Solved Malware

SillyStickS · May 31, 2021

My computer takes much longer to finish booting windows after logging in and I noticed three black command line windows appearing and disappearing very quickly. Please see FRST logs below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01
Ran by Matthew Balent (administrator) on MATTHEW-4790K-B (ASUS All Series) (31-05-2021 15:42:10)
Running from C:\Users\Matthew Balent\Desktop\Installers
Loaded Profiles: Matthew Balent
Platform: Windows 10 Home Version 21H1 19043.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A. & M. Neuber Software -> Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_b5c7e9f1cc7d29c6\Display.NvContainer\NVDisplay.Container.exe <2>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe [86016 2016-02-18] (PFU LIMITED) [File not signed]
HKLM-x32\...\Run: [ScanSnap OnlineUpdate Watcher] => C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe [454144 2016-09-06] (PFU Limited) [File not signed]
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\Run: [Discord] => C:\Users\Matthew Balent\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2019-11-19]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU Limited) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0601A0EE-3716-4125-9037-E0955DB02C9A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {08BBC0A4-44A3-48FA-8203-E2FD2CC48EE8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {17702CE9-C78A-48A6-BCA4-9F49F1AEC786} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CFE7997-0E02-4764-A22F-A573EF632952} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3A79F16C-176D-42D1-B510-92F555F2D986} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [127176 2020-05-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {3F615222-DE8F-49DA-B14D-848C00F027E7} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {45EDEC4F-26BE-4FCF-87B9-140A2D0C9E85} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {63586D95-26CE-40E4-A8A1-0525CDD80ADD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66F1D148-1B53-45E4-96FA-BE12FD1A34FC} - System32\Tasks\Core Temp Autostart Matthew Balent => C:\Program Files\Core Temp\Core Temp.exe
Task: {781E8D33-67EB-4B60-897B-8D1EFCBE102C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-27] (Google Inc -> Google LLC)
Task: {8598F86E-D765-4C36-AADF-D127C5E7C013} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AA2B3154-7F59-4BB0-A47B-D07B87E8BC29} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-28] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {AAAAC37B-3523-4C4D-B19E-E5D61B3187A7} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C2AA7653-CB60-4AC7-9811-FB382547AF85} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C4EE57C7-CE59-4834-AA50-D9221BA045E5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8697969-600B-4CA8-B9B1-CB7F4AC7BC9D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5427032-72ED-450D-BF10-695F3B0E4DBC} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [880 2020-09-24] () [File not signed]
Task: {DC712529-C239-4EA1-B4D5-6D47EEE02652} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-27] (Google Inc -> Google LLC)
Task: {F2489D9B-B2EB-4B2C-981B-E235C9CA17B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F73C1545-0D94-4B26-B019-65D2278D5507} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-28] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{42f495a5-b90e-4c59-bd85-a6da00ebf8f5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b5868b49-a737-4288-abe6-1d62c616eb22}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\Matthew Balent\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Matthew Balent\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-31]

FireFox:
========
FF DefaultProfile: sgg8645v.default-1568009218829
FF ProfilePath: C:\Users\Matthew Balent\AppData\Roaming\Mozilla\Firefox\Profiles\sgg8645v.default-1568009218829 [2021-05-31]
FF Homepage: Mozilla\Firefox\Profiles\sgg8645v.default-1568009218829 -> hxxps://mail.google.com/mail/u/0/#inbox
FF Extension: (Default Bookmark Folder) - C:\Users\Matthew Balent\AppData\Roaming\Mozilla\Firefox\Profiles\sgg8645v.default-1568009218829\Extensions\default-bookmark-folder@gustiaux.com.xpi [2020-03-12]
FF Extension: (Enhancer for YouTube™) - C:\Users\Matthew Balent\AppData\Roaming\Mozilla\Firefox\Profiles\sgg8645v.default-1568009218829\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2020-04-02]
FF Extension: (HTTPS Everywhere) - C:\Users\Matthew Balent\AppData\Roaming\Mozilla\Firefox\Profiles\sgg8645v.default-1568009218829\Extensions\https-everywhere@eff.org.xpi [2020-04-02]
FF Extension: (To Google Translate) - C:\Users\Matthew Balent\AppData\Roaming\Mozilla\Firefox\Profiles\sgg8645v.default-1568009218829\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2019-11-24]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Matthew Balent\AppData\Roaming\Mozilla\Firefox\Profiles\sgg8645v.default-1568009218829\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-04-02]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2520759900-3737204395-3222954602-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Matthew Balent\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default [2021-05-31]
CHR Notifications: Default -> hxxps://app.houseparty.com; hxxps://calendar.google.com; hxxps://voice.google.com
CHR HomePage: Default -> hxxp://gmail.com/
CHR StartupUrls: Default -> "hxxp://gmail.com/"
CHR Extension: (Slides) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-27]
CHR Extension: (Docs) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-27]
CHR Extension: (Google Drive) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-28]
CHR Extension: (YouTube) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-27]
CHR Extension: (Slinky Elegant) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2020-03-31]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-19]
CHR Extension: (uBlock Origin) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2021-05-18]
CHR Extension: (Sheets) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-27]
CHR Extension: (Google Docs Offline) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-14]
CHR Extension: (Microsoft Editor: Spelling & Grammar Checker) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiobkfhnonedkhhfjpmhdalgeoebfa [2021-05-19]
CHR Extension: (Zoom) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2021-05-27]
CHR Extension: (No Name) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-10-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-05-03]
CHR Extension: (Hulu Ad Skipper | Ad Blocker) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgpdfnkeeppfohmophlpcfmciioeenig [2021-01-04]
CHR Extension: (Gmail) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-26]
CHR Profile: C:\Users\Matthew Balent\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-14]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 CorsairGamingAudioConfig; C:\WINDOWS\system32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818288 2020-11-24] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-30] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2547288 2021-05-10] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3487320 2021-05-10] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1679240 2021-02-16] (Rockstar Games, Inc. -> Rockstar Games)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13109776 2020-07-02] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_b5c7e9f1cc7d29c6\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_b5c7e9f1cc7d29c6\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CorsairGamingAudioService; C:\WINDOWS\system32\DRIVERS\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2021-05-30] (CPUID S.A.R.L.U. -> CPUID)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-30] (Malwarebytes Inc -> Malwarebytes)
S3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-30] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-30] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 REDRAGON_MOUSE; C:\WINDOWS\system32\drivers\REDRAGON_MOUSE.sys [26112 2017-09-21] () [File not signed]
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [53128 2018-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S3 VKbms; C:\WINDOWS\System32\drivers\VKbms.sys [13824 2014-07-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-13] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-31 15:41 - 2021-05-31 15:42 - 000000000 ____D C:\FRST
2021-05-31 14:57 - 2021-05-31 14:57 - 000001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2021-05-31 14:57 - 2021-05-31 14:57 - 000001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2021-05-31 14:57 - 2021-05-31 14:57 - 000000000 ____D C:\ProgramData\SecTaskMan
2021-05-31 14:57 - 2021-05-31 14:57 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2021-05-30 20:25 - 2021-05-30 20:25 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-30 20:25 - 2021-05-30 20:25 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-30 20:25 - 2021-05-30 20:25 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-30 20:24 - 2021-05-30 20:24 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-30 20:24 - 2021-05-30 20:24 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-30 20:24 - 2021-05-30 20:24 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-30 20:24 - 2021-05-30 20:24 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-30 20:24 - 2021-05-30 20:24 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-30 20:23 - 2021-05-30 20:23 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-30 20:23 - 2021-05-30 20:23 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-30 20:23 - 2021-05-30 20:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-30 20:23 - 2021-05-30 20:23 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-20 17:39 - 2021-05-20 17:39 - 000197638 _____ C:\Users\Matthew Balent\Desktop\PSN Backup.mp4
2021-05-20 16:39 - 2021-05-13 03:38 - 000037656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-05-20 16:27 - 2021-05-13 11:22 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-05-20 16:27 - 2021-05-13 11:22 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-05-20 16:27 - 2021-05-13 11:22 - 001453360 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-05-20 16:27 - 2021-05-13 11:22 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-05-20 16:27 - 2021-05-13 11:22 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-05-20 16:27 - 2021-05-13 11:22 - 001192752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-05-20 16:27 - 2021-05-13 11:22 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-05-20 16:27 - 2021-05-13 11:22 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-05-20 16:27 - 2021-05-13 11:22 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-05-20 16:27 - 2021-05-13 11:22 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-05-20 16:27 - 2021-05-13 11:19 - 001514800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-05-20 16:27 - 2021-05-13 11:19 - 001166112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-05-20 16:27 - 2021-05-13 11:19 - 000715544 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-05-20 16:27 - 2021-05-13 11:19 - 000675104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-05-20 16:27 - 2021-05-13 11:19 - 000626968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-05-20 16:27 - 2021-05-13 11:19 - 000575768 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-05-20 16:27 - 2021-05-13 11:19 - 000564000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-05-20 16:27 - 2021-05-13 11:18 - 002106144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-05-20 16:27 - 2021-05-13 11:18 - 001590576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-05-20 16:27 - 2021-05-13 11:18 - 000811824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-05-20 16:27 - 2021-05-13 11:18 - 000689952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-05-20 16:27 - 2021-05-13 11:18 - 000445744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-05-20 16:27 - 2021-05-13 11:17 - 008317232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-05-20 16:27 - 2021-05-13 11:17 - 007434032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-05-20 16:27 - 2021-05-13 11:17 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-05-20 16:27 - 2021-05-13 11:17 - 002823472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-05-20 16:27 - 2021-05-13 11:16 - 000848688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-05-20 16:27 - 2021-05-13 11:15 - 006159152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-05-20 16:27 - 2021-05-13 03:38 - 000087164 _____ C:\WINDOWS\system32\nvinfo.pb
2021-05-15 15:48 - 2021-05-15 15:48 - 000000000 ____D C:\Program Files (x86)\Intel
2021-05-14 00:51 - 2021-05-14 00:51 - 000000000 ____D C:\Users\Matthew Balent\AppData\Local\GetsuFumaDen
2021-05-11 10:51 - 2021-05-11 10:51 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-31 15:42 - 2020-04-01 13:40 - 000000000 ____D C:\Users\Matthew Balent\Desktop\Installers
2021-05-31 14:46 - 2020-06-19 22:12 - 000004186 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{54E83F89-2951-42A7-B12A-1B696A9BC3FA}
2021-05-31 14:46 - 2019-06-27 18:36 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-30 22:36 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-30 22:36 - 2019-07-28 20:03 - 000000000 ____D C:\Users\Matthew Balent\AppData\Local\Battle.net
2021-05-30 22:02 - 2020-06-19 22:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-30 22:02 - 2019-07-28 20:03 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-05-30 21:20 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-30 21:20 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-30 20:32 - 2020-06-19 22:12 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-30 20:32 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-30 20:28 - 2020-06-19 22:12 - 000003398 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2520759900-3737204395-3222954602-1001
2021-05-30 20:28 - 2020-06-19 21:57 - 000002394 _____ C:\Users\Matthew Balent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-30 20:28 - 2019-04-26 23:49 - 000000000 ___RD C:\Users\Matthew Balent\OneDrive
2021-05-30 20:27 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-05-30 20:25 - 2020-06-19 22:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-30 20:25 - 2020-06-19 22:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-30 20:25 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-30 20:25 - 2019-07-17 00:03 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-30 20:23 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-30 20:23 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-30 00:21 - 2019-06-23 14:43 - 000000000 ____D C:\Users\Matthew Balent\AppData\Roaming\Discord
2021-05-29 23:28 - 2019-06-23 14:43 - 000000000 ____D C:\Users\Matthew Balent\AppData\Local\Discord
2021-05-29 15:27 - 2020-07-10 14:45 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-29 14:35 - 2019-05-16 17:06 - 000000000 ____D C:\Program Files (x86)\Overwatch
2021-05-23 14:32 - 2019-06-16 11:25 - 000001267 _____ C:\Users\Matthew Balent\Desktop\Downloads - Shortcut.lnk
2021-05-21 22:42 - 2021-03-14 16:21 - 000000000 ____D C:\Users\Matthew Balent\.zenmap
2021-05-21 15:25 - 2019-04-27 11:09 - 000000000 ____D C:\Users\Matthew Balent\AppData\LocalLow\Mozilla
2021-05-21 14:38 - 2020-05-17 10:48 - 001694672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-05-21 14:38 - 2020-05-17 10:48 - 000250304 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-05-21 14:38 - 2020-05-17 10:48 - 000192952 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-05-21 14:38 - 2020-05-17 10:48 - 000159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-05-21 14:38 - 2020-05-17 10:48 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-05-21 14:38 - 2020-05-17 10:48 - 000038328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-05-20 16:40 - 2019-06-27 18:45 - 000000000 ____D C:\Users\Matthew Balent\AppData\Local\NVIDIA
2021-05-19 17:52 - 2020-11-26 21:19 - 000000000 ____D C:\Program Files (x86)\Origin
2021-05-19 17:33 - 2019-04-27 11:09 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-18 19:21 - 2019-07-15 17:30 - 000000000 ____D C:\Users\Matthew Balent\GNS3
2021-05-18 19:21 - 2019-07-15 17:30 - 000000000 ____D C:\Users\Matthew Balent\AppData\Local\CrashDumps
2021-05-17 21:58 - 2021-03-16 19:34 - 000000000 ____D C:\Users\Matthew Balent\Desktop\IT Education
2021-05-15 16:38 - 2019-05-12 17:54 - 000000000 ____D C:\ProgramData\Package Cache
2021-05-15 15:37 - 2019-04-26 23:44 - 000000000 ____D C:\Program Files\Intel
2021-05-14 00:51 - 2019-06-17 19:41 - 000000000 ____D C:\Users\Matthew Balent\AppData\Local\UnrealEngine
2021-05-14 00:51 - 2019-06-17 19:41 - 000000000 ____D C:\ProgramData\Epic
2021-05-13 23:50 - 2019-04-26 23:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-13 11:18 - 2021-04-30 15:15 - 000656176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-05-13 11:15 - 2020-05-27 11:27 - 007212224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-05-13 03:38 - 2020-05-27 11:28 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-05-12 17:03 - 2021-04-28 14:09 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-11 10:52 - 2020-06-19 22:09 - 000257904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-11 10:52 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-11 10:52 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-11 10:47 - 2019-04-27 11:08 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-11 10:46 - 2019-04-27 11:08 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2019-07-16 23:56 - 2019-07-16 23:56 - 000002226 _____ () C:\Users\Matthew Balent\MarkYO.bat
2019-08-23 17:17 - 2019-09-03 15:45 - 000007606 _____ () C:\Users\Matthew Balent\AppData\Local\Resmon.ResmonCfg
2021-03-14 16:21 - 2021-03-14 16:21 - 000000000 _____ () C:\Users\Matthew Balent\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

SillyStickS · May 31, 2021

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01
Ran by Matthew Balent (31-05-2021 15:42:54)
Running from C:\Users\Matthew Balent\Desktop\Installers
Windows 10 Home Version 21H1 19043.985 (X64) (2020-06-20 05:12:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2520759900-3737204395-3222954602-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2520759900-3737204395-3222954602-503 - Limited - Disabled)
Guest (S-1-5-21-2520759900-3737204395-3222954602-501 - Limited - Disabled)
Matthew Balent (S-1-5-21-2520759900-3737204395-3222954602-1001 - Administrator - Enabled) => C:\Users\Matthew Balent
WDAGUtilityAccount (S-1-5-21-2520759900-3737204395-3222954602-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 20.00 alpha (x64) (HKLM\...\7-Zip) (Version: 20.00 alpha - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
AIDA64 Extreme v6.32 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.32 - FinalWire Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CORSAIR iCUE Software (HKLM-x32\...\{10730A22-FBFF-43C4-92EA-1583832711B4}) (Version: 3.37.140 - Corsair)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{0203C24C-452D-4344-871F-DE3C7B49C328}) (Version: 22.40.0.7 - Intel Corporation) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Epic Games Launcher (HKLM-x32\...\{466EA30A-9B38-4AD2-A6B0-18D6E0C1A848}) (Version: 1.1.206.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
ePSXe (HKLM-x32\...\{47D0F783-5399-47B3-990F-C6A35F6F2283}) (Version: 2.0.5 - Vimm's Lair)
GameInput Redistributable (HKLM-x32\...\{AD78C5EF-EAAF-12E7-83A3-B335A79A3DB1}) (Version: 10.1.19041.1870 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
HD Tune Pro 5.70 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000040-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.40.0.2 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{3933e30f-0de2-4fee-8a5e-28c71ea7f121}) (Version: 22.40.0.7 - Intel Corporation) Hidden
JoyToKey version 6.4.3 (HKLM-x32\...\{EBF21C82-423E-49FD-BCBD-88C08397CB44}_is1) (Version: 6.4.3 - JTK software)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 76.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 76.0.1 (x64 en-US)) (Version: 76.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.10.0 - Mozilla)
Mozilla Thunderbird 78.10.0 (x64 en-US) (HKLM\...\Mozilla Thunderbird 78.10.0 (x64 en-US)) (Version: 78.10.0 - Mozilla)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
MSI Kombustor 4.1.2.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D)
Nmap 7.91 (HKLM-x32\...\Nmap) (Version: 7.91 - Nmap Project)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.00 - Nmap Project)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 - NVIDIA Corporation)
NVIDIA Graphics Driver 466.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 466.47 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.99.47918 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch League Replay Viewer (HKLM-x32\...\Overwatch League Replay Viewer) (Version: - Blizzard Entertainment)
Overwatch League Replay Viewer 2 (HKLM-x32\...\Overwatch League Replay Viewer 2) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
qBittorrent 4.1.6 (HKLM-x32\...\qBittorrent) (Version: 4.1.6 - The qBittorrent project)
Qtracker (HKLM-x32\...\Qtracker) (Version: 4.92 - )
Roblox Player for Matthew Balent (HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\roblox-player) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.34.337 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.5L61 - PFU)
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.7.7 - TeamViewer)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wireshark 3.0.3 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)
Zoom (HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-25] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-27] (NVIDIA Corp.)
PDF Reader - View, Edit, Share -> C:\Program Files\WindowsApps\0D9A1B2D.PDFReaderUWP_1.14.10.0_x64__jhretta7p24aw [2021-05-27] (Kdan Mobile Software Ltd.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Corporation)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.480.29834.0_x86__55nm5eh3cm0pr [2021-05-30] (ROBLOX Corporation)
RSS Media Player -> C:\Program Files\WindowsApps\48405AmbientSoftware.RssVideoPlayer_1.5.0.0_x64__agy8jafheqhng [2020-08-06] (Chan Software Solutions)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0 [2021-05-30] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2520759900-3737204395-3222954602-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_b5c7e9f1cc7d29c6\nvshext.dll [2021-05-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Matthew Balent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg

==================== Loaded Modules (Whitelisted) =============

2019-04-26 23:42 - 2021-05-30 20:25 - 000043664 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2019-11-19 13:04 - 2016-07-08 15:27 - 000383488 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\x64\SSFolder.DLL
2020-11-15 16:51 - 2020-11-15 16:51 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-11-26 21:19 - 2021-04-04 21:57 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-11-26 21:19 - 2021-04-04 21:57 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-26 21:19 - 2021-04-04 21:57 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-05-19 17:52 - 2021-04-04 21:57 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-05-19 17:52 - 2021-04-04 21:57 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-05-19 17:52 - 2021-04-04 21:57 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-05-19 17:52 - 2021-04-04 21:57 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-05-19 17:52 - 2021-04-04 21:57 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-05-19 17:52 - 2021-04-04 21:57 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Matthew Balent\AppData\Local\Temp:$DATA [34]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 00:31 - 2018-09-15 00:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew Balent\Pictures\Desktop Backgrounds\Galaxy.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Local Area Connection* 12: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Local Area Connection* 12: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Ethernet: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "ScanSnap OnlineUpdate Watcher"
HKLM\...\StartupApproved\Run32: => "ScanSnap WIA Service Checker"
HKLM\...\StartupApproved\Run32: => "CORSAIR iCUE Software"
HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\StartupApproved\Run: => "Parsec.App.0"
HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2520759900-3737204395-3222954602-1001\...\StartupApproved\Run: => "CPN Notifier"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{67AD4442-11A3-49FE-9C88-828C98312968}] => (Block) C:\program files\epic games\journey\journey.exe () [File not signed]
FirewallRules: [{3B9A81C5-1B68-42D8-BE40-641A99102E64}] => (Block) C:\program files\epic games\journey\journey.exe () [File not signed]
FirewallRules: [UDP Query User{50589736-5D55-4B07-A9A7-5FE01EFFB42E}C:\program files\epic games\journey\journey.exe] => (Allow) C:\program files\epic games\journey\journey.exe () [File not signed]
FirewallRules: [TCP Query User{C2864F00-EEC0-44B2-9E3A-D1C5A837EDF5}C:\program files\epic games\journey\journey.exe] => (Allow) C:\program files\epic games\journey\journey.exe () [File not signed]
FirewallRules: [UDP Query User{E798A186-E40A-4A34-954A-4CB0D569A8A3}C:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) C:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe => No File
FirewallRules: [TCP Query User{972EB67F-DF79-4499-B432-25061EFE9846}C:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) C:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe => No File
FirewallRules: [{C0CC5335-77A3-4AD2-A931-9F88A7CE2132}] => (Block) C:\users\matthew balent\desktop\video games\steam\steamapps\common\terraria\terrariaserver.exe => No File
FirewallRules: [{B230355C-1421-4117-880F-10A79D5760FE}] => (Block) C:\users\matthew balent\desktop\video games\steam\steamapps\common\terraria\terrariaserver.exe => No File
FirewallRules: [UDP Query User{F7E54510-777C-4C92-AA4D-ED2EECFE7780}C:\users\matthew balent\desktop\video games\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\terraria\terrariaserver.exe => No File
FirewallRules: [TCP Query User{07D05E92-ECEB-47FC-AF42-E7F4A9BABBEA}C:\users\matthew balent\desktop\video games\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\terraria\terrariaserver.exe => No File
FirewallRules: [{E2EC6815-8DCE-468D-A17E-9B55C31F23AA}] => (Block) C:\program files (x86)\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [{8A4D36D8-27B6-41D6-98C7-EF918447F3AA}] => (Block) C:\program files (x86)\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [UDP Query User{04A3A917-7AB8-4198-905C-146CE5C15B42}C:\program files (x86)\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [TCP Query User{37E1BC06-62AD-4AD2-A2E4-C2DA549C964E}C:\program files (x86)\starcraft ii\versions\base78285\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base78285\sc2_x64.exe => No File
FirewallRules: [{29426E1A-1DD7-4FD2-B2D2-DC7207BEEE4F}] => (Block) C:\users\matthew balent\appdata\local\programs\kast-app\kast.exe => No File
FirewallRules: [{9399BC86-1AC9-42B4-8FFD-D0CCDABC02DD}] => (Block) C:\users\matthew balent\appdata\local\programs\kast-app\kast.exe => No File
FirewallRules: [UDP Query User{39EC11C4-5638-4519-90BE-C95F8BB4607D}C:\users\matthew balent\appdata\local\programs\kast-app\kast.exe] => (Allow) C:\users\matthew balent\appdata\local\programs\kast-app\kast.exe => No File
FirewallRules: [TCP Query User{ACE01047-FF28-48F2-A8BD-C9F31C3A3BC3}C:\users\matthew balent\appdata\local\programs\kast-app\kast.exe] => (Allow) C:\users\matthew balent\appdata\local\programs\kast-app\kast.exe => No File
FirewallRules: [{B373EF5A-C214-4B9A-BD7F-4F93EB307437}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{4AE74019-38CF-4EA1-8E54-527119E0831D}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\DOOMEternal\idTechLauncher.exe () [File not signed]
FirewallRules: [{E340A372-7D57-4E3B-8085-B0E8B7A47063}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\DOOMEternal\idTechLauncher.exe () [File not signed]
FirewallRules: [{EEDEA79E-CC18-44B7-B8D0-1800AF960F84}] => (Allow) C:\Users\Matthew Balent\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7C7C5D26-5DB8-427C-B151-86B7CCF72580}] => (Allow) C:\Users\Matthew Balent\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E3FBB004-A884-483D-8C04-58AA9952F871}] => (Block) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [{A61E6439-71A2-499D-88EC-18CD417D86DC}] => (Block) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [UDP Query User{791935B1-D06C-49F4-BB55-508F37FE0154}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [TCP Query User{F5A50F6D-D349-4843-B9DF-8F5CFCBD7504}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe => No File
FirewallRules: [{DA71685A-50B3-4B22-8D06-5E13A8278DBC}] => (Block) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [{A24A3F49-50FF-4EE8-A9BE-BE6F9B1FAADC}] => (Block) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [UDP Query User{63B82BBD-E9AA-4CA2-8C90-20DD4639C198}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [TCP Query User{20CAE0C0-EDEF-4A52-88AD-AFD78AE3ADB6}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe => No File
FirewallRules: [UDP Query User{F0B921CD-ED53-4F3A-92FB-8BFAA6AC0155}C:\program files (x86)\starcraft ii\versions\base77661\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base77661\sc2_x64.exe => No File
FirewallRules: [TCP Query User{77BB4F40-B84A-4803-9A1D-725DF6C22838}C:\program files (x86)\starcraft ii\versions\base77661\sc2_x64.exe] => (Block) C:\program files (x86)\starcraft ii\versions\base77661\sc2_x64.exe => No File
FirewallRules: [{B209CF6F-808E-4E66-8A9F-3EDB8E5E2507}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\Duskworld.exe () [File not signed]
FirewallRules: [{54186F84-4139-4DC1-A20D-F11BF98DD0FB}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\Duskworld.exe () [File not signed]
FirewallRules: [{7C947530-3872-4DCB-B29C-DB117B3A5B92}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\Dusk.exe () [File not signed]
FirewallRules: [{C7949C0D-E607-4321-BBDB-A30996C7ABB4}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\Dusk.exe () [File not signed]
FirewallRules: [UDP Query User{14237A86-AF4E-4457-9650-03E206C60E7B}C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe] => (Block) C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe => No File
FirewallRules: [TCP Query User{31E2D0E2-14E0-4BF7-9CEC-B7C7AB726258}C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe] => (Block) C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe => No File
FirewallRules: [{83DBEB9D-0B93-4504-BD94-B7DAD3DB8459}] => (Block) C:\program files (x86)\overwatch\_replay_viewer_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{3BD96480-444B-4346-B97B-8A207519847F}] => (Block) C:\program files (x86)\overwatch\_replay_viewer_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{0FA0A7B1-0D99-4627-91DA-77C6A434853E}C:\program files (x86)\overwatch\_replay_viewer_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_replay_viewer_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2BD53729-7A02-45FE-BF37-86459BE4B3A7}C:\program files (x86)\overwatch\_replay_viewer_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_replay_viewer_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{24E0C09C-6C16-44F1-9977-9F93A15E8811}C:\program files (x86)\overwatch test\_ptr_\overwatch.exe] => (Block) C:\program files (x86)\overwatch test\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{7F0D4299-309A-4AA5-9386-579A002871A0}C:\program files (x86)\overwatch test\_ptr_\overwatch.exe] => (Block) C:\program files (x86)\overwatch test\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{3F4FE4BF-A09B-46C0-B936-5F77A2983093}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{64E72BE7-8981-4418-BB82-71EC01B3C370}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Block) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{0BE06E8C-59F9-4F3C-BACA-9823FC962757}] => (Block) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [{C3147307-77E9-41A3-B646-AA6B7974CD46}] => (Block) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [UDP Query User{E761B5AC-4A33-494B-BBEC-943C228391C8}C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [TCP Query User{5AEC6CD9-C35C-4E0D-A5D8-4D379E8C4DDE}C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare beta\modernwarfare.exe => No File
FirewallRules: [{4434F16F-A12C-4540-B06B-CC4B70EA501E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{24B12FC3-8F28-440D-BC3F-654B696041E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{17107C8C-E2F0-4319-A58B-759840410E68}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Fury Unleashed\FuryUnleashed.exe () [File not signed]
FirewallRules: [{9D45F4A4-9A33-4819-A3A0-1E4FD9F5E25D}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Fury Unleashed\FuryUnleashed.exe () [File not signed]
FirewallRules: [{35B4C02D-954D-4CB7-BD80-2191229E0BDE}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Touhou Luna Nights\touhou_luna_nights.exe (team ladybug) [File not signed]
FirewallRules: [{B766BF93-3153-40AA-9B8F-9722D7B3F6A3}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Touhou Luna Nights\touhou_luna_nights.exe (team ladybug) [File not signed]
FirewallRules: [UDP Query User{1ED28A7D-9762-490C-98BF-04D6C86F2C39}C:\users\matthew balent\downloads\ezquake-3.1-win32-full\ezquake.exe] => (Allow) C:\users\matthew balent\downloads\ezquake-3.1-win32-full\ezquake.exe => No File
FirewallRules: [TCP Query User{4473BA4F-01D1-4AA8-8512-128EDC621146}C:\users\matthew balent\downloads\ezquake-3.1-win32-full\ezquake.exe] => (Allow) C:\users\matthew balent\downloads\ezquake-3.1-win32-full\ezquake.exe => No File
FirewallRules: [UDP Query User{AD124E14-DA69-4FB9-B546-5237318088E7}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe => No File
FirewallRules: [TCP Query User{9D7929C3-0E7B-4D09-B0B5-DD862A21817B}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe => No File
FirewallRules: [UDP Query User{73749110-2923-4070-91B1-A38F3B0565E0}C:\program files (x86)\overwatch test\_ptr_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{C7F27C27-B2D5-4DCF-AA26-EBA7D94AA13E}C:\program files (x86)\overwatch test\_ptr_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch test\_ptr_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{23B470EE-40F4-4D93-95D4-9B349CD56520}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{3E4319C7-9EFF-49DD-8419-631657063A7F}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{E6B7C4DD-9338-495E-8042-EAF0F23C0BA6}C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe] => (Block) C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe => No File
FirewallRules: [TCP Query User{2022ED9D-EDB2-4D7E-BA77-ADBDDE3CC24A}C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe] => (Block) C:\users\matthew balent\desktop\video games\steam\steamapps\common\doom\doomx64vk.exe => No File
FirewallRules: [{F47D182D-91D1-42FA-B239-4204BEC39622}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2F673B67-37AF-4AAB-B2FF-BE367AF1799A}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{317143BF-8353-494A-A318-E88186F14E04}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{081EDA5F-A52E-4DDE-8F83-6C73F8E3FFD5}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F3AE54D2-8800-4F60-9B81-4E9C7FC4AFF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe => No File
FirewallRules: [{6B4166BD-9991-4408-A087-2552A0F51EDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Master Levels of Doom\dosbox.exe => No File
FirewallRules: [UDP Query User{FFD6754B-11ED-48EA-AE86-EAEA5BDF449D}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe => No File
FirewallRules: [TCP Query User{0747E6B0-1ECD-4DB2-8006-064308B602B1}C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\doom\doomx64vk.exe => No File
FirewallRules: [{17ECCCDF-88C9-445C-819D-78E6C266736C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{DC8C6051-E80C-48C2-9337-876864660167}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe => No File
FirewallRules: [{5450C9F4-5AB0-4512-A6ED-4CEF74E6DA6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe => No File
FirewallRules: [{869E86A2-A325-481F-8109-9F55CE54E188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe => No File
FirewallRules: [{C74C99C7-A692-4610-B426-D7E0E0064F8E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{41E88A8A-19C7-41E6-BDA4-C796301AF91A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{3EDCDB88-E83C-4CF0-8C42-9ABFDC149FDC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{505E4795-16B8-4CEB-ABAF-2EAE8B78ECBD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E2655C17-A9C3-47CB-95F8-0E15B8CC7D8D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{F6C23910-123C-4F4E-8CDE-7E77038A6FE4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{07E9607D-4DFA-4D19-80F7-A8BF990B9EF0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{06E56583-82C5-40C2-BD36-0D9F357ACC50}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{A7344272-C8D7-4E19-AC2B-D550A867627F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{40474F17-74E7-434A-889E-9416BBC6E0E2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{A359C460-7B56-418C-B21E-1087A84805F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Katana ZERO\Katana ZERO.exe => No File
FirewallRules: [{139589E3-03CC-42A3-AC59-48A55A02F9A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Katana ZERO\Katana ZERO.exe => No File
FirewallRules: [{79EF252F-60BE-4E3B-8913-560CEE1FC75C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Vagrant\TheVagrant.exe => No File
FirewallRules: [{A1102E26-38FF-46F3-A76E-B24E9DA5F062}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Vagrant\TheVagrant.exe => No File
FirewallRules: [{911821A9-49D1-4F9C-85F8-FCB34E4E05C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\aimlab_tb.exe => No File
FirewallRules: [{A9EB09D6-4ADD-411F-B52C-E630FB929F4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\aimlab_tb.exe => No File

SillyStickS · May 31, 2021

FirewallRules: [TCP Query User{CDE95137-4C9E-41E7-A19A-C23B9FA26384}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe => No File
FirewallRules: [UDP Query User{AA9CB928-7531-40F7-9F74-48A6F2E18CC0}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe => No File
FirewallRules: [TCP Query User{68F1B456-44CA-42F6-86FA-35C0B569BC36}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe => No File
FirewallRules: [UDP Query User{E90C4221-8ABD-46F4-BAD9-604F5D3DE98B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe => No File
FirewallRules: [TCP Query User{FECDD078-DB0F-4B8E-9920-E67BA13838E4}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe => No File
FirewallRules: [UDP Query User{7411EE2F-C6BA-4F21-A341-DA1FB361900D}C:\program files\core temp\core temp.exe] => (Allow) C:\program files\core temp\core temp.exe => No File
FirewallRules: [TCP Query User{B2D21358-DE6D-4F0A-B84C-889322709B0C}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{46D89748-D6E9-421A-A17C-08F8CD2EB51F}C:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) C:\program files (x86)\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{30371A4C-E229-444A-AD6E-AB331A80A061}C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe => No File
FirewallRules: [UDP Query User{69E09A88-22E9-4C0E-8909-1563205F0022}C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base80188\sc2_x64.exe => No File
FirewallRules: [{125FC2D8-125B-4D89-804B-55467C48D2F1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{03033C41-3BC9-46C7-B95C-BB956D73EDC0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{83EF24A5-BCA6-48AA-AC81-2F8E54CFB7A5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{485D4F67-6FAE-4BCF-8459-7D485B37DCCB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{B886E94F-33BA-41EC-9B55-BB84ED48175A}C:\users\matthew balent\desktop\video games\steam\steamapps\common\quake 2\yquake2.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\quake 2\yquake2.exe => No File
FirewallRules: [UDP Query User{6A3C4C7C-DE81-4BDE-87BA-305792B8E80F}C:\users\matthew balent\desktop\video games\steam\steamapps\common\quake 2\yquake2.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\quake 2\yquake2.exe => No File
FirewallRules: [TCP Query User{2007E0D3-F8DC-46C9-B731-CDF43BF02404}C:\program files (x86)\starcraft ii\versions\base80949\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base80949\sc2_x64.exe => No File
FirewallRules: [UDP Query User{4CC9D6D8-F07F-48DD-9F65-4EDB94A05EE9}C:\program files (x86)\starcraft ii\versions\base80949\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base80949\sc2_x64.exe => No File
FirewallRules: [TCP Query User{930D15A8-95CE-40AD-977F-C734AD4A0EDC}C:\program files (x86)\starcraft ii\versions\base81009\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base81009\sc2_x64.exe => No File
FirewallRules: [UDP Query User{C749088D-1AB8-4289-88F8-91E8446742ED}C:\program files (x86)\starcraft ii\versions\base81009\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base81009\sc2_x64.exe => No File
FirewallRules: [{2D8EE6C6-60BC-4C86-BA1A-32A50F017934}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe () [File not signed]
FirewallRules: [{E62B7114-9D05-42CF-98E6-7FE131DCC8FC}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe () [File not signed]
FirewallRules: [TCP Query User{C088A740-74D2-4D42-9382-1F57F61FE6F9}C:\program files (x86)\starcraft ii\versions\base81102\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base81102\sc2_x64.exe => No File
FirewallRules: [UDP Query User{81AD96D7-E115-4084-B3C4-546C96EBE224}C:\program files (x86)\starcraft ii\versions\base81102\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base81102\sc2_x64.exe => No File
FirewallRules: [{72C58ACD-D632-4111-A181-2CA3B2658829}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Rogue Legacy 2\Rogue Legacy 2.exe () [File not signed]
FirewallRules: [{BDB203FB-AC02-4D23-906B-6442D2A85108}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Rogue Legacy 2\Rogue Legacy 2.exe () [File not signed]
FirewallRules: [TCP Query User{4A971E95-A36A-41E6-9F0D-5AAE1F303B06}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{37E8DF90-15EA-4645-98DC-15C4EB2C731A}C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\support64\sc2editor_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{DE843FDF-722C-4476-8BF3-49B7E3F7BCF0}C:\program files (x86)\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base81433\sc2_x64.exe => No File
FirewallRules: [UDP Query User{9F5CB8DF-F90F-4E21-A0EB-F6786846B2C2}C:\program files (x86)\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base81433\sc2_x64.exe => No File
FirewallRules: [{632BF2E2-6766-4100-8BEC-16D77B1DB6D8}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{2011359C-B8E2-41A8-A8A7-CFBF51595B61}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{F157266C-65B5-4559-B527-7A3852EEA87E}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Doom 2\rerelease\DOOM II.exe () [File not signed]
FirewallRules: [{965FB540-0D4A-4D94-86CC-AE4709C11A45}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Doom 2\rerelease\DOOM II.exe () [File not signed]
FirewallRules: [{FA9F5D02-E2AE-4E3E-944F-76C45E225ADF}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Spelunky 2\Spel2.exe () [File not signed]
FirewallRules: [{3FA0378B-A27B-4A0A-9A20-1DCF88A82D57}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Spelunky 2\Spel2.exe () [File not signed]
FirewallRules: [{176B3A99-9708-4688-8CA4-E0DCBEE3DF1F}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Bloodstained Ritual of the Night\BloodstainedRotN.exe () [File not signed]
FirewallRules: [{6342C9F8-2D09-4604-A5A5-62590BEC3DD3}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Bloodstained Ritual of the Night\BloodstainedRotN.exe () [File not signed]
FirewallRules: [TCP Query User{4D9FD4D3-44B0-4353-9B24-3661A2B17555}C:\users\matthew balent\desktop\video games\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe (ArtPlay) [File not signed]
FirewallRules: [UDP Query User{BEB6F245-30C0-49C3-8C12-4FB5F7644710}C:\users\matthew balent\desktop\video games\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe (ArtPlay) [File not signed]
FirewallRules: [TCP Query User{0E02C364-2B79-424F-804E-A8F1DF422802}C:\program files (x86)\zandronum\doomseeker\doomseeker.exe] => (Allow) C:\program files (x86)\zandronum\doomseeker\doomseeker.exe => No File
FirewallRules: [UDP Query User{8AF8DBF6-E556-4EB5-A30C-CA26A16523A3}C:\program files (x86)\zandronum\doomseeker\doomseeker.exe] => (Allow) C:\program files (x86)\zandronum\doomseeker\doomseeker.exe => No File
FirewallRules: [TCP Query User{C2B7E491-03A6-4E8B-9DFC-B1EDB61CE85D}C:\program files (x86)\zandronum\zandronum.exe] => (Allow) C:\program files (x86)\zandronum\zandronum.exe => No File
FirewallRules: [UDP Query User{35CF5534-4A12-435E-9354-DA6D05020D47}C:\program files (x86)\zandronum\zandronum.exe] => (Allow) C:\program files (x86)\zandronum\zandronum.exe => No File
FirewallRules: [TCP Query User{FFED17D2-0246-42AB-8C51-15E995C47706}C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe (Proletariat Inc. -> Proletariat, Inc.)
FirewallRules: [UDP Query User{59F9F991-8BB5-483D-A595-1C65AC1C470E}C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe] => (Allow) C:\program files\epic games\spellbreak\g3\binaries\win64\spellbreak.exe (Proletariat Inc. -> Proletariat, Inc.)
FirewallRules: [{866A1209-E4D2-4D90-8CFD-748A4EE3D69E}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Cuphead\Cuphead.exe () [File not signed]
FirewallRules: [{3DF7D86B-0517-49C5-A1BB-287C6D1B5488}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Cuphead\Cuphead.exe () [File not signed]
FirewallRules: [{A2D9AEC9-81E4-4C98-A5B7-89974F610265}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{7EC817D4-07DA-40C5-9E54-8353AD0A4ADB}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{46B76F05-9C80-4F7A-AA71-021464D7D5FC}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{F5CA5C14-8262-4A19-A0CA-75109028596D}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{58A066BA-DDED-444B-893F-F32096388FDA}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{B0981C61-F156-49DC-BB96-76E31DEED8E1}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{F40898D1-4072-498E-94BE-01B45A4F9E38}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{CB6A6727-E39F-4A45-BEE0-428E004D9064}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{4CDF1287-AB23-461F-B7AE-62EB2AD0C1E0}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Butcher\Butcher.exe () [File not signed]
FirewallRules: [{1E79A488-E665-404F-B54C-5AB47B026605}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Butcher\Butcher.exe () [File not signed]
FirewallRules: [{B436AA53-22B9-431E-B858-40C48AD7B489}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{C487E280-84CF-422F-AC52-65FFBF1E0019}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{B251D6B5-3DD5-4B87-B9A8-7AD39C299A6C}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Amid Evil\AmidEvil.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{E3AEA550-9692-47B5-9A59-1B7AF072A4A8}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Amid Evil\AmidEvil.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{0A3DA310-A687-4AC7-B18A-0F709187B034}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\SDK\bin\win_x64\Dusk.exe () [File not signed]
FirewallRules: [{41DC8440-CC0B-45EE-81A6-E51E49785FF5}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\SDK\bin\win_x64\Dusk.exe () [File not signed]
FirewallRules: [TCP Query User{0C51C117-5353-46A8-B167-3D3FD38777CD}C:\users\matthew balent\desktop\video games\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{3337F826-F4B3-4449-8CDC-B0908C1933DF}C:\users\matthew balent\desktop\video games\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{2BB496AE-B279-4883-B242-265A60EA3E8E}C:\users\matthew balent\desktop\video games\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe (INDEFATIGABLE) [File not signed]
FirewallRules: [UDP Query User{A94C67FD-B2D1-468A-A6D5-06A1E232A119}C:\users\matthew balent\desktop\video games\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe] => (Allow) C:\users\matthew balent\desktop\video games\steam\steamapps\common\amid evil\amidevil\binaries\win64\amidevil-win64-shipping.exe (INDEFATIGABLE) [File not signed]
FirewallRules: [{B6DFF676-3A25-4416-A031-7058062E9F94}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Krunker\Official Krunker.io Client.exe (Yendis Entertainment Pty Ltd) [File not signed]
FirewallRules: [{12FC8294-836E-437A-B79B-995F13B0E18F}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Krunker\Official Krunker.io Client.exe (Yendis Entertainment Pty Ltd) [File not signed]
FirewallRules: [{7A91D520-93B9-4A2E-9223-05EA085436F7}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\30XX\30XX.exe () [File not signed]
FirewallRules: [{19C7D790-C6B2-499A-8C1C-486367C1DDEE}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\30XX\30XX.exe () [File not signed]
FirewallRules: [{31E64D58-0AC8-4EC1-AE0D-AAD999994CD6}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\Winquake.exe () [File not signed]
FirewallRules: [{1C5FB14E-CCB3-43E0-B2B9-0A7DF290A8C5}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\Winquake.exe () [File not signed]
FirewallRules: [{C0E33474-F8B1-495D-97C1-747B1641500B}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\qwcl.exe () [File not signed]
FirewallRules: [{5F309F7E-CEE4-400D-924D-56D266F94600}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\qwcl.exe () [File not signed]
FirewallRules: [{5756F8B3-DCBD-42DD-8374-8DFB68193236}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\Glquake.exe () [File not signed]
FirewallRules: [{5E7D01EF-BB9D-48BF-9CF9-DF3BE903D51D}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\Glquake.exe () [File not signed]
FirewallRules: [{CEE4799E-A663-454E-BA8F-1AD6C559B485}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\glqwcl.exe () [File not signed]
FirewallRules: [{14F5050A-06DE-400D-887D-56ABB1069FC4}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Quake\glqwcl.exe () [File not signed]
FirewallRules: [{94C7FE18-BDEF-4E2A-B323-926003E813F1}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Black Mesa\bms.exe () [File not signed]
FirewallRules: [{0E76A12A-A498-4D38-AAA1-CBB328877EA1}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Black Mesa\bms.exe () [File not signed]
FirewallRules: [TCP Query User{251CF851-EA4C-4730-9503-4A4B0B8F3A33}C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe => No File
FirewallRules: [UDP Query User{EC762ADB-6B66-44F9-B6AB-B60374CE755B}C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe => No File
FirewallRules: [{2A4A581B-15EF-4D77-B7F2-4607732B6BD9}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Cursed_Castilla\Cursed_Castilla.exe (Abylight Studios) [File not signed]
FirewallRules: [{9EB287D5-C914-4A89-8E2D-0A7A942E652D}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Cursed_Castilla\Cursed_Castilla.exe (Abylight Studios) [File not signed]
FirewallRules: [{722CE0AB-ED23-4713-9725-3DB81A61BB69}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Cyber Shadow\CyberShadow.exe (Mechanical Head Studios) [File not signed]
FirewallRules: [{EA1BD2A3-F8BD-47E7-8CE8-276F78E61C49}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Cyber Shadow\CyberShadow.exe (Mechanical Head Studios) [File not signed]
FirewallRules: [{4F99E46E-F67F-4B19-AB2F-F1AAFFFC0DEE}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Guacamelee2\Guac2_x64.exe () [File not signed]
FirewallRules: [{D2AB2EAB-4BB3-4D54-B97A-8208A17B7778}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Guacamelee2\Guac2_x64.exe () [File not signed]
FirewallRules: [{BA47FF61-7E74-4162-B003-4FD6DAAA4AC8}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{C65C2874-A0FD-4695-B031-D5AC1F650A80}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{9BCD8506-CCBF-4A88-B3C0-49B6E4C1A80A}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Blaster Master Zero\exe\bsm.exe => No File
FirewallRules: [{00BECB47-B0E9-49D2-ADAD-841CE73EC296}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Blaster Master Zero\exe\bsm.exe => No File
FirewallRules: [{0229DF7F-425B-4A89-9F90-77B432B32B1B}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{792D059D-43C0-4C82-A11A-3734C0C43762}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Devil May Cry 5\DevilMayCry5.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{D135D8FD-7175-4DD0-8F1B-717B767DF1F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{719AE54B-9637-4F18-8FFE-A777A3B61EB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B120D7B-FCF5-4237-9CF1-D8C55B2E3029}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5381175F-C92F-47AA-8899-7BB0EC35C639}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9314211-57FE-491A-8D0A-5CA6AA2456E2}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM Co.,Ltd. -> CAPCOM U.S.A, INC.)
FirewallRules: [{305B1FE9-70ED-4D5B-B68D-9B4126C8B5D8}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe (CAPCOM Co.,Ltd. -> CAPCOM U.S.A, INC.)
FirewallRules: [{DB8C6C32-5FED-41B8-80C0-08CA7AB0B096}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Valfaris\Valfaris.exe () [File not signed]
FirewallRules: [{A592EB54-836F-4F8B-9829-6D80D146C851}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Valfaris\Valfaris.exe () [File not signed]
FirewallRules: [{1490827C-3562-40C0-A365-50F398D35818}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\ULTRAKILL\ULTRAKILL.exe () [File not signed]
FirewallRules: [{42C4103B-6E84-4BE9-BBE3-D945820E9C1A}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\ULTRAKILL\ULTRAKILL.exe () [File not signed]
FirewallRules: [{D5591267-7E5E-4013-9F81-21F05DA0C320}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Blaster Master Zero 2\game.exe () [File not signed]
FirewallRules: [{A92512BA-4CFA-4885-8A4B-C2D9FE9E7D8C}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Blaster Master Zero 2\game.exe () [File not signed]
FirewallRules: [{C0B7607C-DE86-48DB-B61B-C362FAB05A64}] => (Block) LPort=5040
FirewallRules: [{8DAA48A2-BDC9-4E54-A563-1ED7D510FBB9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EB67419D-8CE8-4ED5-AB55-317B2E83BFA2}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\SDK\bin\win_x64\Dusk.exe () [File not signed]
FirewallRules: [{802C1816-3955-4D79-9A68-F30997C10C6D}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Dusk\SDK\bin\win_x64\Dusk.exe () [File not signed]
FirewallRules: [{A1C6A411-E25C-48D4-9456-5710BEFF2D27}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\GetsuFumaDen\GetsuFumaDen.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{C63084E7-F9E3-4F34-8001-5B7C9343B0BB}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\GetsuFumaDen\GetsuFumaDen.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{737CEBDE-9AF7-4548-84CC-C4849867C5AE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.37\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FEBF3285-47C6-472D-AB0A-4C05E93BD658}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe (Tarsier Studios) [File not signed]
FirewallRules: [{B26492D9-DEFA-4CED-A74F-27CC73D157D0}] => (Allow) C:\Users\Matthew Balent\Desktop\Video Games\Steam\steamapps\common\Little Nightmares\Atlas\Binaries\Win64\LittleNightmares.exe (Tarsier Studios) [File not signed]
FirewallRules: [{30DDC909-6F8A-483E-ABE7-18F73D1AF6CC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EBE177F5-B791-4213-A0DE-1B6017250741}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3BFF2CF4-3A1D-40EC-846F-FB90C9224E9B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{86271053-602E-4281-9A4C-98AC321A708D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{99BF4E7A-8C27-4AF3-AA08-A14B351F61A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F2540C20-D7FA-491A-B76E-AF55C8066C56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7344F0B2-D002-4191-951D-1A6C6304BA79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5C843160-61F8-497C-8C79-4202824667E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

15-05-2021 15:27:13 Windows Update
19-05-2021 17:32:20 Windows Modules Installer
27-05-2021 16:28:27 Scheduled Checkpoint
30-05-2021 20:22:42 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/30/2021 08:24:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (05/30/2021 08:24:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/30/2021 08:24:55 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/19/2021 05:32:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (05/19/2021 05:32:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/19/2021 05:32:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (05/19/2021 05:32:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (05/18/2021 07:21:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gns3.exe, version: 2.1.21.0, time stamp: 0x5920c4b7
Faulting module name: Qt5Core.dll, version: 5.12.1.0, time stamp: 0x5c4f4548
Exception code: 0xc0000409
Fault offset: 0x0000000000028858
Faulting process id: 0x24f4
Faulting application start time: 0x01d74c541c9e8a32
Faulting application path: C:\Users\Matthew Balent\OneDrive\Desktop\IT Certification\CCNA 200-125\GNS3\gns3.exe
Faulting module path: C:\Users\Matthew Balent\OneDrive\Desktop\IT Certification\CCNA 200-125\GNS3\PyQt5\Qt\bin\Qt5Core.dll
Report Id: 150539e2-2949-4145-99ad-fbe37428f157
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (05/29/2021 02:34:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/29/2021 02:34:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:58:38 AM on ‎5/‎29/‎2021 was unexpected.

Error: (05/29/2021 02:33:59 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (05/27/2021 09:16:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/27/2021 03:13:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (05/27/2021 03:13:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:28:45 PM on ‎5/‎25/‎2021 was unexpected.

Error: (05/27/2021 03:13:14 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (05/25/2021 03:17:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
================
Date: 2021-05-30 20:27:33
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-29 00:42:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-28 15:07:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-28 14:59:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-28 14:54:34
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-05-05 20:53:00
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.337.684.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18100.5
Error code: 0x80070643
Error description: Fatal error during installation.

Date: 2021-05-05 20:52:59
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.26.0
Previous security intelligence Version: 1.337.684.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-05 20:52:59
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.26.0
Previous security intelligence Version: 1.337.684.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-05-05 20:52:59
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.

Date: 2021-04-27 15:51:34
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.335.1735.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18000.5
Error code: 0x80070643
Error description: Fatal error during installation.

CodeIntegrity:
===============
Date: 2021-05-31 14:48:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\PFU\ScanSnap\SSFolder\x64\SSFolder.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-05-15 15:34:34
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Matthew Balent\Desktop\Installers\WiFi_22.40.0_Driver64_Win10.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 2401 02/24/2015
Motherboard: ASUSTeK COMPUTER INC. MAXIMUS VII HERO
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 32%
Total physical RAM: 16320.43 MB
Available physical RAM: 10974.38 MB
Total Virtual: 18752.43 MB
Available Virtual: 11521.94 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:953.27 GB) (Free:474.03 GB) NTFS

\\?\Volume{35cd48af-c0a8-401c-a678-d29ede56c948}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.07 GB) NTFS
\\?\Volume{f29023fe-ae14-46ad-92da-f625fc37789c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Broni · Jun 1, 2021

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

SillyStickS · Jun 1, 2021

RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64 bits
Started in : Normal mode
User : Matthew Balent [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210531_131610, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2021/06/01 10:12:05 (Duration : 00:08:46)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/1/21
Scan Time: 10:22 AM
Log File: fccc3b84-c2fd-11eb-a7c5-0862664cfe75.json

-Software Information-
Version: 4.4.0.117
Components Version: 1.0.1308
Update Package Version: 1.0.41223
License: Trial

-System Information-
OS: Windows 10 (Build 19043.985)
CPU: x64
File System: NTFS
User: Matthew-4790K-Beast\Matthew Balent

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 289065
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-01-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 6
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2749 octets] - [31/05/2021 17:13:25]
AdwCleaner[S01].txt - [2810 octets] - [01/06/2021 10:31:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Broni · Jun 1, 2021

I don't see anything malicious there.
I suggest new topic in Windows forum.

SillyStickS · Jun 1, 2021

Thanks for your help! Feeling way less paranoid now! Take care

Broni · Jun 2, 2021

Solved Malware

SillyStickS

SillyStickS

SillyStickS

Broni

Posts: 56,041 +516

SillyStickS

Broni

Posts: 56,041 +516

SillyStickS

Broni

Posts: 56,041 +516

Similar threads

Latest posts