITIES INC. -> )
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [14224 2022-04-04] (Microsoft
Windows Hardware Compatibility Publisher -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung
Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys
[45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co.,
Ltd.)
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [28128 2020-04-21] (Unified
Intents AB -> Windows ® Win 7 DDK provider)
R3 VBAudioVACMME; C:\Windows\System32\drivers\vbaudio_cable64_win7.sys [41192
2021-08-18] (Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME;
C:\Windows\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2021-08-18]
(Vincent Burel -> Windows ® Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\drivers\vbaudio_vmvaio64_win10.sys
[71712 2021-08-18] (Vincent Burel -> Windows ® Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8508504 2022-03-11] (Riot Games,
Inc. -> Riot Games, Inc.)
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2020-12-14]
(Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software
Solutions e.U.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-03-15]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [439544 2022-03-15]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-15]
(Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-01-23] (Wellbia.com Co., Ltd.
-> Wellbia.com Co., Ltd.)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776
2022-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited
Corporation)
S3 BTMCOM; \SystemRoot\System32\Drivers\btmcom.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-05 22:27 - 2022-04-05 22:27 - 000043885 _____
C:\Users\Elmanuel\Desktop\FRST.txt
2022-04-05 22:27 - 2022-04-05 22:27 - 000000000 ____D C:\FRST
2022-04-05 21:56 - 2022-04-05 21:56 - 002365440 _____ (Farbar)
C:\Users\Elmanuel\Downloads\FRST64.exe
2022-04-05 21:56 - 2022-04-05 21:56 - 002365440 _____ (Farbar)
C:\Users\Elmanuel\Desktop\FRST64.exe
2022-04-04 21:08 - 2022-04-04 21:08 - 000000000 ____D
C:\Users\Elmanuel\AppData\LocalLow\NVIDIA
2022-04-04 21:05 - 2022-04-04 21:05 - 000153237 _____
C:\Users\Elmanuel\Downloads\da.pdf
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ___RD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Printers
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D
C:\Windows\system32\Tasks\Leader Technologies
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Xerox
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Leadertech
2022-04-04 20:58 - 2022-04-04 20:58 - 000000000 ____D C:\Program Files\Common
Files\Common Desktop Agent
2022-04-04 20:58 - 2022-04-04 20:49 - 001786880 ____N (Xerox/Leader
Technologies) C:\Windows\Xreg.exe
2022-04-04 20:57 - 2022-04-04 20:58 - 000000000 ____D C:\Program Files
(x86)\Xerox
2022-04-04 20:57 - 2022-04-04 20:57 - 000000000 ____D C:\ProgramData\Xerox
2022-04-04 20:57 - 2022-04-04 20:48 - 000151552 _____ (SS)
C:\Windows\system32\sxj2mci.exe
2022-04-04 20:57 - 2022-04-04 20:48 - 000089600 _____ (SS)
C:\Windows\system32\sxj2mci.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000034304 _____ ()
C:\Windows\system32\sxj2mlm.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000000359 _____
C:\Windows\system32\sxj2mlm.smt
2022-04-04 20:49 - 2022-04-04 20:49 - 000014224 ____N ()
C:\Windows\system32\Drivers\SSPORT.SYS
2022-04-03 16:31 - 2022-04-04 00:33 - 113770496 _____
C:\Windows\system32\config\SOFTWARE
2022-04-03 16:28 - 2022-04-03 16:31 - 000000000 ____D C:\Windows\Microsoft
Antimalware
2022-04-03 05:12 - 2022-04-03 05:12 - 000001516 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support
Assistant.lnk
2022-04-03 05:12 - 2022-04-03 05:12 - 000000000 ____D C:\ProgramData\Intel
2022-04-03 05:12 - 2022-04-03 05:12 - 000000000 ____D C:\Program Files
(x86)\Intel
2022-04-03 05:11 - 2022-04-03 05:11 - 000048640 _____ (Adobe Systems)
C:\Windows\system32\atmlib.dll
2022-04-03 05:11 - 2022-04-03 05:11 - 000039936 _____ (Adobe Systems)
C:\Windows\SysWOW64\atmlib.dll
2022-04-03 05:11 - 2022-04-03 05:11 - 000011791 _____
C:\Windows\system32\DrtmAuthTxt.wim
2022-04-03 05:10 - 2022-04-03 05:10 - 000162816 _____
C:\Windows\system32\DataStoreCacheDumpTool.exe
2022-04-03 05:09 - 2022-04-03 05:09 - 000000000 ____D
C:\ProgramData\DriverTalent
2022-04-03 05:08 - 2022-04-03 05:11 - 000000000 ____D C:\Program Files
(x86)\OSTotoSoft
2022-04-03 05:08 - 2022-04-03 05:08 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\DriverTalent
2022-04-03 05:03 - 2022-04-03 05:03 - 000000000 ___HD C:\$WinREAgent
2022-04-01 23:31 - 2022-04-01 23:31 - 000803604 _____
C:\Users\Elmanuel\Downloads\razer-id-codes-1648845090471.pdf
2022-04-01 19:01 - 2022-03-17 19:33 - 000047792 _____ (NVIDIA Corporation)
C:\Windows\system32\Drivers\nvhdap64.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001905904 _____
C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001905904 _____
C:\Windows\system32\vulkaninfo.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001478392 _____
C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001478392 _____
C:\Windows\SysWOW64\vulkaninfo.exe
2022-04-01 19:00 - 2022-03-18 08:43 - 001467840 _____ (Khronos Group)
C:\Windows\system32\OpenCL.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001432312 _____
C:\Windows\system32\vulkan-1-999-0-0-0.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001432312 _____
C:\Windows\system32\vulkan-1.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001209400 _____ (Khronos Group)
C:\Windows\SysWOW64\OpenCL.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001145584 _____
C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2022-04-01 19:00 - 2022-03-18 08:43 - 001145584 _____
C:\Windows\SysWOW64\vulkan-1.dll
2022-04-01 19:00 - 2022-03-18 08:40 - 000795704 _____
C:\Windows\system32\nvofapi64.dll
2022-04-01 19:00 - 2022-03-18 08:40 - 000715944 _____ (NVIDIA Corporation)
C:\Windows\system32\nvml.dll
2022-04-01 19:00 - 2022-03-18 08:40 - 000636480 _____
C:\Windows\SysWOW64\nvofapi.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 002121688 _____ (NVIDIA Corporation)
C:\Windows\system32\NvFBC64.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 001600680 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\NvFBC.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 001529936 _____ (NVIDIA Corporation)
C:\Windows\system32\NvIFR64.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 001175696 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\NvIFR.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 000981648 _____ (NVIDIA Corporation)
C:\Windows\system32\nvEncodeAPI64.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 000792208 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvEncodeAPI.dll
2022-04-01 19:00 - 2022-03-18 08:39 - 000712664 _____ (NVIDIA Corporation)
C:\Windows\system32\nvidia-smi.exe
2022-04-01 19:00 - 2022-03-18 08:38 - 008610472 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcuvid.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 007713872 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvcuvid.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 005729752 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcpl.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 005101528 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvcuda.dll
2022-04-01 19:00 - 2022-03-18 08:38 - 000456872 _____ (NVIDIA Corporation)
C:\Windows\system32\nvdebugdump.exe
2022-04-01 19:00 - 2022-03-18 08:36 - 000850088 _____ (NVIDIA Corporation)
C:\Windows\system32\MCU.exe
2022-04-01 19:00 - 2022-03-18 08:35 - 006458872 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvapi.dll
2022-04-01 19:00 - 2022-03-17 19:33 - 000089337 _____
C:\Windows\system32\nvinfo.pb
2022-03-28 20:52 - 2022-03-28 20:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Genshin Impact
2022-03-26 15:52 - 2022-03-26 15:52 - 000233764 _____
C:\Users\Elmanuel\Downloads\Skyrim - Anniversay Edition [FitGirl Repack].torrent
2022-03-26 14:32 - 2022-03-26 14:32 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\FLT
2022-03-26 13:23 - 2022-03-26 15:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\LocalLow\uTorrent
2022-03-23 11:18 - 2022-03-23 11:18 - 000062904 _____ (Logitech)
C:\Windows\system32\Drivers\logi_joy_xlcore.sys
2022-03-23 11:18 - 2022-03-23 11:18 - 000033528 _____ (Logitech)
C:\Windows\system32\Drivers\logi_joy_bus_enum.sys
2022-03-23 11:18 - 2022-03-23 11:18 - 000021704 _____ (Logitech)
C:\Windows\system32\Drivers\logi_joy_vir_hid.sys
2022-03-23 11:18 - 2022-03-23 11:18 - 000000650 _____
C:\Users\Public\Desktop\Logitech G HUB.lnk
2022-03-23 11:18 - 2022-03-23 11:18 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-03-23 11:18 - 2022-03-23 11:18 - 000000000 ____D C:\Program Files\LGHUB
2022-03-23 00:25 - 2022-03-23 00:25 - 000000869 _____
C:\Users\Elmanuel\Desktop\ImmortalsFenyxRising.exe.lnk
2022-03-23 00:25 - 2022-03-23 00:25 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\Immortals Fenyx Rising
2022-03-23 00:25 - 2022-03-23 00:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Goldberg UplayEmu Saves
2022-03-23 00:25 - 2022-03-23 00:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\EMPRESS
2022-03-23 00:24 - 2022-03-23 00:24 - 000003552 _____
C:\Windows\system32\Tasks\ContentManagement
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____
C:\Windows\system32\Tasks\PCIeBusQueue
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____
C:\Windows\system32\Tasks\PCIeBus
2022-03-23 00:24 - 2022-03-23 00:24 - 000000606 _____
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Immortals Fenyx
Rising.lnk
2022-03-23 00:24 - 2022-03-23 00:24 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Unarchiver
2022-03-22 21:13 - 2022-03-22 21:13 - 000000627 _____
C:\Users\Public\Desktop\Yakuza 6 - The Song of Life.lnk
2022-03-22 18:39 - 2022-03-26 17:08 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Skyrim Special Edition
2022-03-20 12:03 - 2022-03-20 12:03 - 000001772 _____
C:\Users\Public\Desktop\Project Zomboid.lnk
2022-03-20 12:03 - 2022-03-20 12:03 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Zomboid [GOG.com]
2022-03-20 11:55 - 2022-03-20 11:55 - 000000000 ____D C:\GOG Games
2022-03-20 11:31 - 2022-03-27 01:40 - 000000000 ____D C:\Users\Elmanuel\Zomboid
2022-03-19 13:49 - 2022-03-19 13:49 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Sifu
2022-03-13 22:44 - 2022-03-13 22:45 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\User Data
2022-03-13 22:44 - 2022-03-13 22:44 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\nwjs
2022-03-13 22:38 - 2022-03-13 22:38 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\gpc_storage
2022-03-13 22:38 - 2022-03-13 22:38 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\game_patches
2022-03-13 00:32 - 2022-04-05 01:18 - 000000000 ____D C:\Program Files\Cheat
Engine 7.4
2022-03-13 00:32 - 2022-03-13 00:32 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\My Cheat Tables
2022-03-11 15:58 - 2022-03-11 15:58 - 002260992 _____
C:\Windows\system32\TextInputMethodFormatter.dll
2022-03-11 15:58 - 2022-03-11 15:58 - 002254336 _____
C:\Windows\system32\dwmscene.dll
2022-03-11 15:58 - 2022-03-11 15:58 - 000272896 _____
C:\Windows\system32\TpmTool.exe
2022-03-11 15:58 - 2022-03-11 15:58 - 000223744 _____
C:\Windows\SysWOW64\TpmTool.exe
2022-03-11 15:58 - 2022-03-11 15:58 - 000195584 _____
C:\Windows\system32\uwfcfgmgmt.dll
2022-03-10 16:02 - 2022-03-10 16:04 - 191226758 _____
C:\Users\Elmanuel\Downloads\TheDailyLaws366MeditationsonPowerSeductionMasteryStrategyandHumanNature_ep5.aax
2022-03-10 15:53 - 2022-03-10 15:57 - 339963303 _____
C:\Users\Elmanuel\Downloads\48LawsofPower_ep5.aax
2022-03-09 22:29 - 2022-03-09 22:29 - 003682788 _____
C:\Users\Elmanuel\Downloads\VgFSwJS - Imgur.mp4
2022-03-08 21:44 - 2022-04-05 21:51 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Discord
2022-03-06 15:08 - 2022-03-06 15:08 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RazerCentral
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-05 22:28 - 2021-03-06 11:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\discord
2022-04-05 22:18 - 2021-03-07 18:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Spotify
2022-04-05 21:59 - 2021-03-07 18:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Spotify
2022-04-05 21:58 - 2021-06-02 00:25 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\WTablet
2022-04-05 21:58 - 2021-04-16 09:47 - 000000000 ____D C:\Program Files\Microsoft
Office
2022-04-05 21:57 - 2021-03-07 18:19 - 000000000 ____D C:\ProgramData\NVIDIA
2022-04-05 21:54 - 2021-03-06 01:28 - 000000000 ____D C:\Program Files
(x86)\Google
2022-04-05 21:51 - 2021-08-09 18:00 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\LGHUB
2022-04-05 21:51 - 2021-08-09 18:00 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\LGHUB
2022-04-05 21:51 - 2021-03-07 18:23 - 000000000 ____D C:\ProgramData\Riot Games
2022-04-05 21:51 - 2021-03-06 01:02 - 000000000 ___RD C:\Users\Elmanuel\OneDrive
2022-04-05 01:50 - 2021-08-18 22:20 - 000038066 _____
C:\Users\Elmanuel\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-04-05 01:50 - 2019-12-07 12:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-04-05 01:25 - 2021-06-01 21:32 - 000000000 ____D C:\ProgramData\Unified
Remote
2022-04-05 01:19 - 2021-06-16 03:43 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\e2eSoft
2022-04-05 01:19 - 2021-03-07 17:59 - 000000000 ____D C:\SteamLibrary
2022-04-05 01:19 - 2021-03-06 01:19 - 000000000 ___HD C:\Program Files
(x86)\InstallShield Installation Information
2022-04-05 01:18 - 2021-03-20 18:37 - 000000000 ____D
C:\Users\Elmanuel\Desktop\Dumping folder
2022-04-05 00:42 - 2021-03-07 18:38 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\CrashDumps
2022-04-04 21:50 - 2021-12-11 20:04 - 000003588 _____
C:\Windows\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-1817627007-317576481-894513035-1001
2022-04-04 21:50 - 2021-09-09 22:52 - 000000000 ____D C:\Program Files\Microsoft
OneDrive
2022-04-04 21:50 - 2021-03-18 11:06 - 000003194 _____
C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-04-04 21:50 - 2021-03-18 11:06 - 000002138 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-04-04 20:57 - 2019-12-07 12:13 - 000000000 ____D C:\Windows\INF
2022-04-04 20:36 - 2020-09-27 17:33 - 000000000 ____D
C:\Windows\system32\SleepStudy
2022-04-04 00:41 - 2021-03-06 00:32 - 000840838 _____
C:\Windows\system32\PerfStringBackup.INI
2022-04-04 00:37 - 2021-03-08 00:31 - 000000001 _____
C:\Windows\vgkbootstatus.dat
2022-04-04 00:34 - 2021-05-30 23:10 - 000000000 ____D C:\Program
Files\TeamViewer
2022-04-04 00:34 - 2020-09-27 17:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-04-04 00:34 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\ServiceState
2022-04-04 00:33 - 2019-12-07 12:03 - 000786432 _____
C:\Windows\system32\config\BBI
2022-04-03 16:36 - 2020-09-27 17:36 - 000002444 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-04-03 16:36 - 2019-12-07 12:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-04-03 16:36 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\AppReadiness
2022-04-03 07:38 - 2021-05-02 02:14 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Origin
2022-04-03 07:38 - 2021-03-08 22:10 - 000000000 ____D C:\ProgramData\Origin
2022-04-03 06:30 - 2021-05-02 02:14 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Origin
2022-04-03 05:31 - 2020-09-27 17:33 - 000446776 _____
C:\Windows\system32\FNTCACHE.DAT
2022-04-03 05:27 - 2019-12-07 12:54 - 000000000 ____D C:\Program Files\Windows
Defender Advanced Threat Protection
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ___RD
C:\Windows\ImmersiveControlPanel
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\SystemResources
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\oobe
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\Dism
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\ShellExperiences
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\Provisioning
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\PolicyDefinitions
2022-04-03 05:27 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\bcastdvr
2022-04-03 05:13 - 2021-03-06 01:57 - 000000000 ____D C:\ProgramData\Package
Cache
2022-04-03 05:13 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\CbsTemp
2022-04-01 23:26 - 2021-05-02 02:14 - 000000000 ____D C:\Program Files
(x86)\Origin
2022-04-01 19:02 - 2021-03-06 01:58 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\NVIDIA
2022-04-01 18:58 - 2021-03-07 19:26 - 000004308 _____
C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003976 _____
C:\Windows\system32\Tasks\NVIDIA GeForce Experience
SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003940 _____
C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003894 _____
C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003858 _____
C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000003654 _____
C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-04-01 18:58 - 2021-03-07 19:26 - 000000000 ____D C:\Program Files
(x86)\NVIDIA Corporation
2022-04-01 18:58 - 2021-03-06 00:32 - 000000000 ____D C:\ProgramData\NVIDIA
Corporation
2022-04-01 18:58 - 2021-03-06 00:32 - 000000000 ____D C:\Program Files\NVIDIA
Corporation
2022-03-31 13:33 - 2021-11-28 13:21 - 000000000 ____D C:\Program Files\Genshin
Impact
2022-03-31 13:13 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\LiveKernelReports
2022-03-29 22:39 - 2021-03-06 01:28 - 000002307 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-29 22:38 - 2021-03-06 11:53 - 000004200 _____
C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1615020787
2022-03-29 22:38 - 2021-03-06 11:53 - 000001449 _____
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX
Browser.lnk
2022-03-29 17:51 - 2021-03-06 01:00 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\Packages
2022-03-28 23:16 - 2021-08-18 22:00 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\Voicemeeter
2022-03-28 20:51 - 2021-09-13 23:34 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\miHoYo
2022-03-26 19:24 - 2021-03-06 01:57 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\D3DSCache
2022-03-26 16:28 - 2021-03-06 01:45 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\uTorrent
2022-03-26 14:32 - 2021-03-08 00:35 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\UnrealEngine
2022-03-24 11:55 - 2021-12-18 17:23 - 002258408 _____ (Microsoft Corporation)
C:\Windows\system32\xgameruntime.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000337384 _____ (Microsoft Corporation)
C:\Windows\system32\gameplatformservices.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000218600 _____ (Microsoft Corporation)
C:\Windows\system32\gamingservicesproxy.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000198120 _____ (Microsoft Corporation)
C:\Windows\system32\gameconfighelper.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000131072 _____ (Microsoft Corporation)
C:\Windows\system32\gamingtcuihelpers.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000120296 _____ (Microsoft Corporation)
C:\Windows\system32\gamelaunchhelper.dll
2022-03-24 11:55 - 2021-12-18 17:23 - 000062952 _____ (Microsoft Corporation)
C:\Windows\system32\gamemodcontrol.exe
2022-03-23 12:58 - 2021-11-11 10:45 - 000004562 _____
C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-03-23 12:58 - 2021-11-11 10:45 - 000002079 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-03-23 11:18 - 2021-03-06 11:53 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\ElevatedDiagnostics
2022-03-23 07:16 - 2021-03-07 19:26 - 002859128 _____ (NVIDIA Corporation)
C:\Windows\system32\nvspcap64.dll
2022-03-23 07:16 - 2021-03-07 19:26 - 002199760 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvspcap.dll
2022-03-23 07:16 - 2021-03-07 19:26 - 001294024 _____ (NVIDIA Corporation)
C:\Windows\system32\NvRtmpStreamer64.dll
2022-03-22 19:45 - 2021-03-07 20:24 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\.minecraft
2022-03-22 19:43 - 2021-03-07 20:26 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\.tlauncher
2022-03-22 18:39 - 2021-03-12 22:20 - 000000000 ____D
C:\Users\Elmanuel\OneDrive\Documents\My Games
2022-03-22 01:56 - 2021-03-07 19:26 - 000168656 _____ (NVIDIA Corporation)
C:\Windows\system32\nvaudcap64v.dll
2022-03-22 01:56 - 2021-03-07 19:26 - 000144592 _____ (NVIDIA Corporation)
C:\Windows\SysWOW64\nvaudcap32v.dll
2022-03-21 14:16 - 2021-03-07 19:26 - 000082552 _____
C:\Windows\system32\FvSDK_x64.dll
2022-03-21 14:16 - 2021-03-07 19:26 - 000071288 _____
C:\Windows\SysWOW64\FvSDK_x86.dll
2022-03-20 11:31 - 2021-03-06 01:00 - 000000000 ____D C:\Users\Elmanuel
2022-03-18 08:38 - 2021-10-12 22:31 - 002931856 _____ (NVIDIA Corporation)
C:\Windows\system32\nvcuda.dll
2022-03-18 08:35 - 2021-03-06 00:32 - 007611808 _____ (NVIDIA Corporation)
C:\Windows\system32\nvapi64.dll
2022-03-17 19:33 - 2021-03-06 00:32 - 000134832 _____ (NVIDIA Corporation)
C:\Windows\system32\Drivers\nvhda64v.sys
2022-03-15 00:15 - 2020-09-27 17:34 - 000000000 ____D
C:\Windows\system32\Drivers\wd
2022-03-15 00:04 - 2021-10-10 01:26 - 000000000 ____D C:\Program Files\Riot
Vanguard
2022-03-11 16:02 - 2019-12-07 12:54 - 000000000 ___SD C:\Windows\system32\AppV
2022-03-11 16:02 - 2019-12-07 12:14 - 000000000 ____D
C:\Windows\system32\WinBioPlugIns
2022-03-11 16:02 - 2019-12-07 12:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-03-11 16:02 - 2019-12-07 12:03 - 000000000 ____D C:\Windows\servicing
2022-03-11 16:00 - 2021-03-06 02:54 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2022-03-11 15:58 - 2020-09-27 17:36 - 002877952 _____ (Microsoft Corporation)
C:\Windows\SysWOW64\PrintConfig.dll
2022-03-11 15:53 - 2021-03-06 02:44 - 000000000 ____D C:\Windows\system32\MRT
2022-03-11 15:51 - 2021-03-06 02:44 - 145666720 ____C (Microsoft Corporation)
C:\Windows\system32\MRT.exe
2022-03-10 15:45 - 2020-09-27 17:36 - 000003590 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-10 15:45 - 2020-09-27 17:36 - 000003466 _____
C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-08 21:44 - 2021-04-02 21:16 - 000002250 _____
C:\Users\Elmanuel\Desktop\Discord.lnk
2022-03-08 21:44 - 2021-03-06 11:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord
Inc
2022-03-08 21:44 - 2021-03-06 11:52 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\SquirrelTemp
2022-03-08 21:43 - 2022-02-25 11:14 - 000000000 ____D
C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra
2022-03-06 15:10 - 2021-03-06 12:01 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2022-03-06 15:08 - 2021-03-06 12:00 - 000000000 ____D C:\Program Files
(x86)\Razer Chroma SDK
==================== Files in the root of some directories ========
2021-11-11 21:49 - 2021-11-11 21:49 - 000001298 _____ ()
C:\Users\Elmanuel\listing.exe
2021-08-18 22:20 - 2022-04-05 01:50 - 000038066 _____ ()
C:\Users\Elmanuel\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-02-07 23:57 - 2022-02-07 23:57 - 000000218 _____ ()
C:\Users\Elmanuel\AppData\Local\recently-used.xbel
2021-03-07 18:18 - 2022-02-13 18:09 - 000007607 _____ ()
C:\Users\Elmanuel\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
thats all that i could see and copy
* Back to top
--------------------------------------------------------------------------------
#6 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,722 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:40 AM
Posted Yesterday, 06:36 PM
Thank you for providing the additional information.
Your computer is infected. Please consider and do this.
===================================================
Peer to Peer (P2P) Warning
--------------------
Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s)
installed. It is pretty much certain that if you continue to use P2P programs,
you will get infected again.
* Avoid gaming sites, pirated software, cracking tools, keygens, and
peer-to-peer (P2P) file sharing programs.
* They are a security risk which can make your computer susceptible to a
smörgåsbord of malware infections, remote attacks, exposure of personal
information, and identity theft. Many malicious worms and Trojans spread
across P2P file sharing networks, gaming and underground sites.
* Users visiting such pages may see innocuous-looking banner ads containing
code which can trigger pop-up ads and malicious Flash ads that install
viruses, Trojans and spyware. Ads are a target for hackers because they offer
a stealthy way to distribute malware to a wide range of Internet users.
* The best way to reduce the risk of infection is to avoid these types of web
sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice
is up to you. If you choose to remove the program, you can do so via Start >
Control Panel > Add/Remove Programs.
If you are still leaning toward using this program, please take a look at this
information about CryptoLocker Ransomware, a type of Ransomware which can be
delivered via P2P file transfers. The newest variation of Ransomware can make it
impossible to recover the files this malicious software encrypts. In other
words, you will probably lose most if not all of your valuable information,
including pictures. In addition it has recently been reported that P2P downloads
may be tracked resulting in your IP address being monitored by copyright
authorities.
If you wish to keep it, please do not use it until we are completely done and
your machine is determined to be clean and updated.
===================================================
Malwarebytes AdwCleaner
-------------------
* Please download AdwCleaner and save it to your Desktop
* Close all open programs and browsers
* Right click on the icon and select Run as administrator
* Click Scan now
* Allow the program to Quarantine what it finds except for Pre-installed
applications if you would like to keep those or other entries you would like
to keep
* When completed click View Scan Log File
* Copy and paste the contents in your reply
* Click Skip Basic Repair if it appears then close the program
===================================================
Farbar Recovery Scan Tool Fix
--------------------
* Right click on the FRST icon and select Run as administrator
* Highlight the below information then hit the Ctrl + C keys at the same time
and the text will be copied
* There is no need to paste the information anywhere, FRST will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Genshin Impact_launcher_pcepic_1_0] => [X]
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Overwolf] => D:\Overwolf\OverwolfLauncher.exe -overwolfsilent (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Krisp] => "C:\Program Files\Krisp\Krisp.exe" -s (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [com.blitz.app] => C:\Users\Elmanuel\AppData\Local\Programs\Blitz\Blitz.exe --autostart (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [SignalRgb] => "C:\Users\Elmanuel\AppData\Local\VortxEngine\SignalRgbLauncher.exe" --silent (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2: {1400b6c5-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2: {1400bf94-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun: [1] Autoruns.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun: [2] Autoruns64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun: [3] Autoruns64a.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun: [4] autorunsc.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun: [5] autorunsc64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun: [6] autorunsc64a.exe
Task: {722B4855-1FF4-4709-BB70-372F9ED5AD80} - System32\Tasks\Overwolf Updater Task => D:\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Task: {CEC609EA-0EC8-416E-A6EB-80E38FF620DA} - System32\Tasks\Opera scheduled Autoupdate 1640028758 => C:\Users\Elmanuel\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {DE0830BB-83CF-4B64-AFE9-AB5E25D8F285} - System32\Tasks\ContentManagement => C:\Users\Elmanuel\AppData\Roaming\Unarchiver\Unarchiver.exe [275065686 2022-03-23] (Unarchiver) [File not signed]
S3 OverwolfUpdater; "D:\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
S3 BTMCOM; \SystemRoot\System32\Drivers\btmcom.sys [X]
2022-04-04 20:57 - 2022-04-04 20:48 - 000151552 _____ (SS) C:\Windows\system32\sxj2mci.exe
2022-04-04 20:57 - 2022-04-04 20:48 - 000089600 _____ (SS) C:\Windows\system32\sxj2mci.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000034304 _____ () C:\Windows\system32\sxj2mlm.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000000359 _____ C:\Windows\system32\sxj2mlm.smt
C:\Users\Elmanuel\AppData\Roaming\Unarchiver
2022-03-23 00:24 - 2022-03-23 00:24 - 000003552 _____ C:\Windows\system32\Tasks\ContentManagement
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____ C:\Windows\system32\Tasks\PCIeBusQueue
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____ C:\Windows\system32\Tasks\PCIeBus
2022-03-23 00:24 - 2022-03-23 00:24 - 000000606 _____ C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Immortals Fenyx Rising.lnk
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk:27CED3D9D4 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk:09A0A90EF3 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lovense Connect.lnk:9CAB585B4D [10]
AlternateDataStreams: C:\Users\Elmanuel\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Elmanuel\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7974]
Folder: C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra
File: C:\Users\Elmanuel\listing.exe
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /list /allusers
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd: bitsadmin /list /allusers
cmd: ipconfig /flushdns
Removeproxy:
Emptytemp:
End::
* Click Fix
* When completed the tool will create a log on the desktop called Fixlog.txt.
Please copy and paste the contents of the file in your reply.
* Note: This step resets your Firewall settings and you may be asked later to
grant permission for legitimate programs to pass through the Firewall. If you
recognize the program agree to the request.
* Note: The Emptytemp: command will remove cookies and may result in some
websites (like banking) indicating they do not recognize your computer. It
may be necessary to receive and apply a verification code.
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
any requested log information unless you are asked to attach it.
* AdwCleaner log
* Fixlog
* Update on computer performance
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#7 RYUQI
RyuQi
* Topic Starter
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted Yesterday, 07:02 PM
so heres the log files from Malwarebytes AdwCleaner
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-06-2022
# Duration: 00:00:01
# OS: Windows 10 Pro for Workstations
# Cleaned: 13
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\Program Files (x86)\OSTotoSoft
Deleted C:\ProgramData\DRIVERTALENT
Deleted C:\Users\Elmanuel\AppData\Roaming\DRIVERTALENT
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web
Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\OSTotoSoft
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\OSTotoSoft
Deleted HKLM\Software\Wow6432Node\\MICROSOFT\INTERNET
EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|DRIVERTALENT.EXE
***** [ Chromium (and derivatives) ] *****
Deleted gafhhbahpojnjfhpepjjfjojbphnogmn
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2454 octets] - [06/04/2022 02:54:19]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
* Back to top
--------------------------------------------------------------------------------
#8 RYUQI
RyuQi
* Topic Starter
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted Yesterday, 07:10 PM
And heres the fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by Elmanuel (06-04-2022 03:04:04) Run:1
Running from C:\Users\Elmanuel\Desktop
Loaded Profiles: Elmanuel
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Genshin Impact_launcher_pcepic_1_0] => [X]
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Overwolf] =>
D:\Overwolf\OverwolfLauncher.exe -overwolfsilent (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Krisp] => "C:\Program
Files\Krisp\Krisp.exe" -s (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [com.blitz.app] =>
C:\Users\Elmanuel\AppData\Local\Programs\Blitz\Blitz.exe --autostart (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [Web Companion] =>
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
--minimize (No File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Run: [SignalRgb] =>
"C:\Users\Elmanuel\AppData\Local\VortxEngine\SignalRgbLauncher.exe" --silent (No
File)
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2:
{1400b6c5-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\MountPoints2:
{1400bf94-7e00-11eb-9246-a8a159437d6e} - "V:\Autoplay.exe" -auto
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer:
[DisallowRun] 1
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[1] Autoruns.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[2] Autoruns64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[3] Autoruns64a.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[4] autorunsc.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[5] autorunsc64.exe
HKU\S-1-5-21-1817627007-317576481-894513035-1001\...\Policies\Explorer\DisallowRun:
[6] autorunsc64a.exe
Task: {722B4855-1FF4-4709-BB70-372F9ED5AD80} - System32\Tasks\Overwolf Updater
Task => D:\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (No File)
Task: {CEC609EA-0EC8-416E-A6EB-80E38FF620DA} - System32\Tasks\Opera scheduled
Autoupdate 1640028758 =>
C:\Users\Elmanuel\AppData\Local\Programs\Opera\launcher.exe
--scheduledautoupdate $(Arg0) (No File)
Task: {DE0830BB-83CF-4B64-AFE9-AB5E25D8F285} - System32\Tasks\ContentManagement
=> C:\Users\Elmanuel\AppData\Roaming\Unarchiver\Unarchiver.exe [275065686
2022-03-23] (Unarchiver) [File not signed]
S3 OverwolfUpdater; "D:\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
S3 BTMCOM; \SystemRoot\System32\Drivers\btmcom.sys [X]
2022-04-04 20:57 - 2022-04-04 20:48 - 000151552 _____ (SS)
C:\Windows\system32\sxj2mci.exe
2022-04-04 20:57 - 2022-04-04 20:48 - 000089600 _____ (SS)
C:\Windows\system32\sxj2mci.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000034304 _____ ()
C:\Windows\system32\sxj2mlm.dll
2022-04-04 20:57 - 2022-04-04 20:48 - 000000359 _____
C:\Windows\system32\sxj2mlm.smt
C:\Users\Elmanuel\AppData\Roaming\Unarchiver
2022-03-23 00:24 - 2022-03-23 00:24 - 000003552 _____
C:\Windows\system32\Tasks\ContentManagement
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____
C:\Windows\system32\Tasks\PCIeBusQueue
2022-03-23 00:24 - 2022-03-23 00:24 - 000003212 _____
C:\Windows\system32\Tasks\PCIeBus
2022-03-23 00:24 - 2022-03-23 00:24 - 000000606 _____
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Immortals Fenyx
Rising.lnk
ShellIconOverlayIdentifiers: [ MEGA (Pending)] ->
{056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] ->
{05B38830-F4E9-4329-978B-1DD28605D202} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] ->
{0596C850-7BDD-4C9D-AFDF-873BE6890637} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
=> D:\Notepad++\NppShell_06.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] ->
{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>
C:\Users\Elmanuel\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
AlternateDataStreams: C:\ProgramData\droidcam-client-options-v2:8329C6407A [10]
AlternateDataStreams: C:\ProgramData\droidcam-settings:3FFAD04353 [10]
AlternateDataStreams: C:\ProgramData\droidcam.log:ADD74D6E12 [10]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\desktop.ini:B1DA6C571C [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\µTorrent.lnk:27CED3D9D4 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Access.lnk:A1B76439FE [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Audacity.lnk:09A0A90EF3 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic
Games Launcher.lnk:BE32D07BC5 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Excel.lnk:B96E9B8455 [10]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Lovense Connect.lnk:9CAB585B4D [10]
AlternateDataStreams: C:\Users\Elmanuel\Application
Data:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams:
C:\Users\Elmanuel\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7974]
Folder: C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra
File: C:\Users\Elmanuel\listing.exe
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /list /allusers
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db
C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd: bitsadmin /list /allusers
cmd: ipconfig /flushdns
Removeproxy:
Emptytemp:
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Genshin
Impact_launcher_pcepic_1_0" => removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Overwolf"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Krisp"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\com.blitz.app"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web
Companion" => not found
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SignalRgb"
=> removed successfully
HKU\S-1-5-21-1817627007-317576481-894513035-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1400b6c5-7e00-11eb-9246-a8a159437d6e}
=> removed successfully
HKU\S-1-5-21-1817627007-317576481-894513035-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1400bf94-7e00-11eb-9246-a8a159437d6e}
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\1"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\2"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\3"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\4"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\5"
=> removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\\6"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{722B4855-1FF4-4709-BB70-372F9ED5AD80}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{722B4855-1FF4-4709-BB70-372F9ED5AD80}"
=> removed successfully
C:\Windows\System32\Tasks\Overwolf Updater Task => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => removed
successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Logon\{CEC609EA-0EC8-416E-A6EB-80E38FF620DA}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEC609EA-0EC8-416E-A6EB-80E38FF620DA}"
=> removed successfully
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1640028758 => moved
successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera
scheduled Autoupdate 1640028758" => removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{DE0830BB-83CF-4B64-AFE9-AB5E25D8F285}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE0830BB-83CF-4B64-AFE9-AB5E25D8F285}"
=> removed successfully
C:\Windows\System32\Tasks\ContentManagement => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\ContentManagement" => removed
successfully
HKLM\System\CurrentControlSet\Services\OverwolfUpdater => removed successfully
OverwolfUpdater => service removed successfully
HKLM\System\CurrentControlSet\Services\BTMCOM => removed successfully
BTMCOM => service removed successfully
C:\Windows\system32\sxj2mci.exe => moved successfully
C:\Windows\system32\sxj2mci.dll => moved successfully
C:\Windows\system32\sxj2mlm.dll => moved successfully
C:\Windows\system32\sxj2mlm.smt => moved successfully
C:\Users\Elmanuel\AppData\Roaming\Unarchiver => moved successfully
"C:\Windows\system32\Tasks\ContentManagement" => not found
C:\Windows\system32\Tasks\PCIeBusQueue => moved successfully
C:\Windows\system32\Tasks\PCIeBus => moved successfully
C:\Users\Elmanuel\AppData\Roaming\Microsoft\Windows\Start Menu\Immortals Fenyx
Rising.lnk => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed
successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed
successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed
successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed
successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => removed
successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) =>
removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed
successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) =>
removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA
(Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)
=> removed successfully
C:\ProgramData\droidcam-client-options-v2 => ":8329C6407A" ADS removed
successfully
C:\ProgramData\droidcam-settings => ":3FFAD04353" ADS removed successfully
C:\ProgramData\droidcam.log => ":ADD74D6E12" ADS removed successfully
C:\ProgramData\mntemp => ":8EAD8B3507" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini => ":B1DA6C571C" ADS
removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk => ":27CED3D9D4" ADS
removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk => ":A1B76439FE"
ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk =>
":09A0A90EF3" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk =>
":BE32D07BC5" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk => ":B96E9B8455"
ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lovense Connect.lnk =>
":9CAB585B4D" ADS removed successfully
C:\Users\Elmanuel\Application Data => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS
removed successfully
"C:\Users\Elmanuel\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS
not found.
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
========================= Folder:
C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra ========================
2022-02-25 11:14 - 2022-02-17 09:51 - 001512616 ____N
[CC55E93E18B3B5501AC3BA55903A9BC8] (GitHub)
C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra\Update.exe
====== End of Folder: ======
========================= File: C:\Users\Elmanuel\listing.exe
========================
C:\Users\Elmanuel\listing.exe
File not signed
MD5: 2CDC425D189DD4CBAE0911174E9D37FC
Creation and modification date: 2021-11-11 21:49 - 2021-11-11 21:49
Size: 000001298
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: 0
====== End of File: ======
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset C:\resettcpip.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= bitsadmin /list /allusers =========
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
{6EABD6F0-E7EC-491A-A2D0-A6B7BA9EF0A1} 'SpeechModelDownloadJob' ERROR 0 / 1 0 /
UNKNOWN
Listed 1 job(s).
========= End of CMD: =========
========= net stop bits =========
The Background Intelligent Transfer Service service is stopping..
The Background Intelligent Transfer Service service was stopped successfully.
========= End of CMD: =========
"C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db" moved successfully to
C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
========= net start bits =========
The Background Intelligent Transfer Service service is starting.
The Background Intelligent Transfer Service service was started successfully.
========= End of CMD: =========
========= bitsadmin /list /allusers =========
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
Listed 0 job(s).
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1817627007-317576481-894513035-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 432625473
B
Java, Flash, Steam htmlcache => 444606069 B
Windows/system/drivers => 102995836 B
Edge => 0 B
Chrome => 111166095 B
Firefox => 15975962 B
Opera => 13155523 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 52935618 B
systemprofile32 => 53599596 B
LocalService => 53599596 B
NetworkService => 54391774 B
Elmanuel => 558917724 B
RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 03:06:52 ====
im gonna go run games for a bit to see if the ram spikes i will update you on
the performance in about 30/40 minutes thanks for your time )
* Back to top
--------------------------------------------------------------------------------
#9 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,722 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:40 AM
Posted Yesterday, 07:20 PM
Test it out but I would also like to remove 2 more entries.
===================================================
Farbar Recovery Scan Tool Fix
--------------------
* Right click on the FRST icon and select Run as administrator
* Highlight the below information then hit the Ctrl + C keys at the same time
and the text will be copied
* There is no need to paste the information anywhere, FRST will do it for you
Start::
C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra
C:\Users\Elmanuel\listing.exe
End::
* Click Fix
* When completed the tool will create a log on the desktop called Fixlog.txt.
Please copy and paste the contents of the file in your reply.
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
any requested log information unless you are asked to attach it.
* Fixlog
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#10 RYUQI
RyuQi
* Topic Starter
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted Yesterday, 07:32 PM
so far my ram hasnt spiked while playing the same game that i played when i
texted about the problem which is great and i thank you sincerely for the help
and heres the fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by Elmanuel (06-04-2022 03:31:46) Run:3
Running from C:\Users\Elmanuel\Desktop
Loaded Profiles: Elmanuel
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra
C:\Users\Elmanuel\listing.exe
*****************
"C:\Users\Elmanuel\AppData\Local\tmpizz5kous.pra" => not found
"C:\Users\Elmanuel\listing.exe" => not found
==== End of Fixlog 03:31:46 ====
* Back to top
--------------------------------------------------------------------------------
#11 RYUQI
RyuQi
* Topic Starter
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted Yesterday, 08:03 PM
i hope that is all that i have to do and i wish you a great day thank you so
much for the help i really appreciate it ^^
* Back to top
--------------------------------------------------------------------------------
#12 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,722 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:05:40 AM
Posted Yesterday, 08:11 PM
That is good to hear. I would like to run one more scan.
Please do this.
===================================================
ESET Online Scanner
--------------------
Note: You can expect this process to take a long time, up to several hours or
more.
* Download ESET Free Online Scanner and save it to your Desktop
* Right click on esetonlinescanner_enu.exe and select Run as administrator
* Click Computer Scan
* Click Full scan
* Select Enable ESET to detect and quarantine potentially unwanted applications
* Click Start scan
* Once completed click Save scan log and save it to your Desktop as
ESETScan.txt
* Click Continue then finally click Close
* Copy and paste the ESETScan.txt file contents in your reply
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
any requested log information unless you are asked to attach it.
* ESET report
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#13 RYUQI
RyuQi
* Topic Starter
*
* Members
* 8 posts
* OFFLINE
* Local time:03:40 PM
Posted Today, 02:04 AM
Hi again here are the scan log files from the eset program
6.4.2022 г. 10:02:46
Files scanned: 1191605
Detected files: 12
Cleaned files: 12
Total scan time 02:53:40
Scan status: Finished
C:\FRST\Quarantine\C\Users\Elmanuel\AppData\Roaming\Unarchiver\Unarchiver.exe a
variant of Win64/Packed.Themida.IY trojan cleaned by deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD6FEE.tmp.1649208363\HTA\scripts\install.js
Win32/OpenCandy.J potentially unsafe application cleaned by deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD6FEE.tmp.1649208363\HTA\scripts\uninstall.js
Win32/OpenCandy.J potentially unsafe application cleaned by deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD6FEE.tmp.1649208363\HTA\shell_scripts\shell_install_offer.js
Win32/OpenCandy.J potentially unsafe application cleaned by deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD6FEE.tmp.1649208363_permissionsCopy\updates\3.5.5_46090.exe
a variant of Win32/uTorrent.E potentially unwanted application cleaned by
deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD6FEE.tmp.1649208363_permissionsCopy\uTorrent.exe
a variant of Win32/uTorrent.E potentially unwanted application cleaned by
deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD7935.tmp.1649208366\HTA\scripts\install.js
Win32/OpenCandy.J potentially unsafe application cleaned by deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD7935.tmp.1649208366\HTA\scripts\uninstall.js
Win32/OpenCandy.J potentially unsafe application cleaned by deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD7935.tmp.1649208366\HTA\shell_scripts\shell_install_offer.js
Win32/OpenCandy.J potentially unsafe application cleaned by deleting
C:\Users\Elmanuel\AppData\Local\Temp\HYD7935.tmp.1649208366_permissionsCopy\updates\3.5.5_46090.exe
a variant of Win32/uTorrent.E potentially unwanted application cleaned by
deleting
D:\Games\Immortals Fenyx Rising\EMP.dll a variant of Win64/HackTool.Crack.Q
potentially unsafe application cleaned by deleting
D:\Games\Immortals Fenyx Rising\uplay_r2_loader64.dll Win64/HackTool.Crack.R
potentially unsafe application cleaned by deleting
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
6 USER(S) ARE READING THIS TOPIC
0 members, 6 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2022 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy