Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #

[rickyralph]

Hey guys ***** here with a issue. Since this morning I keep getting a variation of "Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #" message popping up every 15 minutes or so, I click on the message and it says no action needed but message keeps popping up. I've ran the norton scans with clean results, malwarebytes with one file quarantined, adwcleaner with 7 files quarantined, and the message still pops up. I also downloaded FRST64.exe and have run the scans and generated some txt files. Any help on this would be much appreciated, Thanks in advance!

 

[rickyralph]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2023
Ran by Rich (administrator) on RICH (Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA) (26-01-2023 22:37:26)
Running from C:\Users\Rich\Documents\Tools
Loaded Profiles: Rich & lkClassAds
Platform: Microsoft Windows 10 Education Version 22H2 19045.2486 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
(C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe ->) (Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe <2>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.0.0.6529\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (CloudBees, Inc.) [File not signed] C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService-exec.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (National Instruments Corporation -> National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.11.12\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.11.12\nsWscSvc.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA) C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.11281.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.11281.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe [3450728 2022-02-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-12-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12918648 2023-01-09] (SteelSeries ApS -> SteelSeries ApS)
HKLM\...\Run: [CORSAIR iCUE 4 Software] => C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE Launcher.exe [185424 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [114273560 2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-05-10] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\ProgramData\Autodesk\Genuine Service\x64\GenuineService.exe [3390024 2021-11-03] (Autodesk, Inc. -> Autodesk)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\Smart Backup\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>) [File not signed]
HKLM-x32\...\RunOnce: [DualBiosRescue] => C:\Program Files (x86)\GIGABYTE\GigabyteFirmwareUpdateUtility\dbrro.exe [12096 2015-08-19] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM-x32\...\RunOnce: [SelLed] => C:\Program Files (x86)\GIGABYTE\RGBFusion\RunLed.exe [50096 2019-04-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Rich\AppData\Local\Microsoft\Teams\Update.exe [2508480 2022-05-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090168 2022-12-09] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [Steam] => G:\Program Files\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [462472 2022-12-16] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\110.0.1587.22\Installer\setup.exe [2023-01-24] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetupRST_ModeSwitch.lnk [2020-12-19]
ShortcutTarget: SetupRST_ModeSwitch.lnk -> C:\Windows\SysWOW64\pack\SetupRST.exe (Intel(R) Rapid Storage Technology -> Intel Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0025CCF9-A30D-456E-B677-F69C4AF64069} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6dccb2f1a3ccd => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {02E02FA7-452B-4D39-9B8F-DE9330DC4096} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -startupTask (No File)
Task: {057AED33-8491-496C-8836-30281A3E602C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26326520 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {06FF9FEB-CADE-42FB-A7AF-F8F6B022F395} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144288 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {091D9E2E-407A-4B8F-8B85-D3C0D2472B8E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144288 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {094D01B2-B26E-42F6-84BB-6062B14726FE} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59376 2023-01-24] (HP Inc. -> HP Inc.)
Task: {0DE1A46D-C4A7-4140-A181-FB5691868A68} - System32\Tasks\GCC => C:\Program Files\GIGABYTE\Control Center\GCC.exe [21912680 2022-11-03] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
Task: {0F36191E-E5C6-4F35-AF7D-885109899311} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {1AADB7C5-E9B6-42BB-BFD8-8BE03AF8A444} - System32\Tasks\systemreset => C:\Program [Argument = Files\WindowsMalwareProtection\config\systemresets.exe]
Task: {230C847E-A930-43F6-A805-EB9719965CB0} - System32\Tasks\MATLAB R2022a Startup Accelerator => C:\Program Files\MATLAB\R2022a\bin\win64\MATLABStartupAccelerator.exe [50688 2022-01-02] () [File not signed]
Task: {24299E36-2330-4B3A-BE6C-C4EFF180F364} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-31] (Google LLC -> Google LLC)
Task: {25891772-A2AC-4AEF-A77E-8DD1556548A9} - System32\Tasks\SIV => C:\Program Files (x86)\GIGABYTE\SIV\thermald.exe [389504 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {25EBFCD3-0CCF-4D07-99F8-4F9C44D857FC} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [160696 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A597280-EE92-4DD5-B967-28ED70EDD30C} - System32\Tasks\NIUpdateServiceRetryCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {2B623FD4-69B5-4541-8CB6-115EF5F11483} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {326B9D9E-C8E4-4C99-AB37-38970A6C722A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26326520 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {3304BE02-5178-4DEF-A751-51A81943382F} - System32\Tasks\MicrosoftMalwareProtection => C:\Program Files\WindowsMalwareProtection\config\MicrosoftMalwareProtection.exe [1511913120 2022-11-05] () [File not signed] <==== ATTENTION
Task: {370251DF-8183-48E2-A579-76DA3044C321} - System32\Tasks\cFos\Registration Tasks\Open Browser => "c:\program files\mozilla firefox\firefox.exe" -osint -url "hxxps://www.cfos.de/en/cfosspeed/documentation/status.htm?reg-12.00.2512-gigabyte"
Task: {3EC88C90-A677-48FD-A528-4D980DD1B024} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3F2D5EE2-7CE9-4EFD-BE72-41C970FD7D18} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65432 2021-08-07] (Microsoft Corporation -> Microsoft)
Task: {47ACF60A-1773-48CB-8A69-BC26D44B3089} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {4AF8B800-FFE7-4F89-8224-28F68E146D26} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {4E2385F3-3A3D-4110-BAE6-18A53D10A62A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {528C744C-0C9F-4580-942C-20ED201CED9B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-17] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {52DD7A8B-3F0A-4BE2-9551-3317A68FCE7B} - System32\Tasks\Microsoft\Office\IMESharePointDictionary => c:\Program Files\Common Files\Microsoft Shared\IME16\IMESharePointDictionary.exe [247216 2002-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {663E758D-0F54-4698-8A9E-47B365F77519} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {721829C2-E287-40BB-AF96-2A5229F772A5} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.11.12\SymErr.exe [379024 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {77C5C306-CD4E-44DA-9B7B-62C156FF81B6} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59376 2023-01-24] (HP Inc. -> HP Inc.)
Task: {7BD2575B-9FE1-4367-9533-3C9889C90944} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.11.12\WSCStub.exe [646520 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {7EB59597-EE10-401E-A862-94D0CFA3768B} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {87679E25-4AA4-43CA-A071-E3C3A374A703} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1899656 2020-11-25] (ASUSTeK Computer Inc. -> ASUS)
Task: {8C9D294A-AF66-4F54-924D-57655B3518F3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-128556331-799817740-448323406-500 => C:\Users\Rich\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {8FE989BB-4C25-4895-850B-B23BD09FEB0B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {911D604B-CE91-4AB3-8787-E8AB3167492E} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {93E5A17F-20A4-44BC-91B5-0E1F548E1490} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> )
Task: {96FC48A9-95C3-4C16-AE56-DCCC7BF9EC22} - System32\Tasks\SIV-VGA => C:\Program Files (x86)\GIGABYTE\SIV\sensord.exe [257408 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {A003527D-C6E9-4714-9013-25F4841F94D8} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3824768 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A07116CE-0AD4-4D42-911F-56EBAC2B0A67} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A295C821-8083-4EF7-A59D-AB59606AA2B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-31] (Google LLC -> Google LLC)
Task: {A6B41F49-7EA2-4569-8E22-F0446208E69D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {B2CC3356-379D-4147-BAB8-D8CE7711EE84} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {D02C39EF-B322-441C-B572-3CD25C376381} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D05EC4F9-617D-4A3B-AABD-307865FE0F55} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe -appexecutable nup.exe -tuds (No File)
Task: {D8FDD839-8E4E-464E-AFC4-63B0C61406EF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E7441ED1-8F6E-4872-949C-3D2566084088} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.11.12\SymErr.exe [379024 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {E8247A4D-FDB5-47A7-8FCE-DA02FE5B8EA1} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\ActiveBridge.exe -appexecutable NUP.exe -ammode (No File)
Task: {EFFE5EBD-C9DD-422D-A1ED-0B9F2036E58D} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.11.12\SymErr.exe [379024 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Intel PTT EK Recertification.job => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
Task: C:\Windows\Tasks\MATLAB R2022a Startup Accelerator.job => C:\Program Files\MATLAB\R2022a\bin\win64\MATLABStartupAccelerator.exe C:\Program Files\MATLAB\R2022aRICH\Rich.Sta

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [35448 2017-03-07] (National Instruments Corporation -> National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [38520 2017-03-07] (National Instruments Corporation -> National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{a33603c5-1cc8-4ffa-9ed6-317f100add76}: [DhcpNameServer] 192.168.50.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rich\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-12]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe

FireFox:
========
FF DefaultProfile: rmj97yd0.default
FF ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\rmj97yd0.default [2021-07-12]
FF Homepage: Mozilla\Firefox\Profiles\rmj97yd0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=FF200401&iDate=2021-07-12 07:08:11&bName=
FF NewTab: Mozilla\Firefox\Profiles\rmj97yd0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=FF200401&iDate=2021-07-12 07:08:11&bName=
FF ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release [2023-01-26]
FF NewTab: Mozilla\Firefox\Profiles\pv6rb7rq.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=FF200401&iDate=2021-07-12 07:08:11&bName=
FF Extension: (Disable WebRTC) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2021-05-25]
FF Extension: (Norton Safe Web) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2023-01-16]
FF Extension: (uBlock Origin) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-12-24]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-01-26]
FF Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2023-01-26]
FF Extension: (Japanese Tattoo) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{4d7820bd-9fec-45f5-82db-92fd03cf7fc2}.xpi [2021-05-25]
FF Extension: (Japanese Sea Scape) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{f39384aa-40fb-4765-a10d-b879ec11ddde}.xpi [2021-05-25]
FF SearchPlugin: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\searchplugins\Search Now.xml [2021-07-12]
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-12-23] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default [2022-11-23]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-24]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-05-10] (Autodesk, Inc. -> Autodesk Inc.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [14124208 2021-11-16] (Autodesk, Inc. -> Autodesk)
R2 AORUS LCD Panel Service; C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService-exec.exe [360960 2022-09-18] (CloudBees, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe [456008 2021-07-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2021-09-15] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [590872 2020-12-27] (ASUSTeK Computer Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12548520 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
S2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [610352 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe [233040 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe [84048 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 CorsairUniwillService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueUniwillService.exe [107088 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-07-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229360 2023-01-24] (HP Inc. -> HP Inc.)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [130432 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 iCUEDevicePluginHost; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe [452176 2022-06-14] (Corsair Memory, Inc. -> Corsair)
S3 JTAGServer; C:\intelFPGA_lite\20.1\quartus\bin64\jtagserver.exe [452608 2020-11-11] () [File not signed]
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [69096 2019-03-12] (National Instruments Corporation -> National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [80880 2019-03-12] (National Instruments Corporation -> National Instruments Corporation)
S3 LxssManagerUser; C:\Windows\system32\lxss\wslclient.dll [393216 2022-12-19] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8891160 2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\110.0.1587.22\elevation_service.exe [2366880 2023-01-24] (Microsoft Corporation -> Microsoft Corporation)
S2 MyService1; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [18944 2021-04-08] () [File not signed]
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [432088 2019-03-12] (National Instruments Corporation -> National Instruments Corporation)
S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [343080 2017-03-07] (National Instruments Corporation -> National Instruments Corporation)
S2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [189512 2019-03-14] (National Instruments Corporation -> National Instruments Corporation)
S2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [110040 2019-03-20] (National Instruments Corporation -> National Instruments Corporation)
S2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.11.12\NortonSecurity.exe [344888 2022-11-27] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.11.12\nsWscSvc.exe [1059176 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
S2 Parsec; C:\Program Files\Parsec\pservice.exe [424584 2022-12-16] (Parsec Cloud, Inc. -> Parsec)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35200 2023-01-09] (SteelSeries ApS -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 Rockstar Service; "G:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43160 2021-09-15] (ASUSTeK Computer Inc. -> )
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20230126.001\BHDrvx64.sys [1705040 2022-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\16160B0.00C\ccSetx64.sys [198280 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [63024 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccessC2D033F14715AA7325305EA42FBFC65BF867CC1D; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairLLAccess64.sys [21752 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [46600 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22536 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz153; C:\Windows\temp\cpuz153\cpuz153_x64.sys [36864 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2022-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 gdrv2; C:\Windows\gdrv2.sys [32600 2022-09-15] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [45248 2022-11-23] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20230126.061\IDSvia64.sys [1526776 2022-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-01-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
S1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2022-12-03] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R0 mtinvme; C:\Windows\System32\drivers\mtinvme.sys [184744 2021-03-12] (Micron Technology, Inc. -> Micron Technology, Inc.)
R2 NDivert; C:\Program Files\NordVPN\7.3.9.0\Drivers\NDivert.sys [131472 2022-06-28] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\16160B0.00C\nsvst.sys [57120 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
R3 parsecvusba; C:\Windows\System32\drivers\parsecvusba.sys [256560 2022-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Parsec)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SRTSP64.SYS [956048 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SRTSPX64.SYS [52872 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_178ca29ac943515a\SteelSeries-Sonar-VAD.sys [93368 2022-12-04] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SYMEFASI64.SYS [2180248 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SymELAM.sys [36016 2022-11-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100320 2022-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [722400 2022-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\16160B0.00C\Ironx64.SYS [306824 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\16160B0.00C\symnets.sys [490656 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2022-12-23] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\16160B0.00C\wpCtrlDrv.sys [1016792 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

 

[rickyralph]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-26 22:37 - 2023-01-26 22:37 - 000000000 ____D C:\Users\Rich\Documents\Tools
2023-01-26 22:35 - 2023-01-26 22:38 - 000000000 ____D C:\FRST
2023-01-26 21:44 - 2023-01-26 21:45 - 000000000 ____D C:\AdwCleaner
2023-01-26 21:29 - 2023-01-26 21:29 - 008791352 _____ (Malwarebytes) C:\Users\Rich\Downloads\adwcleaner.exe
2023-01-26 21:28 - 2023-01-26 21:28 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-01-26 21:27 - 2023-01-26 21:27 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-01-26 21:27 - 2023-01-26 21:27 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-01-26 21:27 - 2023-01-26 21:27 - 000000000 ____D C:\Users\Rich\AppData\Local\mbam
2023-01-26 21:26 - 2023-01-26 21:26 - 002552184 _____ (Malwarebytes) C:\Users\Rich\Downloads\MBSetup.exe
2023-01-26 21:26 - 2023-01-26 21:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-01-26 21:26 - 2023-01-26 21:26 - 000000000 ____D C:\Program Files\Malwarebytes
2023-01-26 17:58 - 2023-01-26 17:58 - 000000000 ____D C:\Users\Rich\AppData\Local\NPE
2023-01-26 11:24 - 2023-01-26 11:24 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2023-01-25 14:21 - 2023-01-25 14:24 - 000000000 ____D C:\Users\Rich\AppData\Roaming\zEdit
2023-01-25 12:36 - 2023-01-25 12:37 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Parsec
2023-01-25 12:36 - 2023-01-25 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec
2023-01-25 12:36 - 2023-01-25 12:36 - 000000000 ____D C:\Program Files\Parsec
2023-01-23 20:37 - 2023-01-23 20:59 - 000000047 _____ C:\Users\Rich\Documents\Ryoma Reading.txt
2023-01-22 22:49 - 2023-01-22 22:49 - 000000758 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2023-01-22 21:43 - 2023-01-22 21:43 - 000001551 _____ C:\Users\Rich\AppData\Local\recently-used.xbel
2023-01-21 20:07 - 2023-01-21 20:08 - 534574943 _____ C:\Users\Rich\Downloads\The Phoenix Flavour - Release 5.0 RC4.7z
2023-01-21 10:06 - 2023-01-21 20:10 - 000000932 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wabbajack.lnk
2023-01-19 20:14 - 2023-01-25 12:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-14 13:39 - 2023-01-14 13:39 - 071340289 _____ C:\Users\Rich\Downloads\SleepIntimateR_v2.7z
2023-01-14 13:39 - 2023-01-14 13:39 - 000206943 _____ C:\Users\Rich\Downloads\SleepIntimate_OptionalAAF.7z
2023-01-14 13:39 - 2023-01-14 13:39 - 000014498 _____ C:\Users\Rich\Downloads\SleepIntimate_DatingMagnoliaPatch.7z
2023-01-14 13:39 - 2023-01-14 13:39 - 000001087 _____ C:\Users\Rich\Downloads\Vioxsis_StrapOns_an3k_SIXPatch.7z
2023-01-14 11:48 - 2023-01-14 12:31 - 000001367 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fire Toolbox V30.3.lnk
2023-01-14 11:09 - 2023-01-14 11:09 - 000000000 ____D C:\Users\Rich\AppData\Roaming\NVIDIA
2023-01-14 11:08 - 2023-01-14 11:08 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2023-01-14 11:05 - 2022-12-28 17:24 - 002237024 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 002237024 _____ C:\Windows\system32\vulkaninfo.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 001642600 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 001642600 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 001168968 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-01-14 11:05 - 2022-12-28 17:24 - 001168968 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001487352 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001444448 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001444448 _____ C:\Windows\system32\vulkan-1.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001227272 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-01-14 11:05 - 2022-12-28 17:20 - 000865272 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-01-14 11:05 - 2022-12-28 17:20 - 000672256 _____ C:\Windows\system32\nvofapi64.dll
2023-01-14 11:05 - 2022-12-28 17:20 - 000506904 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 002163688 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 001619968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 001532928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 001192976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 000949736 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 000746992 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-01-14 11:05 - 2022-12-28 17:19 - 000734192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 012453368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 010220544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 005890544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 005866496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 003334656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 000457720 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-01-14 11:05 - 2022-12-28 17:17 - 005818392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-01-14 11:05 - 2022-12-28 17:16 - 000853016 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-01-14 11:05 - 2022-12-28 17:15 - 007648008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-01-14 11:05 - 2022-12-28 17:15 - 006516480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-01-14 11:05 - 2022-12-22 01:29 - 000100815 _____ C:\Windows\system32\nvinfo.pb
2023-01-14 11:01 - 2022-07-13 15:32 - 000060112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2023-01-14 00:22 - 2023-01-14 12:40 - 000007601 _____ C:\Users\Rich\AppData\Local\Resmon.ResmonCfg
2023-01-13 21:09 - 2023-01-13 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mod Organizer
2023-01-13 20:44 - 2023-01-13 20:44 - 000000000 ____D C:\Users\Rich\Downloads\MicronNVMeDrivers
2023-01-13 20:44 - 2023-01-13 20:44 - 000000000 ____D C:\Program Files\Micron Technology
2023-01-13 20:43 - 2023-01-13 20:43 - 002351963 _____ C:\Users\Rich\Downloads\MicronNVMeDrivers.zip
2023-01-12 21:45 - 2023-01-12 21:45 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2023-01-12 21:43 - 2023-01-12 21:43 - 035452748 _____ (Wrye Bash development team) C:\Users\Rich\Downloads\Wrye Bash 310 - Installer-20032-310-1658670586.exe
2023-01-12 20:04 - 2023-01-12 20:07 - 000000000 ____D C:\Users\Rich\AppData\Roaming\steelseries-gg-client
2023-01-12 19:48 - 2023-01-12 19:48 - 000000000 ____D C:\Users\Rich\AppData\Local\ElevatedDiagnostics
2023-01-12 16:27 - 2023-01-21 20:10 - 000000000 ____D C:\Users\Rich\AppData\Local\Wabbajack
2023-01-10 12:37 - 2023-01-10 12:37 - 000000000 ___HD C:\$WinREAgent
2023-01-08 20:26 - 2023-01-08 20:26 - 000000000 ____D C:\Users\Rich\AppData\Local\Wrye Bash
2023-01-05 18:47 - 2023-01-05 18:47 - 000000000 ____D C:\Users\Rich\AppData\Roaming\RenPy
2023-01-05 18:46 - 2023-01-06 16:46 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftMalwareProtection
2023-01-05 18:46 - 2023-01-05 18:46 - 000003280 _____ C:\Windows\system32\Tasks\systemreset
2023-01-05 18:45 - 2023-01-05 18:45 - 000000000 __SHD C:\Program Files\WindowsMalwareProtection
2023-01-04 17:32 - 2023-01-04 17:32 - 000524774 _____ C:\Users\Rich\Downloads\Mercari.pdf
2022-12-31 23:07 - 2022-12-31 23:07 - 000000894 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ryujinx (2).lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-26 22:19 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-26 22:18 - 2021-03-31 12:33 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-26 22:16 - 2020-12-19 11:40 - 000000000 ____D C:\Users\Rich\AppData\LocalLow\Mozilla
2023-01-26 22:00 - 2022-02-23 21:57 - 000000000 ____D C:\Users\Rich\Documents\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\Users\Rich\AppData\Local\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\ProgramData\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\Program Files\Altium
2023-01-26 21:59 - 2022-02-09 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altium
2023-01-26 21:45 - 2020-12-19 11:32 - 000000000 ____D C:\ProgramData\NVIDIA
2023-01-26 21:35 - 2021-10-29 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2023-01-26 21:28 - 2020-12-20 11:25 - 000488348 _____ C:\Windows\system32\perfh011.dat
2023-01-26 21:28 - 2020-12-20 11:25 - 000133574 _____ C:\Windows\system32\perfc011.dat
2023-01-26 21:28 - 2020-11-18 23:54 - 001455728 _____ C:\Windows\system32\PerfStringBackup.INI
2023-01-26 21:28 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2023-01-26 21:27 - 2019-12-07 01:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-01-26 21:26 - 2022-12-13 20:45 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2023-01-26 21:25 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2023-01-26 21:22 - 2022-12-03 10:43 - 000003424 _____ C:\Windows\system32\Tasks\GCC
2023-01-26 21:21 - 2020-12-19 14:06 - 000008192 ___SH C:\DumpStack.log.tmp
2023-01-26 21:21 - 2020-11-18 23:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-01-26 21:21 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ServiceState
2023-01-26 21:21 - 2019-12-07 01:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-01-26 21:20 - 2021-10-29 12:04 - 000000000 ____D C:\Program Files (x86)\National Instruments
2023-01-26 21:19 - 2021-10-29 12:02 - 000000000 ____D C:\ProgramData\National Instruments
2023-01-26 21:11 - 2022-01-04 08:48 - 000000000 ____D C:\Keil
2023-01-26 21:10 - 2022-03-02 22:52 - 000000000 ____D C:\Program Files (x86)\ExpressPCBPlus
2023-01-26 21:10 - 2021-01-06 15:53 - 000000000 ____D C:\Program Files (x86)\Digilent
2023-01-26 21:07 - 2021-05-13 09:10 - 000000000 ____D C:\ProgramData\USVFS
2023-01-26 21:06 - 2020-11-18 23:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-01-26 20:40 - 2021-05-13 09:10 - 000000000 ____D C:\Users\Rich\AppData\Local\ModOrganizer
2023-01-26 19:49 - 2021-05-25 12:13 - 000000000 ____D C:\Users\Rich\AppData\Roaming\discord
2023-01-26 19:47 - 2021-05-25 12:13 - 000000000 ____D C:\Users\Rich\AppData\Local\Discord
2023-01-26 17:58 - 2020-12-19 11:36 - 000000000 ____D C:\ProgramData\Norton
2023-01-26 17:18 - 2021-03-31 12:34 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-26 17:12 - 2020-11-18 23:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-01-26 17:12 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-01-26 16:59 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\registration
2023-01-25 16:16 - 2020-12-28 12:06 - 000000000 ____D C:\Users\Rich\AppData\Local\CrashDumps
2023-01-25 12:28 - 2021-05-25 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-01-25 12:28 - 2019-12-07 01:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-01-25 08:39 - 2020-12-19 17:50 - 000000000 ____D C:\Users\Rich\AppData\Local\D3DSCache
2023-01-24 21:35 - 2020-12-22 21:18 - 000000000 ____D C:\Users\Rich\AppData\Local\LOOT
2023-01-24 20:07 - 2021-05-25 11:34 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-01-24 20:05 - 2020-12-19 17:13 - 000000000 ____D C:\Windows\system32\Tasks\HP
2023-01-24 16:29 - 2020-12-27 19:41 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2023-01-23 21:04 - 2021-09-06 22:22 - 000000000 ____D C:\Users\Rich\AppData\Local\Mutagen
2023-01-23 21:02 - 2021-09-06 22:19 - 000000000 ____D C:\Users\Rich\AppData\Local\NuGet
2023-01-23 21:02 - 2021-09-05 19:07 - 000000000 ___HD C:\Users\Rich\.dotnet
2023-01-23 18:07 - 2021-02-19 18:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-22 20:27 - 2021-01-08 13:47 - 000000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-01-21 20:14 - 2021-06-16 18:03 - 000000000 ____D C:\Users\Rich\AppData\LocalLow\Norton
2023-01-20 21:25 - 2022-12-16 20:08 - 000003438 _____ C:\Windows\system32\Tasks\NIUpdateServiceRetryCheckTask
2023-01-20 21:25 - 2022-01-11 15:23 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-01-20 21:25 - 2021-05-25 07:31 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-01-15 23:07 - 2020-12-28 10:34 - 000000000 ____D C:\Users\Rich\AppData\Local\babl-0.1
2023-01-15 12:01 - 2020-12-28 10:49 - 000000000 ____D C:\Users\Rich\AppData\Local\gtk-2.0
2023-01-14 12:53 - 2022-06-25 21:55 - 000000000 ____D C:\Users\Rich\AppData\Local\yuzu
2023-01-14 12:31 - 2022-01-15 17:07 - 000001377 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbox Updater.lnk
2023-01-14 11:48 - 2020-12-23 20:04 - 000000000 ____D C:\Users\Rich\AppData\Local\Datastream
2023-01-14 11:47 - 2020-12-19 11:34 - 000000000 ____D C:\Users\Rich\AppData\Local\NVIDIA Corporation
2023-01-14 11:40 - 2020-12-19 11:34 - 000000000 ____D C:\Users\Rich\AppData\Local\NVIDIA
2023-01-14 11:08 - 2020-12-18 22:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-01-14 11:05 - 2020-12-18 22:23 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-01-14 11:01 - 2020-12-19 11:32 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-01-13 20:57 - 2021-02-10 23:25 - 000000000 ____D C:\Users\Rich\AppData\Roaming\vlc
2023-01-13 20:57 - 2020-12-19 14:10 - 000000000 ____D C:\Users\Rich\AppData\Local\Packages
2023-01-13 20:33 - 2021-01-05 10:36 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-01-13 20:32 - 2022-10-12 20:41 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-12 21:41 - 2020-12-19 16:20 - 000000000 ____D C:\Users\Rich\Documents\My Games
2023-01-12 20:04 - 2020-12-19 17:22 - 000000000 ____D C:\ProgramData\SteelSeries
2023-01-12 20:04 - 2020-12-19 11:32 - 000000000 ____D C:\ProgramData\Package Cache
2023-01-12 19:54 - 2020-11-18 23:43 - 000645464 _____ C:\Windows\system32\FNTCACHE.DAT
2023-01-12 19:53 - 2021-01-08 13:35 - 000000000 ___SD C:\Windows\system32\lxss
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\oobe
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2023-01-12 16:24 - 2020-12-19 13:44 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-10 12:42 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2023-01-10 12:41 - 2020-11-18 23:45 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-01-10 12:37 - 2020-12-18 22:20 - 000000000 ____D C:\Windows\system32\MRT
2023-01-10 12:34 - 2020-12-18 22:20 - 150199536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-01-05 18:45 - 2021-03-31 12:34 - 000000000 ____D C:\Program Files\Google
2023-01-04 22:36 - 2020-12-19 17:49 - 000000000 ____D C:\Users\Rich\AppData\Local\Bethesda.net Launcher
2023-01-04 22:36 - 2020-12-19 17:49 - 000000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2023-01-04 21:24 - 2022-10-14 17:15 - 000000000 ____D C:\Users\Rich\AppData\Local\Battle.net
2023-01-04 16:06 - 2020-11-18 23:46 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-04 16:06 - 2020-11-18 23:46 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-12-31 22:56 - 2022-06-25 21:12 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Ryujinx
2022-12-28 08:18 - 2022-01-17 10:20 - 000000000 ____D C:\Users\Rich\AppData\Local\Autodesk

==================== Files in the root of some directories ========

2020-12-21 11:09 - 2022-09-18 09:36 - 001065984 _____ () C:\Users\Rich\AppData\Local\file__0.localstorage
2023-01-22 21:43 - 2023-01-22 21:43 - 000001551 _____ () C:\Users\Rich\AppData\Local\recently-used.xbel
2023-01-14 00:22 - 2023-01-14 12:40 - 000007601 _____ () C:\Users\Rich\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[rickyralph]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2023
Ran by Rich (26-01-2023 22:38:38)
Running from C:\Users\Rich\Documents\Tools
Microsoft Windows 10 Education Version 22H2 19045.2486 (X64) (2020-12-19 22:07:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-128556331-799817740-448323406-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-128556331-799817740-448323406-503 - Limited - Disabled)
Guest (S-1-5-21-128556331-799817740-448323406-501 - Limited - Disabled)
Rich (S-1-5-21-128556331-799817740-448323406-1001 - Administrator - Enabled) => C:\Users\Rich
WDAGUtilityAccount (S-1-5-21-128556331-799817740-448323406-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Micron NVMe PCIe Device Driver (64 bit) 2.1.18.0 (HKLM\...\{E504FFF6-1CC1-47BF-BE13-FA7481A90139}) (Version: 2.1.18.0 - Micron Technology, Inc.)
@Bios (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.21.0414.1 - GIGABYTE) Hidden
@Bios (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.21.0414.1 - GIGABYTE)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20310 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
AORUS LCD Panel Setting (HKLM-x32\...\{82026686-454E-4233-83E3-4045BC3FB31C}_is1) (Version: 1.1.0.1 - GIGABYTE Technology Co.,Inc.)
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.1031.1 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.1031.1 - Gigabyte)
Assassin's Creed Odyssey (HKLM-x32\...\Uplay Install 5059) (Version: - Ubisoft)
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{4e2ab86c-b539-4b1d-bacd-a434371143fb}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.93 - ASUSTeK Computer Inc.) Hidden
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.54 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{db73e7a9-d4ff-4857-a29c-4f6414eb8aca}) (Version: 1.0.54 - ASUS) Hidden
AutoCAD Electrical 2022 (HKLM\...\{28B89EEF-5107-0000-0102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Electrical 2022 Content Language Pack - English (HKLM\...\{28B89EEF-5107-0409-6102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Electrical 2022 Content Pack (HKLM\...\{28B89EEF-5107-0000-5102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Electrical 2022 Language Pack - English (HKLM\...\{28B89EEF-5107-0409-1102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Open in Desktop (HKLM\...\{1C66A0B0-784E-4777-97B3-93F843D1C8CF}) (Version: 1.0.20.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{9C2E49CB-F671-47EC-8093-CC1A8749A92A}) (Version: 3.2.1 - Autodesk)
Autodesk AutoCAD 2022 - English (HKLM\...\{1E7D4EF7-A28E-3D3E-BA3C-C6FAE4AAB2E0}) (Version: 24.1.154.0 - Autodesk, Inc.)
Autodesk AutoCAD 2022.1.1 Update (HKLM\...\{F4B1542F-3F3E-3BAB-8938-9036045A627F}) (Version: 24.1.154.0 - Autodesk, Inc.)
Autodesk AutoCAD Electrical 2022 - English (HKLM\...\{EE9C996C-F54A-349E-A913-64C473E5F053}) (Version: 19.0.57.0 - Autodesk, Inc.)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.2.0.34 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{46EA8955-D629-4B3E-AAF0-D136031D7C95}) (Version: 3.2.1 - Autodesk)
Autodesk Fusion 360 (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.15050 - Autodesk, Inc.)
Autodesk Genuine Service (HKLM\...\{98537105-FCCB-4577-A839-2816FDE75B5D}) (Version: 4.5.0.119 - Autodesk)
Autodesk Material Library 2022 (HKLM-x32\...\{A9221A68-5AD0-4215-B54F-CB5DBA4FB27C}) (Version: 20.3.7.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2022 (HKLM-x32\...\{6256584F-B04B-41D4-8A59-44E70940C473}) (Version: 20.3.7.0 - Autodesk)
Autodesk Save to Web and Mobile (HKLM\...\{192B349F-C3F7-4BBE-B49E-00DD4BD28373}) (Version: 3.0.29 - Autodesk) Hidden
Autodesk Single Sign On Component (HKLM\...\{B9F5BDED-021C-4926-8518-4FA7114B7040}) (Version: 12.3.3.1803 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.68.0 - Bethesda Softworks)
CORSAIR iCUE 4 Software (HKLM\...\{ED82C5D7-D600-4B4D-B2FB-62FEDC3570F8}) (Version: 4.25.155 - Corsair)
CPUID CPU-Z Aorus 1.94 (HKLM\...\CPUID CPU-Z Aorus_is1) (Version: 1.94 - CPUID, Inc.)
CPUID HWMonitor 1.48 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.48 - CPUID, Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Documentation Manager (HKLM\...\{5D4B95B9-6199-4643-B41B-DEBD7048A263}) (Version: 22.160.0.3 - Intel Corporation) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{F8197FEC-9FA0-4488-AC9D-38E67D58FDAC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EAGLE 9.6.2 (HKLM\...\{AUTODESK-EAGLE-9-6-2}_is1) (Version: 9.6.2 - Autodesk, Inc.)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{40514BA6-1FC2-4BBD-84A2-504634A97196}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{ca38f41e-a37c-41b2-82e3-28b215743448}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{6b617af3-c8f4-45a8-bf47-b32ffb4da1cc}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{bb9d349f-b87b-4026-b336-1604708bd09c}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Excel (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
EZRAID (HKLM-x32\...\{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.19.0401.1 - GIGABYTE) Hidden
EZRAID (HKLM-x32\...\InstallShield_{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.19.0401.1 - GIGABYTE)
Fast Boot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.0414.1 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.0414.1 - GIGABYTE)
Fire Toolbox V26.1 version (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{3B6D3905-C426-42EF-9CCD-C465684E0550}_is1) (Version: - Datastream33)
FormatFactory 5.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 5.7.5.0 - Free Time)
Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0006 - Gigabyte) Hidden
Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0006 - Gigabyte)
GBT_MB_Update 22.09.20.01 (HKLM\...\GBT_MB_Update) (Version: 22.09.20.01 - GIGABYTE)
GBT_RGB_Sync_Control 22.09.26.01 (HKLM\...\GBT_RGB_Sync_Control) (Version: 22.09.26.01 - GIGABYTE)
GBT_rgbMotherboard_UC 22.09.16.01 (HKLM\...\GBT_rgbMotherboard_UC) (Version: 22.09.16.01 - GIGABYTE)
GBT_VGA 22.11.25.03 (HKLM\...\GBT_VGA) (Version: 22.11.25.03 - GIGABYTE)
GIGABYTE Control Center 22.11.03.01 (HKLM\...\GIGABYTE Control Center) (Version: 22.11.03.01 - GIGABYTE)
GIGABYTE Storage Library (HKLM\...\MBStorage) (Version: 22.12.02.01 - GIGABYTE)
GigabyteFirmwareUpdateUtility (HKLM-x32\...\{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.20.0406.1 - GIGABYTE) Hidden
GigabyteFirmwareUpdateUtility (HKLM-x32\...\InstallShield_{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.20.0406.1 - GIGABYTE)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HP Prime Virtual Calculator (64 bit) (HKLM\...\{5A9C4439-1E25-427C-B9A5-F3BAB7F97135}) (Version: 2.1.14592.228 - HP) Hidden
HP Prime Virtual Calculator (HKLM-x32\...\{b636c218-1c16-40e6-a1f3-8f012a49e87c}) (Version: 2.1.14592.228 - HP)
Intel(R) Chipset Device Software (HKLM\...\{44C34709-F068-4CBC-8A71-515EDBC3B2A6}) (Version: 10.1.18383.8213 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{afad3740-3061-4b48-a9ab-6f1435cb3dd6}) (Version: 10.1.18383.8213 - Intel(R) Corporation)
Intel(R) Icls (HKLM\...\{456B5CCF-722F-4AC9-9490-3C9FCADEEEF2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM\...\{AD1C4C82-ED20-4DD6-A5BA-DA8748D1AF98}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{09DAB6B6-FBEF-4AC5-AE93-BFF01A0B796D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B557A9A1-D64B-43D7-B598-F7BAAE897CF3}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3479FCE3-F7D2-4980-819A-767941440932}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Network Connections 26.2.0.1 (HKLM\...\{AC44C09E-6D45-4F0F-8749-C3DF69A55FDE}) (Version: 26.2.0.1 - Intel) Hidden
Intel(R) Network Connections 26.2.0.1 (HKLM\...\PROSetDX) (Version: 26.2.0.1 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{1A8E089C-378F-4ECA-B34A-64D0BF90CA99}) (Version: 17.8.0.1065 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.8.0.1065 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{0940A8E6-DBBC-4554-B07D-EBFB10627716}) (Version: 30.100.2020.7 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000160-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.160.0.4 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4487026C-A32C-4FF5-858E-8DB890814949}) (Version: 17.8.0.1065 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{8fca270b-04dc-46cd-a7dc-bca0425f10c6}) (Version: 22.160.0.3 - Intel Corporation) Hidden
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LINE (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\LINE) (Version: 7.9.1.2757 - LINE Corporation)
LOOT version 0.19.1 (HKLM\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.19.1 - LOOT Team)
Malwarebytes version 4.5.20.230 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.20.230 - Malwarebytes)
MATLAB R2022a (HKLM\...\MATLAB R2022a) (Version: 9.12 - MathWorks)
MFBO Preset Creator (v.2.7.2) (HKLM-x32\...\{F0572980-4893-4828-B9EC-B9AD99DBCE35}_is1) (Version: 2.7.2 - Mitsuriou)
Microsoft .NET 6.0 Templates 6.0.404 (x64) (HKLM\...\{2CC77066-22A4-442F-9886-961912A62BEC}) (Version: 24.7.30136 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64) (HKLM\...\{0843B2D1-FCB8-47FC-9732-E36B31436C28}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64_arm) (HKLM\...\{5BE5CFFD-78AD-4612-A271-BEF48B722F49}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64_arm64) (HKLM\...\{B9689086-0F4A-415D-9C7A-59F2500A8B5B}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64_x86) (HKLM\...\{17D9BF6D-1890-44D7-89CD-8D3C5111A98A}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64) (HKLM\...\{727CF86D-4100-467F-BE93-AF8A937D9F97}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64_arm) (HKLM\...\{8ECD9126-5C60-4E70-92C8-E46D4851DD0C}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64_arm64) (HKLM\...\{AA519709-E672-451E-83CC-75685E2280D7}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64_x86) (HKLM\...\{E441C3EC-7A2B-49FA-BB59-9AE980F1852D}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Core 5.0 Templates 5.0.400 (x64) (HKLM\...\{FB2E8886-F40F-4BAF-8F63-6EED2BED6F41}) (Version: 20.3.57386 - Microsoft Corporation) Hidden
Microsoft .NET Core Host - 3.1.10 (x64) (HKLM\...\{52B42932-15C1-45D4-8904-FC3117EEE69B}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.10 (x64) (HKLM\...\{752B4412-A129-4CB2-AD96-B6D97EAD3090}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM\...\{396D7BC8-E3C8-4B3E-8C60-D50D94FDF09D}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation)
Microsoft .NET Host - 5.0.9 (x64) (HKLM\...\{8313C056-53A4-4845-B03E-5C27165DC2F1}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.12 (x64) (HKLM\...\{E215AA9E-5DF2-44BC-9D6F-E1A1B0C348FB}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.9 (x64) (HKLM\...\{AB193EEE-76AF-43D3-BFC1-823EE43D7738}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.12 (x64) (HKLM\...\{0712F23C-FBAC-436C-9DDB-125F32D15033}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.9 (x64) (HKLM\...\{D55E73D8-86EB-4FC3-A957-54616AA3D961}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.12 (x64) (HKLM\...\{1BF67DC1-8BB5-4AF5-BE20-3B53D9532D01}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET SDK 5.0.400 (x64) (HKLM-x32\...\{4ec57a91-a2e9-46ea-8946-5b46e35fad1a}) (Version: 5.4.21.37610 - Microsoft Corporation)
Microsoft .NET SDK 6.0.404 (x64) (HKLM-x32\...\{8492a30b-426a-4798-95c5-d74d36b9744d}) (Version: 6.4.422.57816 - Microsoft Corporation)
Microsoft .NET Standard Targeting Pack - 2.1.0 (x64) (HKLM\...\{A7036CFB-B403-4598-85FF-D397ABB88173}) (Version: 24.0.28113 - Microsoft Corporation) Hidden
Microsoft .NET Targeting Pack - 5.0.0 (x64) (HKLM\...\{F9CD5A8F-B00B-4770-9E4A-A3C818BE840F}) (Version: 40.0.29513 - Microsoft Corporation) Hidden
Microsoft .NET Targeting Pack - 6.0.12 (x64) (HKLM\...\{223F1D35-BBE9-4DC1-A20F-381D1B03E9CD}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Toolset 5.0.400 (x64) (HKLM\...\{52370767-E5DD-4C0C-AD33-E2FD790AAE94}) (Version: 20.3.41002 - Microsoft Corporation) Hidden
Microsoft .NET Toolset 6.0.404 (x64) (HKLM\...\{781B2BC5-F211-44EC-8FB9-52CF6506E5F4}) (Version: 24.5.30136 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.15928.20216 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - ja-jp (HKLM\...\O365ProPlusRetail - ja-jp) (Version: 16.0.15928.20216 - Microsoft Corporation)
Microsoft Access database engine 2016 (English) (HKLM\...\{90160000-00D1-0409-1000-0000000FF1CE}) (Version: 16.0.5044.1000 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 Shared Framework (x64) (HKLM\...\{7BEAA207-E3EB-3948-BBB3-336B04D8A2F1}) (Version: 3.1.10.20520 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 5.0.0 Targeting Pack (x64) (HKLM\...\{7E0C04EC-9D6F-36CD-A821-DC8493EE407F}) (Version: 5.0.0.20526 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 5.0.9 Shared Framework (x64) (HKLM\...\{B3CDEF60-7D28-332C-8845-682E6DAAEA80}) (Version: 5.0.9.21365 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.12 Shared Framework (x64) (HKLM\...\{EB4AA7BF-1E27-33BB-91BC-1FD67B340EB0}) (Version: 6.0.12.22571 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.12 Targeting Pack (x64) (HKLM\...\{E885BD5D-F55D-39C2-B9B5-BF52B030982F}) (Version: 6.0.12.22571 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.69 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Teams) (Version: 1.5.00.11163 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{B81577B2-3AD0-4AFD-A19C-87F673C09D0C}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{62678770-F459-4903-83E3-A2968F6CC242}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.13.53049 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{CBD54374-141A-4C71-AE46-3870CC7F0838}) (Version: 2.7.3111.17308 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{E5629267-C38E-4899-931E-A734A1499223}) (Version: 2.7.3111.17308 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.9 (x64) (HKLM\...\{D9A03C1C-D245-4579-B4DC-0BB2BC87E6E7}) (Version: 40.36.30315 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM\...\{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Targeting Pack - 5.0.0 (x64) (HKLM\...\{B7846BB6-4EDE-409B-9147-631286EF7FDD}) (Version: 40.0.29420 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Targeting Pack - 6.0.12 (x64) (HKLM\...\{0128408E-205B-44B9-BEBD-E5B7A0E450F4}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Android.Manifest-6.0.300 (HKLM\...\{F4E591C2-810D-4D36-B4F9-DC55103019D1}) (Version: 128.75.16384 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.iOS.Manifest-6.0.300 (HKLM\...\{BBA9C60D-75E7-44EE-922D-069AA85C8EC1}) (Version: 125.191.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.MacCatalyst.Manifest-6.0.300 (HKLM\...\{FEB76EC8-02F4-46E6-8031-BE403766D13A}) (Version: 125.191.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.macOS.Manifest-6.0.300 (HKLM\...\{F590F859-2F6A-4559-9D09-A8FC442AF16B}) (Version: 100.255.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Maui.Manifest-6.0.300 (HKLM\...\{C2863251-07E7-44A0-B2F8-4C4E2AF08937}) (Version: 24.78.0 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.tvOS.Manifest-6.0.300 (HKLM\...\{69B1631F-5F98-4C6C-B757-46B0ECC8EDBB}) (Version: 125.191.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Emscripten.Manifest (HKLM\...\{7CBF3451-2A94-4DFD-8355-6B97C5EABB26}) (Version: 48.27.39026 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Mono.Toolchain.Manifest (HKLM\...\{DBB48387-294D-4179-81CB-B06A97F8CD8E}) (Version: 48.3.40665 - Microsoft Corporation) Hidden
Minion (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
ModelSim - Intel FPGA Starter Edition 20.1.1.720 (HKLM\...\ModelSim - Intel FPGA Starter Edition 20.1.1.720) (Version: 20.1 - Intel Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 109.0 (x64 en-US)) (Version: 109.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla)
MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NC Launcher 2 (HKLM-x32\...\NCLauncherW_plaync) (Version: - NCSOFT)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.3.0.160 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.3.9.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.11.12 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.5.428 - NortonLifeLock Inc)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.4 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.160 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.160 - NVIDIA Corporation)
NVIDIA Graphics Driver 528.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 528.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15928.20198 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0411-1000-0000000FF1CE}) (Version: 16.0.15928.20198 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B18.1203.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 - GIGABYTE) Hidden
ON_OFF Charge 2 B18.1203.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 - GIGABYTE)
OpenIV (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team)
Outlook (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Parsec (HKLM-x32\...\Parsec) (Version: 150-86h - Parsec Cloud Inc.)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.1 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{07236f40-ec25-4646-8cb6-b6aaf1597324}) (Version: 1.1.0.1 - Patriot Memory) Hidden
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PlatformPowerManagement (HKLM-x32\...\{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE) Hidden
PlatformPowerManagement (HKLM-x32\...\InstallShield_{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE)
PowerPoint (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PowerWorld Simulator Education-Evalution 22 (HKLM\...\{8368E79D-19AC-4FA2-8A66-32C3D777757F}) (Version: 22.22.0217 - PowerWorld Corporation)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
Quartus Prime Lite Edition (Free) 20.1.1.720 (HKLM\...\Quartus Prime Lite Edition (Free) 20.1.1.720) (Version: 20.1 - Intel Corporation)
Raspberry Pi Imager (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Raspberry Pi Imager) (Version: 1.7.2 - Raspberry Pi Ltd)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9313.1 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.0420.1 - GIGABYTE)
RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder)
RSI Launcher 1.4.11 (HKLM\...\81bfc699-f883-50c7-b674-2483b6baae23) (Version: 1.4.11 - Cloud Imperium Games)
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0426.1 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0426.1 - GIGABYTE)
Smart Backup (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.18.0911.1 - GIGABYTE)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 30.0.0 (HKLM\...\SteelSeries GG) (Version: 30.0.0 - SteelSeries ApS)
Teams (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\606d17a2359c9b915c2ca2796bdad606) (Version: 1.0 - Teams)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)
TeighaX 4.00 (x64) (HKLM\...\{2AB65377-C672-498E-BE74-5C60CCFEAC5C}) (Version: 4.0.0 - Open Design Alliance)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Unity Hub 2.4.5 (HKLM\...\{Unity Technologies - Hub}) (Version: 2.4.5 - Unity Technologies Inc.)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
Visual Studio Community 2019 (HKLM-x32\...\9d4ca075) (Version: 16.8.30804.86 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.4.15 - Black Tree Gaming Ltd.)
vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DE982ACB-A44E-44A5-BEA5-F0816490312C}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
Windows Subsystem for Linux Update (HKLM\...\{18E72D39-392C-419D-9B86-C4C633B4CED9}) (Version: 4.19.128 - Microsoft Corporation)
Word (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 310.0.0.0 - Wrye & Wrye Bash Development Team)
Zoom (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)

 

[rickyralph]

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-01-26] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-11-06] (INTEL CORP)
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2023-01-25] (0)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2023-01-14] (NVIDIA Corp.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2021-05-25] (Pandora Media Inc) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-11-05] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.35.266.0_x64__dt26b99r8h8gj [2022-12-03] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-06] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0 [2023-01-19] (Spotify AB) [Startup Task]
Ubuntu on Windows -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2022.1.0_x64__79rhkp1fndgsc [2022-11-06] (Canonical Group Limited)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Rich\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\Rich\AppData\Local\Autodesk\webdeploy\production\414da7cdec4faa7986fe0d205fb521fc68f5d46c\NPreview10.dll (Autodesk, Inc. -> )
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Rich\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2022\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F}\localserver32 -> "C:\Program Files\cFosSpeed\cfosspeed.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-09] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2021-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2021-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-07-15] (Notepad++ -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.11.12\NavShExt.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.11.12\NavShExt.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\nvshext.dll [2022-12-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.11.12\NavShExt.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2022-09-18 18:58 - 2022-09-18 18:58 - 000475648 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\GVDisplay.dll
2020-12-19 16:41 - 2019-02-21 08:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-04-26 15:10 - 2022-04-26 15:10 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\SiUSBXp.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg:com.dropbox.attrs [58]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-128556331-799817740-448323406-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-128556331-799817740-448323406-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-128556331-799817740-448323406-1001\...\sharepoint.com -> hxxps://uwnetid-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts

2021-01-08 13:47 - 2023-01-22 20:27 - 000000433 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.28.112.1 Rich.mshome.net # 2027 5 6 8 3 2 31 545

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\MATLAB\R2022a\bin;C:\Program Files\dotnet\
HKU\S-1-5-21-128556331-799817740-448323406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rich\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaperflare.com_wallpaper.jpg
HKU\S-1-5-80-2318606733-4105731500-2265514868-2382646068-3090068018\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.50.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: CorsairGamingAudioConfig => 2
MSCONFIG\Services: CorsairLLAService => 2
MSCONFIG\Services: CorsairService => 2
MSCONFIG\Services: JTAGServer => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\Run: => "Gigabyte Speed"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "Battle.net"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{89BF5CA3-47A1-41D6-96C9-EED067C606A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B2674EDF-2CBF-4A68-9C3C-8FFF219A355C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3A6C4A2F-9D93-4EAF-81B8-E87C62051E6B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{067AF954-CC29-464C-A0B1-BB9B869866E9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0658824B-1190-47B4-810A-5F591B626CEB}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{E571848D-1988-4618-B5C6-8535CDD26FC5}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{29127E1C-01B7-4357-B933-E708B83F80F8}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{6D6B20E2-9354-4B77-BAFB-93CB1964D0E2}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{0F4CB4D9-7F1B-4A84-AB88-82283F0AF97F}] => (Allow) LPort=9009
FirewallRules: [{02C73E3B-8F49-4554-8A43-BF4FFBAA56FD}] => (Allow) LPort=9009
FirewallRules: [{8B9F1386-97B5-4E11-A5F5-59842A2C764D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{797F7B8D-2068-40FD-AD3E-249EF993974B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{5F16B855-4594-40ED-B0D6-394D50EBE777}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E6117CE9-976D-4014-AD44-80F3FF976A5A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{06FCBFE7-A1A8-473E-96C1-2ACC28DF551F}] => (Allow) C:\Users\Rich\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{680E1B46-2FF3-4169-8A2B-EF501B825991}] => (Allow) C:\Users\Rich\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6C5779AE-8904-4095-B714-51E459A34F92}] => (Allow) C:\Users\Rich\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{64539D97-5EE5-4AE2-8C9A-7D373BC02914}] => (Allow) LPort=9009
FirewallRules: [{4DF0D967-0184-4017-9F1B-6D0242588B3B}] => (Allow) LPort=9009
FirewallRules: [{2DAACFF0-5E9B-4FA6-AD64-610CC2276980}] => (Allow) LPort=9009
FirewallRules: [{2BB5B80D-3D10-440C-89D1-D4BCF71431A4}] => (Allow) LPort=9009
FirewallRules: [{A1E98979-6E5A-4534-8E64-11003E652DEF}] => (Allow) LPort=9009
FirewallRules: [{A9EE8503-1AEB-4566-A4DB-C3B42F54E745}] => (Allow) LPort=9009
FirewallRules: [{106EDA14-FEDB-44F0-94FE-2CD080264DEA}] => (Allow) LPort=9009
FirewallRules: [{ADF4AAFD-412F-4547-BBF2-5BC6A869260F}] => (Allow) LPort=9009
FirewallRules: [{0D96937F-5B08-4C0E-8011-13F71EC23533}] => (Allow) LPort=9009
FirewallRules: [{EC7CC9F5-2D27-41E6-90E4-8B7989ECDF63}] => (Allow) LPort=9009
FirewallRules: [{1D135321-1351-4469-ACDE-8243BA98CA99}] => (Allow) LPort=9009
FirewallRules: [{1F4803E2-9912-4047-BFBB-8A1A8275D2F7}] => (Allow) LPort=9009
FirewallRules: [{C0E38396-2464-4DD3-9507-BCA4B7AF6F7A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{A301819B-5C0A-4572-A1F4-3EE5A7F61E41}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{5F7B982F-3292-4AD0-912C-D257A7F0DB75}] => (Allow) LPort=9009
FirewallRules: [{57D41C33-93D6-4792-9798-F8C89BF3FEDD}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{A6965949-9789-49A1-BB9F-9C1878CF412B}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{A0ECF37E-FF40-4587-8DC2-FE27C9CD99D7}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File
FirewallRules: [{FD9C724E-5A01-46D7-ACB6-BB7C68C05D89}] => (Allow) LPort=9009
FirewallRules: [{1F3DD21F-A2CE-4FDB-9554-7E8950F56C7A}] => (Allow) LPort=9009
FirewallRules: [{507375E4-3F22-4A4E-924E-F6DF3B6BE54D}] => (Allow) LPort=9009
FirewallRules: [{4BB7DE85-7BE0-40C6-A897-50238D25145B}] => (Allow) LPort=9009
FirewallRules: [{78F2CAC7-A446-4040-93D1-120014E585DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{50140A6E-5A81-48C5-A5C6-B98524AC5B75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{5D8FBEFD-7BF8-431E-A705-517B0C66BE66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{34C42213-7BEB-42A2-AB06-2B71D9779643}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{57113370-0386-4475-9AEC-F90B9F2FCD0E}] => (Allow) LPort=9009
FirewallRules: [{BD0EB3EE-1BFE-4099-8466-D419A142BC15}] => (Allow) LPort=9009
FirewallRules: [{B29A3FB5-09D1-417E-91DE-7DFF40BA106D}] => (Allow) LPort=9009
FirewallRules: [{609FED39-4637-48E6-9301-A38F2D755389}] => (Allow) LPort=9009
FirewallRules: [{538D30C6-D09E-4E1A-8E9A-F19CBFB67203}] => (Allow) LPort=9009
FirewallRules: [{37891622-3BAA-4E24-BA08-CD35B84D3303}] => (Allow) LPort=9009
FirewallRules: [{FAC4944A-398D-4BF7-AC40-5C421A244ADE}] => (Allow) LPort=9009
FirewallRules: [{1F1CDE5C-F43F-41C4-B3E2-8A1C94BDC824}] => (Allow) LPort=9009
FirewallRules: [{85DFE9A1-3FB3-43C1-9742-89B7CC4AEC7D}] => (Allow) LPort=9009
FirewallRules: [{BE5C3A7E-449C-4062-BEB6-33A38F22B335}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{163A9AAD-498E-428E-AB9D-801BF7476D26}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{912A390D-D42C-4907-A809-49729A5DDB6B}] => (Allow) LPort=9009
FirewallRules: [{CADA71B1-C0EE-4FBE-9D57-A5C16538961F}] => (Allow) C:\intelFPGA_lite\20.1\quartus\bin64\jtagserver.exe () [File not signed]
FirewallRules: [{9B38CDAC-B98E-4980-8004-EBD2E837EEE8}] => (Allow) C:\intelFPGA_lite\20.1\quartus\bin64\jtagserver.exe () [File not signed]
FirewallRules: [{8E502060-1F02-4D16-9C63-4EBDC734F351}] => (Allow) LPort=9009
FirewallRules: [{A80CD842-CBB2-499D-9177-84D0A6C7307C}] => (Allow) LPort=9009
FirewallRules: [{90157C4E-488C-41E7-806E-E19E4FECAD68}] => (Allow) LPort=9009
FirewallRules: [{44A5E74E-B262-408C-9384-C4CA8618B6ED}] => (Allow) LPort=9009
FirewallRules: [{4B0A14C5-A65E-4E1E-A7E5-C7D78D3C863B}] => (Allow) LPort=9009
FirewallRules: [{8483AE06-6DDB-484A-80EF-FBAD290B2871}] => (Allow) LPort=9009
FirewallRules: [{B937F16D-0D8A-405F-B0E2-6FFA169F79A9}] => (Allow) LPort=9009
FirewallRules: [{8406EBCA-DEB8-4D07-8025-CE181B5F84C4}] => (Allow) LPort=9009
FirewallRules: [{9684DBF5-BAE2-4FF4-9123-2BEF00DE4D1F}] => (Allow) D:\Program Files\FormatFactory\FormatFactory.exe => No File
FirewallRules: [{E935DAEF-61D9-47DE-9F0E-9BBDA123B8BF}] => (Allow) LPort=9009
FirewallRules: [{288734D2-180D-415E-BAB5-C83766DA0925}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{B8554B34-F973-4C5E-97A4-931ABBA5C77D}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{6012DD61-5E11-4E06-8A47-E4FB7C6AAF10}] => (Allow) LPort=9009
FirewallRules: [{579788CC-2D88-406F-9F7E-6B9188A26886}] => (Allow) LPort=9009
FirewallRules: [{67B84AC2-DB57-4C9E-A215-1DA54AAF31A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B928CF60-345D-44B1-AF5B-6F39532ADC79}] => (Allow) LPort=9009
FirewallRules: [{1A7DCECA-AE57-4FB9-8287-DDB19EDEBA0B}] => (Allow) LPort=9009
FirewallRules: [{CB378685-A549-4861-AB6E-4E43E9BFF736}] => (Allow) LPort=9009
FirewallRules: [{73D7C279-95A3-42BE-B3BB-473DEC19663F}] => (Allow) LPort=9009
FirewallRules: [{7766EA58-0647-4117-93C1-8396A12178B2}] => (Allow) LPort=9009
FirewallRules: [{E1D95E15-503C-41A2-8900-669C36E3D34E}] => (Allow) LPort=9009
FirewallRules: [{A161BDD7-920D-4107-9BF5-637C18F409B9}] => (Allow) LPort=9009
FirewallRules: [{EB70A75F-410A-42DE-A4BD-62C868AB25B0}] => (Allow) G:\Program Files\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{542B274E-AF12-469A-A93B-3AE1686D441E}] => (Allow) G:\Program Files\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4FE11056-A22F-4222-82FE-9B6669CF6ABB}] => (Allow) G:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A58AF17A-66AF-4B5D-9120-1DAA1997C777}] => (Allow) G:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7B56329C-B0C8-41B3-AFE0-02E1CC1F8419}] => (Allow) G:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{29EEC435-8AA7-471B-8BF9-AF5E665AAFB8}] => (Allow) G:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{5F5CC7E1-7619-43D1-918E-7AFA82D012E3}] => (Allow) G:\Program Files\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe (Eleon Game Studios) [File not signed]
FirewallRules: [{003C4870-A835-411E-BB40-009DEFBE2BC3}] => (Allow) G:\Program Files\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe (Eleon Game Studios) [File not signed]
FirewallRules: [{6CB6515D-CC46-4C43-922E-B72D4F9358D3}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{85C24C84-0FB9-4814-875E-33B20953BEE0}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{9B5D0131-CE46-4D46-843A-12CFFA36FD78}] => (Allow) G:\Program Files\Steam\steamapps\common\Osiris\OsirisNewDawn.exe () [File not signed]
FirewallRules: [{04C6D689-65FC-45E2-9E59-818282DC6BAC}] => (Allow) G:\Program Files\Steam\steamapps\common\Osiris\OsirisNewDawn.exe () [File not signed]
FirewallRules: [{AA7A8B73-9E1F-4F77-8F7E-901CF9024711}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Explorers\PE_Launcher.exe => No File
FirewallRules: [{4F80BAFB-6954-46DA-99B8-1A86ABED4F9F}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Explorers\PE_Launcher.exe => No File
FirewallRules: [{0E7F34D8-FC98-4D54-A01D-15936667FEB1}] => (Allow) G:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{95052E8A-0AE1-4478-BABD-96B446FD7112}] => (Allow) G:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{F9183F41-9EE6-4CF9-AAC1-A84F0E6E528E}] => (Allow) G:\Program Files\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{875A723B-5800-467B-B836-DEF7E97D3132}] => (Allow) G:\Program Files\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{914CF361-B37F-469F-BB6E-A12F66FC6BFE}] => (Allow) G:\Program Files\Steam\steamapps\common\Miscreated\Miscreated.exe => No File
FirewallRules: [{367BE639-A2AE-4B17-B362-6BCD4DB95E48}] => (Allow) G:\Program Files\Steam\steamapps\common\Miscreated\Miscreated.exe => No File
FirewallRules: [{324598A9-69E6-43CF-ACB0-860FF53D7112}] => (Allow) G:\Program Files\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe => No File
FirewallRules: [{B325BAB5-836B-4C72-952B-99D48185CD7A}] => (Allow) G:\Program Files\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe => No File
FirewallRules: [{F31A55B2-CB9D-404C-A462-C1B4D5420B18}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Nomads\PlanetNomads.exe => No File
FirewallRules: [{CAB04CE6-4B4C-4978-AB80-297993AD2D1B}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Nomads\PlanetNomads.exe => No File
FirewallRules: [{DF1050EE-E995-4944-8F3D-934F419C2B34}] => (Allow) G:\Program Files\Steam\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe () [File not signed]
FirewallRules: [{066BDB18-1AFC-45D3-9CE3-2FB7AAF6A85C}] => (Allow) G:\Program Files\Steam\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe () [File not signed]
FirewallRules: [{00FF9B7D-DE0E-463A-8B49-ADC8D2778DED}] => (Allow) G:\Program Files\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{D61B5621-6AB2-4D8F-A171-7608A9A0BD90}] => (Allow) G:\Program Files\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{867F4683-E94E-414F-AF32-8DA807C8446F}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD Projekt Red)
FirewallRules: [{F782D00D-814D-49C2-8720-F5D4AFE7265A}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD Projekt Red)
FirewallRules: [{C0AE431B-EA95-434C-A903-DCEEBD90484C}] => (Allow) G:\Program Files\Steam\steamapps\common\Mad Max\MadMax.exe (Fatalist Development -> )
FirewallRules: [{C7B5985B-75C0-4E97-B19F-5C2DA64B5DB4}] => (Allow) G:\Program Files\Steam\steamapps\common\Mad Max\MadMax.exe (Fatalist Development -> )
FirewallRules: [{678C51E3-CFED-434F-823B-554834BB75A4}] => (Allow) LPort=9009
FirewallRules: [{A1129ECC-D570-4D86-94A6-C8AEDF3E688B}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{EDB811BB-828B-46CB-B6B1-A70E6CAE2E07}] => (Allow) LPort=9009
FirewallRules: [{C7DE3A5F-9C00-4481-8E1A-6606146A19DD}] => (Allow) LPort=9009
FirewallRules: [{B31E2328-B3BB-41AF-86C2-82111DACDF43}] => (Allow) LPort=9009
FirewallRules: [{33EB6B57-6A1D-457B-B128-9CE106BE8911}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{13E32C09-F2D3-4414-810E-6C235A04CA93}] => (Allow) C:\Program Files\Unity\Hub\Editor\2020.3.15f2\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies ApS)
FirewallRules: [{16BD7134-0787-47DE-A98A-E082B578B921}] => (Block) C:\Program Files\Unity\Hub\Editor\2020.3.15f2\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies ApS)
FirewallRules: [{6CDEB226-F078-4C5C-AE59-2E9C69EFEBED}] => (Allow) LPort=9009

 

[rickyralph]

FirewallRules: [{9F04B770-299B-457F-88C6-FD85286FB41D}] => (Allow) LPort=9009
FirewallRules: [{F33A9E5B-B90B-463B-B868-B5BFD394C410}] => (Allow) LPort=9009
FirewallRules: [{0B97B825-48A6-418B-B60D-98F93AA2F500}] => (Allow) LPort=9009
FirewallRules: [{BC82EE22-CB3F-4FEA-B77D-C626AE56EC79}] => (Allow) LPort=9009
FirewallRules: [{B4FDEEF0-CD63-4292-9170-7D9254C16E0B}] => (Allow) LPort=9009
FirewallRules: [{23D311E5-E690-409D-BD61-CD2E417EB515}] => (Allow) LPort=9009
FirewallRules: [{78B8EA35-70F2-4E53-BC5C-C4DAA97A28E6}] => (Allow) LPort=9009
FirewallRules: [{4E596592-567D-470C-8ADD-FC145D0BDF1E}] => (Allow) LPort=9009
FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{3FC52F1C-B5E7-4F0D-97B9-6F93F4E1AAF5}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{9B465090-21F7-4403-B3A2-734E1447F170}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{8171E21E-E173-4D5C-991A-A863F807787D}] => (Allow) LPort=9009
FirewallRules: [{D462DB6C-8318-487A-A772-454D3217FEDE}] => (Allow) LPort=9009
FirewallRules: [{5D11FF6D-1DA2-43E3-9ED3-E698106B420E}] => (Allow) LPort=9009
FirewallRules: [{A5B91F8A-E6B0-4A7F-BCB5-1FB34F4C9DEF}] => (Allow) LPort=9009
FirewallRules: [{BBEC7B62-0437-475D-B4B4-05DE378A5166}] => (Allow) G:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{8A09A69C-4336-44A2-BE3D-EBD09D188341}] => (Allow) G:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{0787C69B-EF76-4ED9-AE32-0DEFD82ABDA5}] => (Allow) G:\Program Files\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{A4DEC20D-6CB0-4F88-A5A2-BD2233B2B20D}] => (Allow) G:\Program Files\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{071EE953-9B0C-4626-9609-9488D1A389C8}] => (Allow) LPort=9009
FirewallRules: [{FA0C499A-9395-4C13-971E-921213C4C963}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{9C1925D8-B4E8-408A-8FD4-50A2B8992ECD}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{63D878DD-CCA3-472B-A2A7-F137FB80E5D1}] => (Allow) LPort=9009
FirewallRules: [{EB759C41-4A99-42BA-9721-866E3A2A3700}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36C9F319-4B33-4687-BF3C-62E1F99BFADC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D5DBBA3-3903-42AB-A3B0-FC188F0A2EF8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE71480F-B539-4367-8E19-A8F83CC4BB17}] => (Allow) LPort=9009
FirewallRules: [{D72AE089-85BE-4C08-B732-A56F35DA6F8A}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{40F00992-BC41-4B37-8433-D4A40D3935D4}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{FB35F87E-EC26-4005-9A7F-0B0E5C16A2C6}] => (Allow) LPort=9009
FirewallRules: [{FD9EF55F-65DB-402E-96EE-038F0C86698E}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{DA7E0393-222C-4595-A624-2E663CF3D8AD}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{B6234EFD-14DF-4E67-99EB-0E65B09B36BE}] => (Allow) LPort=9009
FirewallRules: [{6BFB8706-0662-4D82-AE05-8E6D559A7FD2}] => (Allow) LPort=9009
FirewallRules: [{B2CDAFA5-3915-424F-9978-404E3E50A0E7}] => (Allow) LPort=9009
FirewallRules: [{93CFC587-70EF-4EC6-943A-17E374DBD7C2}] => (Allow) LPort=9009
FirewallRules: [{E6AF6804-814A-4E97-8FB6-7862F1C8EAA9}] => (Allow) G:\Program Files\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8538DE07-8C8C-4097-9550-954058830BD4}] => (Allow) G:\Program Files\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{FE06DE6E-D398-405B-B4F0-EE6DC1E68F86}] => (Allow) LPort=9009
FirewallRules: [{6F25BAF6-6D30-46D1-9402-CC946BC2B5DE}] => (Allow) LPort=9009
FirewallRules: [{88EA7C90-EED0-47B9-832C-E1F0C1846373}] => (Allow) LPort=9009
FirewallRules: [{F380C294-2F31-43ED-8185-7AC7F1CD2369}] => (Allow) LPort=9009
FirewallRules: [{D10439ED-3914-46C5-B6A7-A98043C2B2AF}] => (Allow) LPort=9009
FirewallRules: [{86D55718-7D99-4A16-BB05-4E591D3B422D}] => (Allow) LPort=9009
FirewallRules: [{B9922B8C-BA93-4743-92C4-78A54F3B4FAE}] => (Allow) LPort=9009
FirewallRules: [{2DDA9B10-FB73-4F0F-AAFD-7E99DC790C93}] => (Allow) LPort=9009
FirewallRules: [{D7FF0450-6A13-45EB-95AE-FE81F85010BB}] => (Allow) LPort=9009
FirewallRules: [{84DA6DCF-0791-41AF-81FA-4C69C346DABF}] => (Allow) G:\Program Files\Steam\steamapps\common\MonsterHunterRise\MonsterHunterRise.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{8D161590-EBF6-4D12-889D-0528F21A4C15}] => (Allow) G:\Program Files\Steam\steamapps\common\MonsterHunterRise\MonsterHunterRise.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{AD1762C2-B751-4463-B2D5-6EDCF265004F}] => (Allow) G:\Program Files\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [{6D2533D3-FF01-4C2C-8BC6-5BC10BFDDCE7}] => (Allow) G:\Program Files\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [{EDF5F99D-8204-4CDC-87AF-7D5B33BC8D18}] => (Allow) LPort=9009
FirewallRules: [{C09C7F61-4248-43CF-8720-9388DBD74FEE}] => (Allow) LPort=9009
FirewallRules: [{11812F56-4473-443B-832F-0221B8692853}] => (Allow) LPort=9009
FirewallRules: [{7665967A-0BBB-46C7-B326-8A90E2714EA1}] => (Allow) LPort=9009
FirewallRules: [{9AB65945-43BA-4B63-B5EC-C7F8266D1709}] => (Allow) G:\Program Files\Steam\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF1F3642-09F0-46D2-8CB7-26B379F00150}] => (Allow) G:\Program Files\Steam\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8198C2F-0AE0-43EC-A9D4-04DDE95ABC42}] => (Allow) LPort=9009
FirewallRules: [{D206DA7E-9E37-42E0-88C8-2FFEC2C82E9E}] => (Allow) LPort=9009
FirewallRules: [{A540F0B1-B1A1-4524-9FA8-642E0EB32AAE}] => (Allow) LPort=9009
FirewallRules: [{AE3F7961-9D6E-42A4-BFCB-8D4E5DA85DA2}] => (Allow) G:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{0580BD85-0555-4335-843E-B72FDB7F42D7}] => (Allow) G:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{24ECFA1F-CFFC-44C9-BA3D-9222A8AA5843}] => (Allow) G:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{D10E40A7-3F2D-4E00-907F-414447EA3B93}] => (Allow) G:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{3FF38DD9-5AB3-49DA-ACB6-D2D11932BA9E}] => (Allow) LPort=9009
FirewallRules: [{A7B663CF-4C58-4008-B0E0-D604E60248D4}] => (Allow) LPort=9009
FirewallRules: [{88FDB7F0-9E0F-42E0-9EB7-E5E5541D351E}] => (Allow) LPort=9009
FirewallRules: [{6BA88015-F59A-47EB-849A-2247B9370A1A}] => (Allow) LPort=9009
FirewallRules: [{976CD94A-6C4E-4D59-B358-1D0BA1D08B5F}] => (Allow) LPort=9009
FirewallRules: [{4E4DE52D-98EC-4509-8CC5-ADCF4CB1FA4D}] => (Allow) LPort=9009
FirewallRules: [{44D8DFEA-09AB-4139-B1F2-4662DB13F06F}] => (Allow) LPort=9009
FirewallRules: [{BFF1F4B9-DC5C-4C77-AC4D-03BD0407D25E}] => (Allow) LPort=9009
FirewallRules: [{DC7E55B9-1EF9-40ED-9EA9-3F25D3DD23A8}] => (Allow) LPort=9009
FirewallRules: [{4E2139F8-7E2F-4D89-A067-61BDB98431A1}] => (Allow) G:\Program Files\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{AEEF4D74-8CDD-4873-B222-43215731F4E6}] => (Allow) G:\Program Files\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8F4A2663-D273-4804-BCC3-CAC21D770269}] => (Allow) LPort=9009
FirewallRules: [{E5480309-30C8-40B3-BD6A-9AA8DCDF6D23}] => (Allow) LPort=9009
FirewallRules: [{EFE14D98-380D-4A09-A28C-74C4AD30C2F6}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW3\oppw3.exe (KOEI TECMO GAMES CO., LTD. -> )
FirewallRules: [{3E10A376-2F25-41CC-911E-557874FF7008}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW3\oppw3.exe (KOEI TECMO GAMES CO., LTD. -> )
FirewallRules: [{138D980A-B3A4-4419-9749-FBE3E8411F77}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW4\OPPW4.exe () [File not signed]
FirewallRules: [{063C92FC-DBFC-4020-978C-0C4054BB3322}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW4\OPPW4.exe () [File not signed]
FirewallRules: [{AC62EB32-FCB9-4C87-BD75-95C1860666FD}] => (Allow) G:\Program Files\Steam\steamapps\common\ONE PIECE WORLD SEEKER\OPWS.exe () [File not signed]
FirewallRules: [{D236EF42-B25D-43A9-BF84-73D5B4E6955C}] => (Allow) G:\Program Files\Steam\steamapps\common\ONE PIECE WORLD SEEKER\OPWS.exe () [File not signed]
FirewallRules: [{5DA1DBE1-A073-4DF0-A236-69BE683E9C79}] => (Allow) G:\Program Files\Steam\steamapps\common\Ranch Simulator\Ranch_Simulator.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{86465569-D137-499B-B395-1AFF6398A656}] => (Allow) G:\Program Files\Steam\steamapps\common\Ranch Simulator\Ranch_Simulator.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{5E6AD25C-550B-4043-B1DB-BA5EBC2A028C}] => (Allow) LPort=9009
FirewallRules: [{021456CD-15E5-4F18-9DFB-D015854D66E8}] => (Allow) LPort=9009
FirewallRules: [{2D181910-55A8-47B4-93D5-4E7F5955729C}] => (Allow) LPort=9009
FirewallRules: [{37CA7483-7342-42E9-9AA7-3AED485F3581}] => (Allow) LPort=9009
FirewallRules: [{FD90CBE9-80C7-44C0-AE1C-9F77D8BDDFA7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{F6CCF1FB-99DC-4CA6-B04F-7F5621FA2D17}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{D8FA61DE-5D8A-407C-84A7-A9A7C17873B3}] => (Allow) LPort=9009
FirewallRules: [{54361DEA-7241-4BA6-A89E-C44865EDFDF5}] => (Allow) LPort=9009
FirewallRules: [{3721D2DE-8BDA-4E31-A1F5-34C844100FBB}] => (Allow) F:\Program Files\Steam\steam.exe => No File
FirewallRules: [{8A50A544-3BFA-4EFC-9B9D-8098CBF947A8}] => (Allow) F:\Program Files\Steam\steam.exe => No File
FirewallRules: [{BAFCD2C2-D927-49D6-967E-FE0B2C0D008D}] => (Allow) F:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{56E96F64-12A6-4F78-9851-A1E9E2848B37}] => (Allow) F:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{66F4FE14-D171-448B-9A6A-ECBB1C044B94}] => (Allow) F:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{0157E20A-4522-496B-B428-FCECC5305E7A}] => (Allow) F:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{2FE8B8B7-7567-460D-9BD4-3D011F18E6AB}] => (Allow) F:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{0615D636-0836-4649-A9AE-31999A69019D}] => (Allow) F:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{F9115A02-EA11-4F2B-A199-D4E2F16222FB}] => (Allow) F:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe => No File
FirewallRules: [{5DA1119E-7E55-4754-9426-2DB33D0267B0}] => (Allow) F:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe => No File
FirewallRules: [{308E134C-9F19-4D2D-B4FF-8B67200F3758}] => (Allow) F:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{1A69E187-F1AE-417F-B84D-3CE48BBC3070}] => (Allow) F:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{A6553DF4-F8D5-4ECB-AB54-7814536F8712}] => (Allow) F:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{A5D53F17-037A-4A4F-9453-419525C8DDFE}] => (Allow) F:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{7FB95689-5FFE-4426-89F0-2251F6DF3807}] => (Allow) LPort=9009
FirewallRules: [{87EFD50C-4FE9-4B75-ADA0-CCAA6D7C4372}] => (Allow) G:\Program Files\Steam\steamapps\common\Days Gone\BendGame\Binaries\Win64\DaysGone.exe (Sony Interactive Entertainment LLC) [File not signed]
FirewallRules: [{C387ACE2-360E-490D-814D-EBC759D411E6}] => (Allow) G:\Program Files\Steam\steamapps\common\Days Gone\BendGame\Binaries\Win64\DaysGone.exe (Sony Interactive Entertainment LLC) [File not signed]
FirewallRules: [{161C24CE-5EAE-445E-A7C8-CE000D9A32EF}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{6F9906EA-61EE-4FA2-8C8F-A6D35F5E6C85}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{7DA52F86-95A3-48DD-AC7D-C8CDD7509C22}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{8D384CDC-E5B5-438C-B8F5-4C0666880F31}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{44FAF432-E30E-44E5-AA51-A05BD39105F1}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [{1413B49B-891C-4D1E-B003-A1B07EC2124A}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [{9E64E1F2-AB04-4BB2-9FAE-33900B4AD176}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{06AFBA6C-9E3E-4613-9EB6-91FE5A2D4D09}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{8263A865-4686-42F6-A792-3670403B8563}] => (Allow) G:\Program Files\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{75B4042B-5359-4B77-B763-2E4FDDCF57F2}] => (Allow) G:\Program Files\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{C14C3408-A229-475D-8A48-36D33CD4D6DB}] => (Allow) G:\Program Files\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{33B4E2A7-07D2-4F08-A3EB-DEDBC57D78E4}] => (Allow) G:\Program Files\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{DF8B2B33-43A3-4EE7-9F57-B048A9B46CD9}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{28EDAF14-B0FB-489E-8B6F-BD4A422F14EF}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{E142B45F-9759-46E1-BD96-2387DAC6F134}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{1F8898E4-0590-4F4A-87B3-3DC8AB9ECEBE}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{DC44BAFB-DEA2-4D35-A6D3-D77F9B0D227B}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (Rocksteady Studios Ltd.) [File not signed]
FirewallRules: [{369E7FEC-EDED-4087-AE19-F621EE551788}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (Rocksteady Studios Ltd.) [File not signed]
FirewallRules: [{A9B5D992-A392-446C-843A-1B7701632CD1}] => (Allow) G:\Program Files\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe () [File not signed]
FirewallRules: [{8FCFDD93-BF4F-44C9-9464-665E5BD4EF43}] => (Allow) G:\Program Files\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe () [File not signed]
FirewallRules: [{3923F466-A196-405E-82AD-A1CFE066036C}] => (Allow) LPort=9009
FirewallRules: [{35943186-7929-45EE-ACD8-215706EEF6B2}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{EB095DAA-172D-4D57-823E-EB6442AB552E}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{F87BC7DD-60C8-4A18-A565-744B92D77A84}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{67122236-6F91-4D99-9D62-6D9BDB3AE63F}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{AFEF8070-778A-474C-981A-F62C795161CD}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{F0CECF79-999D-4487-85BB-417EDC98CF59}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{73C7AFCB-FBB3-4254-952F-CC8E3606328E}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{EB85F752-4AF8-44AE-8BA7-13E06D7B017B}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{BDAF3E86-529B-4FBD-A909-6D53E176A5D9}] => (Allow) LPort=9009
FirewallRules: [{9617E171-BBC7-4D6E-AC26-A8DE4F01D9DB}] => (Allow) LPort=9009
FirewallRules: [{0D0B0C39-A4B8-49D7-A197-DF62FC88A830}] => (Allow) C:\Users\Rich\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{DEC3E548-6A51-4849-8222-CD4C955FA1F6}] => (Allow) C:\Users\Rich\AppData\Local\Temp\utorrent\utorrent.exe => No File
FirewallRules: [{3FFF04A1-9A6B-48BC-810D-007850887ADC}] => (Allow) LPort=9009
FirewallRules: [{981E98B6-072E-4683-B44D-7AB41A1C7795}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{AC5B1A7A-E63F-40F0-92DB-4A0441A504DF}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{8AE356CD-0AEC-47F1-A46C-D9FB3716866C}] => (Allow) LPort=9009
FirewallRules: [{9DFA46D0-E1D7-45F9-9C9F-E4F222A0E0C1}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{6B4D0369-BFC2-4465-9540-E68895BAE6F7}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{E5EE0E6B-21BA-411F-8500-BC3C745A4446}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{12EC5CD2-A078-469A-A649-42A79BD43AB9}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{F54A5ABA-C4EC-4483-A8D5-A1DE62D1871F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{8B40ADD9-0453-44A3-8631-0A1AAB8986FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B576CC46-082C-4B72-B339-114038C9FB53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7D54EB6C-449B-4AC6-9C63-E85D112AAA50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B6FF81FC-21E0-499F-BBAB-416ADF82DF94}] => (Allow) LPort=9009
FirewallRules: [{4F715247-3E61-4FA8-B3D6-4A978F8A5F69}] => (Allow) LPort=9009
FirewallRules: [{8332F5DE-E4B1-4056-8191-3A616AA44CD4}] => (Allow) LPort=9009
FirewallRules: [{0ABF027B-7FDD-46B4-ADA3-E06960EAD733}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{069B772B-6606-4B75-99F5-431F6DFCC5D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FF8BC272-24D1-4BE4-823E-681088E18D91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4FB0075C-7752-4957-BD05-7AD394EC3F55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{409D88C9-A51F-4768-99B9-15AD14E5A54A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF0FBFAC-B02D-455C-92DE-CA4C95D58E13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E1B310F9-79A7-4C3C-99E9-33DB48D45BB4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A9F0C858-EEC3-435B-9071-BBB71028D7B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D222F39-17B2-47F4-8A9F-947C402570E2}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{7A8E98DB-43C0-4C02-A01A-E9DABFAD60BC}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{3DB8FE39-6191-4B95-9D7E-BACDBEC55D4E}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{7482059F-5E74-4D9F-9CE6-24B8EA71DEA2}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{DEA9F9BA-5469-428F-9D40-84996A2B8F66}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C91ABFFD-C8B7-47BE-A326-227F103CB828}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\110.0.1587.22\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E31D8E43-2D4A-43AE-99BC-AB33D0D33328}] => (Allow) LPort=9009
FirewallRules: [{36F61125-13B9-4F34-85D0-158A7893139E}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{B1CE70FD-0FAE-4324-AD10-4D5830C67783}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2016709D-97E8-4E89-B067-C5F7EF6F921F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F447AF8D-E50A-4282-988C-51B9AB371A45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A985316C-5E1A-4F70-9AD6-3E580B6324A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5F84547-BD98-4196-8CF3-49F771AFE590}] => (Allow) LPort=9009
FirewallRules: [{B511F5B1-1469-4493-9D53-9D97FC7EC9A7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{96630E5D-CFBF-4FFD-97B4-BA6644F7A6B0}] => (Allow) LPort=9009

==================== Restore Points =========================

25-01-2023 08:54:15 Scheduled Checkpoint
26-01-2023 21:08:31 Removed Bonjour

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/26/2023 09:45:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MonitorService.exe, version: 1.0.4.1, time stamp: 0x609a5da7
Faulting module name: MonitorService.exe, version: 1.0.4.1, time stamp: 0x609a5da7
Exception code: 0xc0000417
Fault offset: 0x00014cd7
Faulting process id: 0x1668
Faulting application start time: 0x01d9321296365de1
Faulting application path: C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService.exe
Faulting module path: C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService.exe
Report Id: ce59884f-e1ae-458e-abd7-3f1cb2179a87
Faulting package full name:
Faulting package-relative application ID:

Error: (01/26/2023 09:45:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MonitorService.exe, version: 1.0.4.1, time stamp: 0x609a5da7
Faulting module name: MonitorService.exe, version: 1.0.4.1, time stamp: 0x609a5da7
Exception code: 0xc0000417
Fault offset: 0x00014cd7
Faulting process id: 0x1de8
Faulting application start time: 0x01d93212954973b4
Faulting application path: C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService.exe
Faulting module path: C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService.exe
Report Id: 966aceab-cb36-4da5-aaca-7a5b77fc41fd
Faulting package full name:
Faulting package-relative application ID:

Error: (01/26/2023 09:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MonitorService.exe, version: 1.0.4.1, time stamp: 0x609a5da7
Faulting module name: MonitorService.exe, version: 1.0.4.1, time stamp: 0x609a5da7
Exception code: 0xc0000417
Fault offset: 0x00014cd7
Faulting process id: 0x453c
Faulting application start time: 0x01d93212927a7f09
Faulting application path: C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService.exe
Faulting module path: C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService.exe
Report Id: 30edef62-7591-4d2b-b378-e4a6a41c60aa
Faulting package full name:
Faulting package-relative application ID:

Error: (01/26/2023 09:45:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Rich\AppData\Roaming\Zoom\bin\Zoom.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.

Error: (01/26/2023 09:24:31 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (01/26/2023 09:24:31 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2022-07-20T03:56:25.5597470Z and was inactive for 90.00:00:00.
Trace ID: e096e53f-74c7-41e7-aa50-bf5450c17400
Correlation ID: 6b6724ec-c4ae-4ffe-abc1-a6fbec271f45
Timestamp: 2023-01-27 05:23:44Zmcpmanagementservice.dll

Error: (01/26/2023 09:24:27 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (01/26/2023 09:24:27 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2022-07-20T03:56:25.5597470Z and was inactive for 90.00:00:00.
Trace ID: e096e53f-74c7-41e7-aa50-bf5450c17400
Correlation ID: 6b6724ec-c4ae-4ffe-abc1-a6fbec271f45
Timestamp: 2023-01-27 05:23:44Zmcpmanagementservice.dll


System errors:
=============
Error: (01/26/2023 09:57:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Desktop Licensing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/26/2023 09:45:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NI Service Locator service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2023 09:45:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60 milliseconds: Restart the service.

Error: (01/26/2023 09:45:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10 milliseconds: Restart the service.

Error: (01/26/2023 09:45:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3 milliseconds: Restart the service.

Error: (01/26/2023 09:45:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NI Network Discovery service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2023 09:45:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/26/2023 09:45:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gservice service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===============
Date: 2023-01-26 22:38:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2023-01-26 22:36:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2023-01-26 22:30:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 10/15/2019
Motherboard: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA-CF
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 55%
Total physical RAM: 16316.88 MB
Available physical RAM: 7215.08 MB
Total Virtual: 31452.88 MB
Available Virtual: 19700.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.34 GB) (Free:196.21 GB) (Model: Samsung SSD 850 PRO 512GB) NTFS
Drive d: (3TB Storage) (Fixed) (Total:2794.39 GB) (Free:1944.16 GB) (Model: TOSHIBA HDWD130) NTFS
Drive e: (1TB Storage) (Fixed) (Total:931.51 GB) (Free:928.46 GB) (Model: ST1000DM003-1CH162) NTFS
Drive f: (2TB Games) (Fixed) (Total:1863 GB) (Free:1247.42 GB) (Model: Samsung SSD 970 EVO Plus 2TB) NTFS
Drive g: (4TB Games) (Fixed) (Total:3726.01 GB) (Free:1964.34 GB) (Model: CT4000P3PSSD8) NTFS

\\?\Volume{757ebd54-dc08-4f2d-91a0-263e898b80a4}\ () (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{1a8c6f05-8312-4e2c-b6f8-ca9fd9427567}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: 90A11827)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[rickyralph]

Thank you. I will run through steps you have posted.

 

[rickyralph]

Program : RogueKiller Anti-Malware
Version : 15.8.0.0
x64 : Yes
Program Date : Jan 26 2023
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Rich
User is Admin : Yes
Date : 2023/01/28 00:07:50
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 548
Found items : 4
Total scanned : 104176
Signatures Version : 20230124_072020
Truesight Driver : Yes
Updates Count : 8
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[Adw.GigaClicks (Malicious)] HKEY_USERS\S-1-5-21-128556331-799817740-448323406-1001\Software\GCC -- -> Deleted
[+] scan_what : 2
[+] vendors : Adw.GigaClicks
[+] Name : HKEY_USERS\S-1-5-21-128556331-799817740-448323406-1001\Software\GCC
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0D0B0C39-A4B8-49D7-A197-DF62FC88A830} -- [%localappdata%\Temp\utorrent\utorrent.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0D0B0C39-A4B8-49D7-A197-DF62FC88A830}
[+] value : [%localappdata%\Temp\utorrent\utorrent.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DEC3E548-6A51-4849-8222-CD4C955FA1F6} -- [%localappdata%\Temp\utorrent\utorrent.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DEC3E548-6A51-4849-8222-CD4C955FA1F6}
[+] value : [%localappdata%\Temp\utorrent\utorrent.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Search Now -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : browser.search.selectedEngine
[+] value : Search Now
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 3
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

 

[rickyralph]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/27/23
Scan Time: 4:11 PM
Log File: 423e955c-9ea0-11ed-9f05-18c04d0dcd71.json

-Software Information-
Version: 4.5.20.230
Components Version: 1.0.1868
Update Package Version: 1.0.65024
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2486)
CPU: x64
File System: NTFS
User: Rich\Rich

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 389290
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[rickyralph]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-26-2023
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2486)
# Cleaned: 7
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2164 octets] - [26/01/2023 21:44:59]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

[rickyralph]

I ran the adwcleaner last night and posted those results above and posting the scan files below from today.

 

[rickyralph]

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-27-2023
# Duration: 00:00:06
# OS: Windows 10 (Build 19045.2486)
# Scanned: 32088
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2164 octets] - [26/01/2023 21:44:59]
AdwCleaner[C00].txt - [2226 octets] - [26/01/2023 21:45:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

[rickyralph]

Here is also the first Malwarebytes scan I ran yesterday.

 

[rickyralph]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/23
Scan Time: 9:28 PM
Log File: 76ce8838-9e03-11ed-9bb0-18c04d0dcd71.json

-Software Information-
Version: 4.5.20.230
Components Version: 1.0.1868
Update Package Version: 1.0.65002
License: Trial

-System Information-
OS: Windows 10 (Build 19045.2486)
CPU: x64
File System: NTFS
User: Rich\Rich

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 392864
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 3 min, 32 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.OfferCore, C:\$RECYCLE.BIN\S-1-5-21-128556331-799817740-448323406-1001\$RTLSB53.EXE, Quarantined, 520, 1104240, 1.0.65002, , ame, , D9E40E69322F6A227A665097ADB91E70, 0365DAACDCDE2FB93B2D972A46490B9CC4CA6F76E13F7AB745ACF9DBCB92C32F

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[rickyralph]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2023
Ran by Rich (administrator) on RICH (Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA) (27-01-2023 23:43:52)
Running from C:\Users\Rich\Documents\Tools
Loaded Profiles: Rich & lkClassAds
Platform: Microsoft Windows 10 Education Version 22H2 19045.2486 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\prismSyncV2\SteelSeriesPrismSync.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\sonar\SteelSeriesSonar.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE.exe
(explorer.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(explorer.exe ->) (Parsec Cloud, Inc. -> Parsec) C:\Program Files\Parsec\parsecd.exe
(explorer.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\GIGABYTE\RGBFusion\RGBFusion.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Gigabyte Technology CO.) C:\Program Files\GIGABYTE\Smart Backup\RPMDaemon.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Users\Rich\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.0.0.6529\AdskLicensingService\AdskLicensingService.exe
(services.exe ->) (CloudBees, Inc.) [File not signed] C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService-exec.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe <8>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (National Instruments Corporation -> National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.11.12\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.11.12\nsWscSvc.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe <2>
(svchost.exe ->) () [File not signed] C:\Program Files\MATLAB\R2022a\bin\win64\MATLABStartupAccelerator.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(svchost.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe
(svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files\GIGABYTE\Control Center\GCC.exe
(svchost.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\SIV\sensord.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe [3450728 2022-02-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-12-09] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12918648 2023-01-09] (SteelSeries ApS -> SteelSeries ApS)
HKLM\...\Run: [CORSAIR iCUE 4 Software] => C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE Launcher.exe [185424 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [114273560 2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-05-10] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\ProgramData\Autodesk\Genuine Service\x64\GenuineService.exe [3390024 2021-11-03] (Autodesk, Inc. -> Autodesk)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\Smart Backup\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>) [File not signed]
HKLM-x32\...\RunOnce: [DualBiosRescue] => C:\Program Files (x86)\GIGABYTE\GigabyteFirmwareUpdateUtility\dbrro.exe [12096 2015-08-19] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM-x32\...\RunOnce: [SelLed] => C:\Program Files (x86)\GIGABYTE\RGBFusion\RunLed.exe [50096 2019-04-29] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Rich\AppData\Local\Microsoft\Teams\Update.exe [2508480 2022-05-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090168 2022-12-09] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [Steam] => G:\Program Files\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [253816 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Run: [Parsec.App.0] => C:\Program Files\Parsec\parsecd.exe [462472 2022-12-16] (Parsec Cloud, Inc. -> Parsec)
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\110.0.1587.22\Installer\setup.exe [2023-01-24] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-26] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetupRST_ModeSwitch.lnk [2020-12-19]
ShortcutTarget: SetupRST_ModeSwitch.lnk -> C:\Windows\SysWOW64\pack\SetupRST.exe (Intel(R) Rapid Storage Technology -> Intel Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0025CCF9-A30D-456E-B677-F69C4AF64069} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6dccb2f1a3ccd => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {02E02FA7-452B-4D39-9B8F-DE9330DC4096} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -startupTask (No File)
Task: {057AED33-8491-496C-8836-30281A3E602C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26326520 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {06FF9FEB-CADE-42FB-A7AF-F8F6B022F395} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144288 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {091D9E2E-407A-4B8F-8B85-D3C0D2472B8E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144288 2023-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {094D01B2-B26E-42F6-84BB-6062B14726FE} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59376 2023-01-24] (HP Inc. -> HP Inc.)
Task: {0F36191E-E5C6-4F35-AF7D-885109899311} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {1AADB7C5-E9B6-42BB-BFD8-8BE03AF8A444} - System32\Tasks\systemreset => C:\Program [Argument = Files\WindowsMalwareProtection\config\systemresets.exe]
Task: {230C847E-A930-43F6-A805-EB9719965CB0} - System32\Tasks\MATLAB R2022a Startup Accelerator => C:\Program Files\MATLAB\R2022a\bin\win64\MATLABStartupAccelerator.exe [50688 2022-01-02] () [File not signed]
Task: {24299E36-2330-4B3A-BE6C-C4EFF180F364} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-31] (Google LLC -> Google LLC)
Task: {25891772-A2AC-4AEF-A77E-8DD1556548A9} - System32\Tasks\SIV => C:\Program Files (x86)\GIGABYTE\SIV\thermald.exe [389504 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {25EBFCD3-0CCF-4D07-99F8-4F9C44D857FC} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [160696 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A597280-EE92-4DD5-B967-28ED70EDD30C} - System32\Tasks\NIUpdateServiceRetryCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {2B623FD4-69B5-4541-8CB6-115EF5F11483} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {326B9D9E-C8E4-4C99-AB37-38970A6C722A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26326520 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {3304BE02-5178-4DEF-A751-51A81943382F} - System32\Tasks\MicrosoftMalwareProtection => C:\Program Files\WindowsMalwareProtection\config\MicrosoftMalwareProtection.exe [1511913120 2022-11-05] () [File not signed] <==== ATTENTION
Task: {370251DF-8183-48E2-A579-76DA3044C321} - System32\Tasks\cFos\Registration Tasks\Open Browser => "c:\program files\mozilla firefox\firefox.exe" -osint -url "hxxps://www.cfos.de/en/cfosspeed/documentation/status.htm?reg-12.00.2512-gigabyte"
Task: {3EC88C90-A677-48FD-A528-4D980DD1B024} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3F2D5EE2-7CE9-4EFD-BE72-41C970FD7D18} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65432 2021-08-07] (Microsoft Corporation -> Microsoft)
Task: {47ACF60A-1773-48CB-8A69-BC26D44B3089} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {4AF8B800-FFE7-4F89-8224-28F68E146D26} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {528C744C-0C9F-4580-942C-20ED201CED9B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-17] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {52DD7A8B-3F0A-4BE2-9551-3317A68FCE7B} - System32\Tasks\Microsoft\Office\IMESharePointDictionary => c:\Program Files\Common Files\Microsoft Shared\IME16\IMESharePointDictionary.exe [247216 2002-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {663E758D-0F54-4698-8A9E-47B365F77519} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {721829C2-E287-40BB-AF96-2A5229F772A5} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.11.12\SymErr.exe [379024 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {77C5C306-CD4E-44DA-9B7B-62C156FF81B6} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [59376 2023-01-24] (HP Inc. -> HP Inc.)
Task: {7A7E88C9-6A9D-4FCC-9EEE-94D8C942FB21} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {7BD2575B-9FE1-4367-9533-3C9889C90944} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.11.12\WSCStub.exe [646520 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {7EB59597-EE10-401E-A862-94D0CFA3768B} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {87679E25-4AA4-43CA-A071-E3C3A374A703} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1899656 2020-11-25] (ASUSTeK Computer Inc. -> ASUS)
Task: {8C9D294A-AF66-4F54-924D-57655B3518F3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-128556331-799817740-448323406-500 => C:\Users\Rich\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {8FE989BB-4C25-4895-850B-B23BD09FEB0B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {911D604B-CE91-4AB3-8787-E8AB3167492E} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {93E5A17F-20A4-44BC-91B5-0E1F548E1490} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> )
Task: {96FC48A9-95C3-4C16-AE56-DCCC7BF9EC22} - System32\Tasks\SIV-VGA => C:\Program Files (x86)\GIGABYTE\SIV\sensord.exe [257408 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {A07116CE-0AD4-4D42-911F-56EBAC2B0A67} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A295C821-8083-4EF7-A59D-AB59606AA2B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-31] (Google LLC -> Google LLC)
Task: {A6B41F49-7EA2-4569-8E22-F0446208E69D} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {A8C9A74C-287B-44D4-8F78-D0452AA131CB} - System32\Tasks\GCC => C:\Program Files\GIGABYTE\Control Center\GCC.exe [21912680 2022-11-03] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
Task: {AC16C5FA-D906-4CB6-96C7-1E1E2A89A8F6} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [3824768 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {ADA99BCA-DF16-4398-877F-B90D854EA204} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {D02C39EF-B322-441C-B572-3CD25C376381} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D05EC4F9-617D-4A3B-AABD-307865FE0F55} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe -appexecutable nup.exe -tuds (No File)
Task: {D8FDD839-8E4E-464E-AFC4-63B0C61406EF} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E7441ED1-8F6E-4872-949C-3D2566084088} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.22.11.12\SymErr.exe [379024 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {E8247A4D-FDB5-47A7-8FCE-DA02FE5B8EA1} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\ActiveBridge.exe -appexecutable NUP.exe -ammode (No File)
Task: {EFFE5EBD-C9DD-422D-A1ED-0B9F2036E58D} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.22.11.12\SymErr.exe [379024 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Intel PTT EK Recertification.job => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
Task: C:\Windows\Tasks\MATLAB R2022a Startup Accelerator.job => C:\Program Files\MATLAB\R2022a\bin\win64\MATLABStartupAccelerator.exe C:\Program Files\MATLAB\R2022aRICH\Rich.Sta

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [35448 2017-03-07] (National Instruments Corporation -> National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [38520 2017-03-07] (National Instruments Corporation -> National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.50.1
Tcpip\..\Interfaces\{a33603c5-1cc8-4ffa-9ed6-317f100add76}: [DhcpNameServer] 192.168.50.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rich\AppData\Local\Microsoft\Edge\User Data\Default [2022-12-12]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
StartMenuInternet: Microsoft Edge Beta - C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe

FireFox:
========
FF DefaultProfile: rmj97yd0.default
FF ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\rmj97yd0.default [2021-07-12]
FF Homepage: Mozilla\Firefox\Profiles\rmj97yd0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=FF200401&iDate=2021-07-12 07:08:11&bName=
FF NewTab: Mozilla\Firefox\Profiles\rmj97yd0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=FF200401&iDate=2021-07-12 07:08:11&bName=
FF ProfilePath: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release [2023-01-27]
FF NewTab: Mozilla\Firefox\Profiles\pv6rb7rq.default-release -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=FF200401&iDate=2021-07-12 07:08:11&bName=
FF Extension: (Disable WebRTC) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2021-05-25]
FF Extension: (Norton Safe Web) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2023-01-16]
FF Extension: (uBlock Origin) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\uBlock0@raymondhill.net.xpi [2022-12-24]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-01-26]
FF Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2023-01-26]
FF Extension: (Japanese Tattoo) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{4d7820bd-9fec-45f5-82db-92fd03cf7fc2}.xpi [2021-05-25]
FF Extension: (Japanese Sea Scape) - C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\Extensions\{f39384aa-40fb-4765-a10d-b879ec11ddde}.xpi [2021-05-25]
FF SearchPlugin: C:\Users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\pv6rb7rq.default-release\searchplugins\Search Now.xml [2021-07-12]
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-01-20] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default [2022-11-23]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-24]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-05-10] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [14124208 2021-11-16] (Autodesk, Inc. -> Autodesk)
R2 AORUS LCD Panel Service; C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\MonitorService-exec.exe [360960 2022-09-18] (CloudBees, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.06\atkexComSvc.exe [456008 2021-07-03] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [313008 2021-09-15] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-27] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusROGLSLService; C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe [590872 2020-12-27] (ASUSTeK Computer Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12548520 2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
S2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [610352 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe [233040 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe [84048 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 CorsairUniwillService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueUniwillService.exe [107088 2022-06-14] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-07-10] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [229360 2023-01-24] (HP Inc. -> HP Inc.)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [130432 2021-04-08] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 iCUEDevicePluginHost; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe [452176 2022-06-14] (Corsair Memory, Inc. -> Corsair)
S3 JTAGServer; C:\intelFPGA_lite\20.1\quartus\bin64\jtagserver.exe [452608 2020-11-11] () [File not signed]
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [69096 2019-03-12] (National Instruments Corporation -> National Instruments Corporation)
S2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [80880 2019-03-12] (National Instruments Corporation -> National Instruments Corporation)
S3 LxssManagerUser; C:\Windows\system32\lxss\wslclient.dll [393216 2022-12-19] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8891160 2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
S3 MicrosoftEdgeBetaElevationService; C:\Program Files (x86)\Microsoft\Edge Beta\Application\110.0.1587.22\elevation_service.exe [2366880 2023-01-24] (Microsoft Corporation -> Microsoft Corporation)
S2 MyService1; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [18944 2021-04-08] () [File not signed]
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [432088 2019-03-12] (National Instruments Corporation -> National Instruments Corporation)
S2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [343080 2017-03-07] (National Instruments Corporation -> National Instruments Corporation)
S2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [189512 2019-03-14] (National Instruments Corporation -> National Instruments Corporation)
S2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [110040 2019-03-20] (National Instruments Corporation -> National Instruments Corporation)
S2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-11-21] (nordvpn s.a. -> nordvpn S.A.)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [254328 2022-08-03] (nordvpn s.a. -> TEFINCOM S.A.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.11.12\NortonSecurity.exe [344888 2022-11-27] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.11.12\nsWscSvc.exe [1059176 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
S2 Parsec; C:\Program Files\Parsec\pservice.exe [424584 2022-12-16] (Parsec Cloud, Inc. -> Parsec)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15358896 2023-01-26] (ADLICE -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35200 2023-01-09] (SteelSeries ApS -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 Rockstar Service; "G:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
R1 Asusgio3; C:\Windows\system32\drivers\AsIO3.sys [43160 2021-09-15] (ASUSTeK Computer Inc. -> )
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20230126.001\BHDrvx64.sys [1705040 2022-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\16160B0.00C\ccSetx64.sys [198280 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [63024 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccessC2D033F14715AA7325305EA42FBFC65BF867CC1D; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairLLAccess64.sys [21752 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [46600 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22536 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz153; C:\Windows\temp\cpuz153\cpuz153_x64.sys [36864 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> CPUID)
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2022-12-03] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-10-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 gdrv2; C:\Windows\gdrv2.sys [32600 2022-09-15] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [45248 2022-11-23] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20230127.061\IDSvia64.sys [1526776 2022-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-01-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197088 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [76216 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-01-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181816 2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
S1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2022-12-03] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R0 mtinvme; C:\Windows\System32\drivers\mtinvme.sys [184744 2021-03-12] (Micron Technology, Inc. -> Micron Technology, Inc.)
R2 NDivert; C:\Program Files\NordVPN\7.3.9.0\Drivers\NDivert.sys [131472 2022-06-28] (nordvpn s.a. -> Nordvpn S.A.)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [44928 2022-02-22] (nordvpn s.a. -> TEFINCOM S.A.)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\16160B0.00C\nsvst.sys [57120 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
R3 parsecvusba; C:\Windows\System32\drivers\parsecvusba.sys [256560 2022-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Parsec)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R1 SRTSP; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SRTSP64.SYS [956048 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SRTSPX64.SYS [52872 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 SteelSeries_Sonar_VAD; C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_178ca29ac943515a\SteelSeries-Sonar-VAD.sys [93368 2022-12-04] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SYMEFASI64.SYS [2180248 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\16160B0.00C\SymELAM.sys [36016 2022-11-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100320 2022-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [722400 2022-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\16160B0.00C\Ironx64.SYS [306824 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\16160B0.00C\symnets.sys [490656 2022-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [41920 2023-01-27] (ADLICE (Julien ASCOET) -> )
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R1 ViGEmBus; C:\Windows\System32\drivers\ViGEmBus.sys [165744 2021-08-23] (Microsoft Windows Hardware Compatibility Publisher -> Nefarius Software Solutions e.U.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-18] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2022-12-23] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R1 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\16160B0.00C\wpCtrlDrv.sys [1016792 2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

 

[rickyralph]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-27 22:07 - 2023-01-27 22:07 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2023-01-27 21:24 - 2023-01-27 21:24 - 000058280 _____ C:\Users\Rich\Downloads\Daedric Shrines - Azura patches-32415-1-0-0-1660282609.7z
2023-01-27 10:49 - 2023-01-27 15:54 - 000000000 ____D C:\ProgramData\RogueKiller
2023-01-27 10:49 - 2023-01-27 10:49 - 000041920 _____ C:\Windows\system32\Drivers\truesight.sys
2023-01-27 10:49 - 2023-01-27 10:49 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2023-01-27 10:49 - 2023-01-27 10:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2023-01-27 10:49 - 2023-01-27 10:49 - 000000000 ____D C:\Program Files\RogueKiller
2023-01-27 10:46 - 2023-01-27 10:46 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-01-27 10:36 - 2023-01-27 10:36 - 047201632 _____ (Adlice Software ) C:\Users\Rich\Downloads\RogueKiller_setup.exe
2023-01-26 22:37 - 2023-01-26 22:38 - 000000000 ____D C:\Users\Rich\Documents\Tools
2023-01-26 22:35 - 2023-01-27 23:44 - 000000000 ____D C:\FRST
2023-01-26 21:44 - 2023-01-26 21:45 - 000000000 ____D C:\AdwCleaner
2023-01-26 21:29 - 2023-01-26 21:29 - 008791352 _____ (Malwarebytes) C:\Users\Rich\Downloads\adwcleaner.exe
2023-01-26 21:28 - 2023-01-26 21:28 - 000181816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-01-26 21:27 - 2023-01-26 21:27 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-01-26 21:27 - 2023-01-26 21:27 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-01-26 21:27 - 2023-01-26 21:27 - 000000000 ____D C:\Users\Rich\AppData\Local\mbam
2023-01-26 21:26 - 2023-01-26 21:26 - 002552184 _____ (Malwarebytes) C:\Users\Rich\Downloads\MBSetup.exe
2023-01-26 21:26 - 2023-01-26 21:26 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-01-26 21:26 - 2023-01-26 21:26 - 000000000 ____D C:\Program Files\Malwarebytes
2023-01-26 17:58 - 2023-01-26 17:58 - 000000000 ____D C:\Users\Rich\AppData\Local\NPE
2023-01-25 14:21 - 2023-01-25 14:24 - 000000000 ____D C:\Users\Rich\AppData\Roaming\zEdit
2023-01-25 12:36 - 2023-01-25 12:37 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Parsec
2023-01-25 12:36 - 2023-01-25 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec
2023-01-25 12:36 - 2023-01-25 12:36 - 000000000 ____D C:\Program Files\Parsec
2023-01-23 20:37 - 2023-01-23 20:59 - 000000047 _____ C:\Users\Rich\Documents\Ryoma Reading.txt
2023-01-22 22:49 - 2023-01-22 22:49 - 000000758 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOOT.lnk
2023-01-22 21:43 - 2023-01-22 21:43 - 000001551 _____ C:\Users\Rich\AppData\Local\recently-used.xbel
2023-01-21 20:07 - 2023-01-21 20:08 - 534574943 _____ C:\Users\Rich\Downloads\The Phoenix Flavour - Release 5.0 RC4.7z
2023-01-21 10:06 - 2023-01-21 20:10 - 000000932 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wabbajack.lnk
2023-01-19 20:14 - 2023-01-25 12:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-01-14 13:39 - 2023-01-14 13:39 - 071340289 _____ C:\Users\Rich\Downloads\SleepIntimateR_v2.7z
2023-01-14 13:39 - 2023-01-14 13:39 - 000206943 _____ C:\Users\Rich\Downloads\SleepIntimate_OptionalAAF.7z
2023-01-14 13:39 - 2023-01-14 13:39 - 000014498 _____ C:\Users\Rich\Downloads\SleepIntimate_DatingMagnoliaPatch.7z
2023-01-14 13:39 - 2023-01-14 13:39 - 000001087 _____ C:\Users\Rich\Downloads\Vioxsis_StrapOns_an3k_SIXPatch.7z
2023-01-14 11:48 - 2023-01-14 12:31 - 000001367 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fire Toolbox V30.3.lnk
2023-01-14 11:09 - 2023-01-14 11:09 - 000000000 ____D C:\Users\Rich\AppData\Roaming\NVIDIA
2023-01-14 11:08 - 2023-01-14 11:08 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2023-01-14 11:05 - 2022-12-28 17:24 - 002237024 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 002237024 _____ C:\Windows\system32\vulkaninfo.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 001642600 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 001642600 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2023-01-14 11:05 - 2022-12-28 17:24 - 001168968 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2023-01-14 11:05 - 2022-12-28 17:24 - 001168968 _____ C:\Windows\SysWOW64\vulkan-1.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001487352 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001444448 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001444448 _____ C:\Windows\system32\vulkan-1.dll
2023-01-14 11:05 - 2022-12-28 17:23 - 001227272 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2023-01-14 11:05 - 2022-12-28 17:20 - 000865272 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2023-01-14 11:05 - 2022-12-28 17:20 - 000672256 _____ C:\Windows\system32\nvofapi64.dll
2023-01-14 11:05 - 2022-12-28 17:20 - 000506904 _____ C:\Windows\SysWOW64\nvofapi.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 002163688 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 001619968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 001532928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 001192976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 000949736 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2023-01-14 11:05 - 2022-12-28 17:19 - 000746992 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2023-01-14 11:05 - 2022-12-28 17:19 - 000734192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 012453368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 010220544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 005890544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 005866496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 003334656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2023-01-14 11:05 - 2022-12-28 17:18 - 000457720 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2023-01-14 11:05 - 2022-12-28 17:17 - 005818392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2023-01-14 11:05 - 2022-12-28 17:16 - 000853016 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2023-01-14 11:05 - 2022-12-28 17:15 - 007648008 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2023-01-14 11:05 - 2022-12-28 17:15 - 006516480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2023-01-14 11:05 - 2022-12-22 01:29 - 000100815 _____ C:\Windows\system32\nvinfo.pb
2023-01-14 11:01 - 2022-07-13 15:32 - 000060112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2023-01-14 00:22 - 2023-01-14 12:40 - 000007601 _____ C:\Users\Rich\AppData\Local\Resmon.ResmonCfg
2023-01-13 21:09 - 2023-01-13 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mod Organizer
2023-01-13 20:44 - 2023-01-13 20:44 - 000000000 ____D C:\Users\Rich\Downloads\MicronNVMeDrivers
2023-01-13 20:44 - 2023-01-13 20:44 - 000000000 ____D C:\Program Files\Micron Technology
2023-01-13 20:43 - 2023-01-13 20:43 - 002351963 _____ C:\Users\Rich\Downloads\MicronNVMeDrivers.zip
2023-01-12 21:45 - 2023-01-12 21:45 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wrye Bash
2023-01-12 21:43 - 2023-01-12 21:43 - 035452748 _____ (Wrye Bash development team) C:\Users\Rich\Downloads\Wrye Bash 310 - Installer-20032-310-1658670586.exe
2023-01-12 20:04 - 2023-01-12 20:07 - 000000000 ____D C:\Users\Rich\AppData\Roaming\steelseries-gg-client
2023-01-12 19:48 - 2023-01-12 19:48 - 000000000 ____D C:\Users\Rich\AppData\Local\ElevatedDiagnostics
2023-01-12 16:27 - 2023-01-21 20:10 - 000000000 ____D C:\Users\Rich\AppData\Local\Wabbajack
2023-01-10 12:37 - 2023-01-10 12:37 - 000000000 ___HD C:\$WinREAgent
2023-01-08 20:26 - 2023-01-08 20:26 - 000000000 ____D C:\Users\Rich\AppData\Local\Wrye Bash
2023-01-05 18:47 - 2023-01-05 18:47 - 000000000 ____D C:\Users\Rich\AppData\Roaming\RenPy
2023-01-05 18:46 - 2023-01-06 16:46 - 000003408 _____ C:\Windows\system32\Tasks\MicrosoftMalwareProtection
2023-01-05 18:46 - 2023-01-05 18:46 - 000003280 _____ C:\Windows\system32\Tasks\systemreset
2023-01-05 18:45 - 2023-01-05 18:45 - 000000000 __SHD C:\Program Files\WindowsMalwareProtection
2023-01-04 17:32 - 2023-01-04 17:32 - 000524774 _____ C:\Users\Rich\Downloads\Mercari.pdf
2022-12-31 23:07 - 2022-12-31 23:07 - 000000894 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ryujinx (2).lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-27 23:44 - 2020-12-19 11:40 - 000000000 ____D C:\Users\Rich\AppData\LocalLow\Mozilla
2023-01-27 23:43 - 2022-12-03 10:43 - 000003424 _____ C:\Windows\system32\Tasks\GCC
2023-01-27 23:43 - 2021-03-31 12:33 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-27 23:43 - 2020-12-19 11:32 - 000000000 ____D C:\ProgramData\NVIDIA
2023-01-27 22:51 - 2021-05-13 09:10 - 000000000 ____D C:\ProgramData\USVFS
2023-01-27 22:51 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-27 22:49 - 2021-05-13 09:10 - 000000000 ____D C:\Users\Rich\AppData\Local\ModOrganizer
2023-01-27 21:12 - 2020-11-18 23:46 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-01-27 21:12 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-01-27 21:12 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\AppReadiness
2023-01-27 20:18 - 2020-12-19 17:50 - 000000000 ____D C:\Users\Rich\AppData\Local\D3DSCache
2023-01-27 10:47 - 2021-01-05 10:36 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-01-27 10:46 - 2022-10-12 20:41 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-01-27 10:36 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\registration
2023-01-26 22:00 - 2022-02-23 21:57 - 000000000 ____D C:\Users\Rich\Documents\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\Users\Rich\AppData\Local\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\ProgramData\Altium
2023-01-26 22:00 - 2022-02-09 22:02 - 000000000 ____D C:\Program Files\Altium
2023-01-26 21:59 - 2022-02-09 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altium
2023-01-26 21:35 - 2021-10-29 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2023-01-26 21:28 - 2020-12-20 11:25 - 000488348 _____ C:\Windows\system32\perfh011.dat
2023-01-26 21:28 - 2020-12-20 11:25 - 000133574 _____ C:\Windows\system32\perfc011.dat
2023-01-26 21:28 - 2020-11-18 23:54 - 001455728 _____ C:\Windows\system32\PerfStringBackup.INI
2023-01-26 21:28 - 2019-12-07 01:13 - 000000000 ____D C:\Windows\INF
2023-01-26 21:27 - 2019-12-07 01:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-01-26 21:26 - 2022-12-13 20:45 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2023-01-26 21:21 - 2020-12-19 14:06 - 000008192 ___SH C:\DumpStack.log.tmp
2023-01-26 21:21 - 2020-11-18 23:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-01-26 21:21 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\ServiceState
2023-01-26 21:21 - 2019-12-07 01:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-01-26 21:20 - 2021-10-29 12:04 - 000000000 ____D C:\Program Files (x86)\National Instruments
2023-01-26 21:19 - 2021-10-29 12:02 - 000000000 ____D C:\ProgramData\National Instruments
2023-01-26 21:11 - 2022-01-04 08:48 - 000000000 ____D C:\Keil
2023-01-26 21:10 - 2022-03-02 22:52 - 000000000 ____D C:\Program Files (x86)\ExpressPCBPlus
2023-01-26 21:10 - 2021-01-06 15:53 - 000000000 ____D C:\Program Files (x86)\Digilent
2023-01-26 21:06 - 2020-11-18 23:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-01-26 19:49 - 2021-05-25 12:13 - 000000000 ____D C:\Users\Rich\AppData\Roaming\discord
2023-01-26 19:47 - 2021-05-25 12:13 - 000000000 ____D C:\Users\Rich\AppData\Local\Discord
2023-01-26 17:58 - 2020-12-19 11:36 - 000000000 ____D C:\ProgramData\Norton
2023-01-26 17:18 - 2021-03-31 12:34 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-25 16:16 - 2020-12-28 12:06 - 000000000 ____D C:\Users\Rich\AppData\Local\CrashDumps
2023-01-25 12:28 - 2021-05-25 07:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-01-25 12:28 - 2019-12-07 01:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-01-24 21:35 - 2020-12-22 21:18 - 000000000 ____D C:\Users\Rich\AppData\Local\LOOT
2023-01-24 20:07 - 2021-05-25 11:34 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-01-24 20:05 - 2020-12-19 17:13 - 000000000 ____D C:\Windows\system32\Tasks\HP
2023-01-24 16:29 - 2020-12-27 19:41 - 000002357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge Beta.lnk
2023-01-23 21:04 - 2021-09-06 22:22 - 000000000 ____D C:\Users\Rich\AppData\Local\Mutagen
2023-01-23 21:02 - 2021-09-06 22:19 - 000000000 ____D C:\Users\Rich\AppData\Local\NuGet
2023-01-23 21:02 - 2021-09-05 19:07 - 000000000 ___HD C:\Users\Rich\.dotnet
2023-01-23 18:07 - 2021-02-19 18:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-22 20:27 - 2021-01-08 13:47 - 000000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2023-01-21 20:14 - 2021-06-16 18:03 - 000000000 ____D C:\Users\Rich\AppData\LocalLow\Norton
2023-01-20 21:25 - 2022-12-16 20:08 - 000003438 _____ C:\Windows\system32\Tasks\NIUpdateServiceRetryCheckTask
2023-01-20 21:25 - 2022-01-11 15:23 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-01-20 21:25 - 2021-05-25 07:31 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-01-15 23:07 - 2020-12-28 10:34 - 000000000 ____D C:\Users\Rich\AppData\Local\babl-0.1
2023-01-15 12:01 - 2020-12-28 10:49 - 000000000 ____D C:\Users\Rich\AppData\Local\gtk-2.0
2023-01-14 12:53 - 2022-06-25 21:55 - 000000000 ____D C:\Users\Rich\AppData\Local\yuzu
2023-01-14 12:31 - 2022-01-15 17:07 - 000001377 _____ C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbox Updater.lnk
2023-01-14 11:48 - 2020-12-23 20:04 - 000000000 ____D C:\Users\Rich\AppData\Local\Datastream
2023-01-14 11:47 - 2020-12-19 11:34 - 000000000 ____D C:\Users\Rich\AppData\Local\NVIDIA Corporation
2023-01-14 11:40 - 2020-12-19 11:34 - 000000000 ____D C:\Users\Rich\AppData\Local\NVIDIA
2023-01-14 11:08 - 2020-12-18 22:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-01-14 11:05 - 2020-12-18 22:23 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-01-14 11:01 - 2020-12-19 11:32 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-01-14 11:01 - 2020-12-19 11:32 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-01-13 20:57 - 2021-02-10 23:25 - 000000000 ____D C:\Users\Rich\AppData\Roaming\vlc
2023-01-13 20:57 - 2020-12-19 14:10 - 000000000 ____D C:\Users\Rich\AppData\Local\Packages
2023-01-12 21:41 - 2020-12-19 16:20 - 000000000 ____D C:\Users\Rich\Documents\My Games
2023-01-12 20:04 - 2020-12-19 17:22 - 000000000 ____D C:\ProgramData\SteelSeries
2023-01-12 20:04 - 2020-12-19 11:32 - 000000000 ____D C:\ProgramData\Package Cache
2023-01-12 19:54 - 2020-11-18 23:43 - 000645464 _____ C:\Windows\system32\FNTCACHE.DAT
2023-01-12 19:53 - 2021-01-08 13:35 - 000000000 ___SD C:\Windows\system32\lxss
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\SystemResources
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\oobe
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-01-12 19:53 - 2019-12-07 01:14 - 000000000 ____D C:\Windows\bcastdvr
2023-01-12 16:24 - 2020-12-19 13:44 - 000000000 ____D C:\Program Files\Microsoft Office
2023-01-10 12:42 - 2019-12-07 01:03 - 000000000 ____D C:\Windows\CbsTemp
2023-01-10 12:41 - 2020-11-18 23:45 - 003014656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-01-10 12:37 - 2020-12-18 22:20 - 000000000 ____D C:\Windows\system32\MRT
2023-01-10 12:34 - 2020-12-18 22:20 - 150199536 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-01-05 18:45 - 2021-03-31 12:34 - 000000000 ____D C:\Program Files\Google
2023-01-04 22:36 - 2020-12-19 17:49 - 000000000 ____D C:\Users\Rich\AppData\Local\Bethesda.net Launcher
2023-01-04 22:36 - 2020-12-19 17:49 - 000000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2023-01-04 21:24 - 2022-10-14 17:15 - 000000000 ____D C:\Users\Rich\AppData\Local\Battle.net
2023-01-04 16:06 - 2020-11-18 23:46 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-04 16:06 - 2020-11-18 23:46 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-12-31 22:56 - 2022-06-25 21:12 - 000000000 ____D C:\Users\Rich\AppData\Roaming\Ryujinx
2022-12-28 08:18 - 2022-01-17 10:20 - 000000000 ____D C:\Users\Rich\AppData\Local\Autodesk

==================== Files in the root of some directories ========

2020-12-21 11:09 - 2022-09-18 09:36 - 001065984 _____ () C:\Users\Rich\AppData\Local\file__0.localstorage
2023-01-22 21:43 - 2023-01-22 21:43 - 000001551 _____ () C:\Users\Rich\AppData\Local\recently-used.xbel
2023-01-14 00:22 - 2023-01-14 12:40 - 000007601 _____ () C:\Users\Rich\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[rickyralph]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2023
Ran by Rich (27-01-2023 23:45:12)
Running from C:\Users\Rich\Documents\Tools
Microsoft Windows 10 Education Version 22H2 19045.2486 (X64) (2020-12-19 22:07:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-128556331-799817740-448323406-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-128556331-799817740-448323406-503 - Limited - Disabled)
Guest (S-1-5-21-128556331-799817740-448323406-501 - Limited - Disabled)
Rich (S-1-5-21-128556331-799817740-448323406-1001 - Administrator - Enabled) => C:\Users\Rich
WDAGUtilityAccount (S-1-5-21-128556331-799817740-448323406-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Micron NVMe PCIe Device Driver (64 bit) 2.1.18.0 (HKLM\...\{E504FFF6-1CC1-47BF-BE13-FA7481A90139}) (Version: 2.1.18.0 - Micron Technology, Inc.)
@Bios (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.21.0414.1 - GIGABYTE) Hidden
@Bios (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.21.0414.1 - GIGABYTE)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.003.20314 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
AORUS LCD Panel Setting (HKLM-x32\...\{82026686-454E-4233-83E3-4045BC3FB31C}_is1) (Version: 1.1.0.1 - GIGABYTE Technology Co.,Inc.)
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.1031.1 - Gigabyte) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.22.1031.1 - Gigabyte)
Assassin's Creed Odyssey (HKLM-x32\...\Uplay Install 5059) (Version: - Ubisoft)
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{4e2ab86c-b539-4b1d-bacd-a434371143fb}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.93 - ASUSTeK Computer Inc.) Hidden
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.54 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{db73e7a9-d4ff-4857-a29c-4f6414eb8aca}) (Version: 1.0.54 - ASUS) Hidden
AutoCAD Electrical 2022 (HKLM\...\{28B89EEF-5107-0000-0102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Electrical 2022 Content Language Pack - English (HKLM\...\{28B89EEF-5107-0409-6102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Electrical 2022 Content Pack (HKLM\...\{28B89EEF-5107-0000-5102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Electrical 2022 Language Pack - English (HKLM\...\{28B89EEF-5107-0409-1102-CF3F3A09B77D}) (Version: 19.0.57.0 - Autodesk) Hidden
AutoCAD Open in Desktop (HKLM\...\{1C66A0B0-784E-4777-97B3-93F843D1C8CF}) (Version: 1.0.20.0 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{9C2E49CB-F671-47EC-8093-CC1A8749A92A}) (Version: 3.2.1 - Autodesk)
Autodesk AutoCAD 2022 - English (HKLM\...\{1E7D4EF7-A28E-3D3E-BA3C-C6FAE4AAB2E0}) (Version: 24.1.154.0 - Autodesk, Inc.)
Autodesk AutoCAD 2022.1.1 Update (HKLM\...\{F4B1542F-3F3E-3BAB-8938-9036045A627F}) (Version: 24.1.154.0 - Autodesk, Inc.)
Autodesk AutoCAD Electrical 2022 - English (HKLM\...\{EE9C996C-F54A-349E-A913-64C473E5F053}) (Version: 19.0.57.0 - Autodesk, Inc.)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.2.0.34 - Autodesk)
Autodesk Featured Apps (HKLM-x32\...\{46EA8955-D629-4B3E-AAF0-D136031D7C95}) (Version: 3.2.1 - Autodesk)
Autodesk Fusion 360 (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.15050 - Autodesk, Inc.)
Autodesk Genuine Service (HKLM\...\{98537105-FCCB-4577-A839-2816FDE75B5D}) (Version: 4.5.0.119 - Autodesk)
Autodesk Material Library 2022 (HKLM-x32\...\{A9221A68-5AD0-4215-B54F-CB5DBA4FB27C}) (Version: 20.3.7.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2022 (HKLM-x32\...\{6256584F-B04B-41D4-8A59-44E70940C473}) (Version: 20.3.7.0 - Autodesk)
Autodesk Save to Web and Mobile (HKLM\...\{192B349F-C3F7-4BBE-B49E-00DD4BD28373}) (Version: 3.0.29 - Autodesk) Hidden
Autodesk Single Sign On Component (HKLM\...\{B9F5BDED-021C-4926-8518-4FA7114B7040}) (Version: 12.3.3.1803 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.68.0 - Bethesda Softworks)
CORSAIR iCUE 4 Software (HKLM\...\{ED82C5D7-D600-4B4D-B2FB-62FEDC3570F8}) (Version: 4.25.155 - Corsair)
CPUID CPU-Z Aorus 1.94 (HKLM\...\CPUID CPU-Z Aorus_is1) (Version: 1.94 - CPUID, Inc.)
CPUID HWMonitor 1.48 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.48 - CPUID, Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version: - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Documentation Manager (HKLM\...\{5D4B95B9-6199-4643-B41B-DEBD7048A263}) (Version: 22.160.0.3 - Intel Corporation) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{F8197FEC-9FA0-4488-AC9D-38E67D58FDAC}) (Version: 1.0.0.0 - Intel Corporation) Hidden
EAGLE 9.6.2 (HKLM\...\{AUTODESK-EAGLE-9-6-2}_is1) (Version: 9.6.2 - Autodesk, Inc.)
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM\...\{40514BA6-1FC2-4BBD-84A2-504634A97196}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_DRAM_RGB_AIO (HKLM-x32\...\{ca38f41e-a37c-41b2-82e3-28b215743448}) (Version: 1.0.4.16 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{6b617af3-c8f4-45a8-bf47-b32ffb4da1cc}) (Version: 1.0.10.1 - ENE TECHNOLOGY INC.) Hidden
ENE_External_Device_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_External_Device_HAL (HKLM-x32\...\{bb9d349f-b87b-4026-b336-1604708bd09c}) (Version: 1.0.11.1 - ENE Tech) Hidden
ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_MousePad_HAL (HKLM-x32\...\{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
ENE_X_AIC_HAL (HKLM-x32\...\{ec10ac91-2e61-460a-b493-33f794a07682}) (Version: 1.0.4.0 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Excel (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
EZRAID (HKLM-x32\...\{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.19.0401.1 - GIGABYTE) Hidden
EZRAID (HKLM-x32\...\InstallShield_{8F307CB5-FE1C-4BF3-8747-305D14161916}) (Version: 1.19.0401.1 - GIGABYTE)
Fast Boot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.0414.1 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.21.0414.1 - GIGABYTE)
Fire Toolbox V26.1 version (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{3B6D3905-C426-42EF-9CCD-C465684E0550}_is1) (Version: - Datastream33)
FormatFactory 5.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 5.7.5.0 - Free Time)
Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0006 - Gigabyte) Hidden
Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0006 - Gigabyte)
GBT_MB_Update 22.09.20.01 (HKLM\...\GBT_MB_Update) (Version: 22.09.20.01 - GIGABYTE)
GBT_RGB_Sync_Control 22.09.26.01 (HKLM\...\GBT_RGB_Sync_Control) (Version: 22.09.26.01 - GIGABYTE)
GBT_rgbMotherboard_UC 22.09.16.01 (HKLM\...\GBT_rgbMotherboard_UC) (Version: 22.09.16.01 - GIGABYTE)
GBT_VGA 22.11.25.03 (HKLM\...\GBT_VGA) (Version: 22.11.25.03 - GIGABYTE)
GIGABYTE Control Center 22.11.03.01 (HKLM\...\GIGABYTE Control Center) (Version: 22.11.03.01 - GIGABYTE)
GIGABYTE Storage Library (HKLM\...\MBStorage) (Version: 22.12.02.01 - GIGABYTE)
GigabyteFirmwareUpdateUtility (HKLM-x32\...\{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.20.0406.1 - GIGABYTE) Hidden
GigabyteFirmwareUpdateUtility (HKLM-x32\...\InstallShield_{1CBA99CE-1AB3-4366-AFB4-7F7B75EBBE35}) (Version: 1.20.0406.1 - GIGABYTE)
GIMP 2.10.24 (HKLM\...\GIMP-2_is1) (Version: 2.10.24 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.16.1202.1 - GIGABYTE)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HP Prime Virtual Calculator (64 bit) (HKLM\...\{5A9C4439-1E25-427C-B9A5-F3BAB7F97135}) (Version: 2.1.14592.228 - HP) Hidden
HP Prime Virtual Calculator (HKLM-x32\...\{b636c218-1c16-40e6-a1f3-8f012a49e87c}) (Version: 2.1.14592.228 - HP)
Intel(R) Chipset Device Software (HKLM\...\{44C34709-F068-4CBC-8A71-515EDBC3B2A6}) (Version: 10.1.18383.8213 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{afad3740-3061-4b48-a9ab-6f1435cb3dd6}) (Version: 10.1.18383.8213 - Intel(R) Corporation)
Intel(R) Icls (HKLM\...\{456B5CCF-722F-4AC9-9490-3C9FCADEEEF2}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) LMS (HKLM\...\{AD1C4C82-ED20-4DD6-A5BA-DA8748D1AF98}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{09DAB6B6-FBEF-4AC5-AE93-BFF01A0B796D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B557A9A1-D64B-43D7-B598-F7BAAE897CF3}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3479FCE3-F7D2-4980-819A-767941440932}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Network Connections 26.2.0.1 (HKLM\...\{AC44C09E-6D45-4F0F-8749-C3DF69A55FDE}) (Version: 26.2.0.1 - Intel) Hidden
Intel(R) Network Connections 26.2.0.1 (HKLM\...\PROSetDX) (Version: 26.2.0.1 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{1A8E089C-378F-4ECA-B34A-64D0BF90CA99}) (Version: 17.8.0.1065 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.8.0.1065 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{0940A8E6-DBBC-4554-B07D-EBFB10627716}) (Version: 30.100.2020.7 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000160-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.160.0.4 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4487026C-A32C-4FF5-858E-8DB890814949}) (Version: 17.8.0.1065 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{8fca270b-04dc-46cd-a7dc-bca0425f10c6}) (Version: 22.160.0.3 - Intel Corporation) Hidden
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LINE (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\LINE) (Version: 7.9.1.2757 - LINE Corporation)
LOOT version 0.19.1 (HKLM\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.19.1 - LOOT Team)
Malwarebytes version 4.5.20.230 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.20.230 - Malwarebytes)
MATLAB R2022a (HKLM\...\MATLAB R2022a) (Version: 9.12 - MathWorks)
MFBO Preset Creator (v.2.7.2) (HKLM-x32\...\{F0572980-4893-4828-B9EC-B9AD99DBCE35}_is1) (Version: 2.7.2 - Mitsuriou)
Microsoft .NET 6.0 Templates 6.0.404 (x64) (HKLM\...\{2CC77066-22A4-442F-9886-961912A62BEC}) (Version: 24.7.30136 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64) (HKLM\...\{0843B2D1-FCB8-47FC-9732-E36B31436C28}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64_arm) (HKLM\...\{5BE5CFFD-78AD-4612-A271-BEF48B722F49}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64_arm64) (HKLM\...\{B9689086-0F4A-415D-9C7A-59F2500A8B5B}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 5.0.9 (x64_x86) (HKLM\...\{17D9BF6D-1890-44D7-89CD-8D3C5111A98A}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64) (HKLM\...\{727CF86D-4100-467F-BE93-AF8A937D9F97}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64_arm) (HKLM\...\{8ECD9126-5C60-4E70-92C8-E46D4851DD0C}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64_arm64) (HKLM\...\{AA519709-E672-451E-83CC-75685E2280D7}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.12 (x64_x86) (HKLM\...\{E441C3EC-7A2B-49FA-BB59-9AE980F1852D}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Core 5.0 Templates 5.0.400 (x64) (HKLM\...\{FB2E8886-F40F-4BAF-8F63-6EED2BED6F41}) (Version: 20.3.57386 - Microsoft Corporation) Hidden
Microsoft .NET Core Host - 3.1.10 (x64) (HKLM\...\{52B42932-15C1-45D4-8904-FC3117EEE69B}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.10 (x64) (HKLM\...\{752B4412-A129-4CB2-AD96-B6D97EAD3090}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM\...\{396D7BC8-E3C8-4B3E-8C60-D50D94FDF09D}) (Version: 24.104.29419 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.10 (x64) (HKLM-x32\...\{4714dd0a-ebab-4f59-a708-f8d7a793b3f5}) (Version: 3.1.10.29419 - Microsoft Corporation)
Microsoft .NET Host - 5.0.9 (x64) (HKLM\...\{8313C056-53A4-4845-B03E-5C27165DC2F1}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.12 (x64) (HKLM\...\{E215AA9E-5DF2-44BC-9D6F-E1A1B0C348FB}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.9 (x64) (HKLM\...\{AB193EEE-76AF-43D3-BFC1-823EE43D7738}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.12 (x64) (HKLM\...\{0712F23C-FBAC-436C-9DDB-125F32D15033}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.9 (x64) (HKLM\...\{D55E73D8-86EB-4FC3-A957-54616AA3D961}) (Version: 40.36.30309 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.12 (x64) (HKLM\...\{1BF67DC1-8BB5-4AF5-BE20-3B53D9532D01}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET SDK 5.0.400 (x64) (HKLM-x32\...\{4ec57a91-a2e9-46ea-8946-5b46e35fad1a}) (Version: 5.4.21.37610 - Microsoft Corporation)
Microsoft .NET SDK 6.0.404 (x64) (HKLM-x32\...\{8492a30b-426a-4798-95c5-d74d36b9744d}) (Version: 6.4.422.57816 - Microsoft Corporation)
Microsoft .NET Standard Targeting Pack - 2.1.0 (x64) (HKLM\...\{A7036CFB-B403-4598-85FF-D397ABB88173}) (Version: 24.0.28113 - Microsoft Corporation) Hidden
Microsoft .NET Targeting Pack - 5.0.0 (x64) (HKLM\...\{F9CD5A8F-B00B-4770-9E4A-A3C818BE840F}) (Version: 40.0.29513 - Microsoft Corporation) Hidden
Microsoft .NET Targeting Pack - 6.0.12 (x64) (HKLM\...\{223F1D35-BBE9-4DC1-A20F-381D1B03E9CD}) (Version: 48.51.51943 - Microsoft Corporation) Hidden
Microsoft .NET Toolset 5.0.400 (x64) (HKLM\...\{52370767-E5DD-4C0C-AD33-E2FD790AAE94}) (Version: 20.3.41002 - Microsoft Corporation) Hidden
Microsoft .NET Toolset 6.0.404 (x64) (HKLM\...\{781B2BC5-F211-44EC-8FB9-52CF6506E5F4}) (Version: 24.5.30136 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.15928.20216 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - ja-jp (HKLM\...\O365ProPlusRetail - ja-jp) (Version: 16.0.15928.20216 - Microsoft Corporation)
Microsoft Access database engine 2016 (English) (HKLM\...\{90160000-00D1-0409-1000-0000000FF1CE}) (Version: 16.0.5044.1000 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 - Shared Framework (HKLM-x32\...\{6efe3294-03d8-4977-9c67-9f57ab075130}) (Version: 3.1.10.20520 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.10 Shared Framework (x64) (HKLM\...\{7BEAA207-E3EB-3948-BBB3-336B04D8A2F1}) (Version: 3.1.10.20520 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 5.0.0 Targeting Pack (x64) (HKLM\...\{7E0C04EC-9D6F-36CD-A821-DC8493EE407F}) (Version: 5.0.0.20526 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 5.0.9 Shared Framework (x64) (HKLM\...\{B3CDEF60-7D28-332C-8845-682E6DAAEA80}) (Version: 5.0.9.21365 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.12 Shared Framework (x64) (HKLM\...\{EB4AA7BF-1E27-33BB-91BC-1FD67B340EB0}) (Version: 6.0.12.22571 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.12 Targeting Pack (x64) (HKLM\...\{E885BD5D-F55D-39C2-B9B5-BF52B030982F}) (Version: 6.0.12.22571 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.70 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Teams) (Version: 1.5.00.11163 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{B81577B2-3AD0-4AFD-A19C-87F673C09D0C}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{62678770-F459-4903-83E3-A2968F6CC242}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.13.53049 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{CBD54374-141A-4C71-AE46-3870CC7F0838}) (Version: 2.7.3111.17308 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{E5629267-C38E-4899-931E-A734A1499223}) (Version: 2.7.3111.17308 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.9 (x64) (HKLM\...\{D9A03C1C-D245-4579-B4DC-0BB2BC87E6E7}) (Version: 40.36.30315 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.12 (x64) (HKLM\...\{3E726676-B5F4-48DA-B9F9-78A15B7F8A70}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Targeting Pack - 5.0.0 (x64) (HKLM\...\{B7846BB6-4EDE-409B-9147-631286EF7FDD}) (Version: 40.0.29420 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Targeting Pack - 6.0.12 (x64) (HKLM\...\{0128408E-205B-44B9-BEBD-E5B7A0E450F4}) (Version: 48.51.52100 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Android.Manifest-6.0.300 (HKLM\...\{F4E591C2-810D-4D36-B4F9-DC55103019D1}) (Version: 128.75.16384 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.iOS.Manifest-6.0.300 (HKLM\...\{BBA9C60D-75E7-44EE-922D-069AA85C8EC1}) (Version: 125.191.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.MacCatalyst.Manifest-6.0.300 (HKLM\...\{FEB76EC8-02F4-46E6-8031-BE403766D13A}) (Version: 125.191.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.macOS.Manifest-6.0.300 (HKLM\...\{F590F859-2F6A-4559-9D09-A8FC442AF16B}) (Version: 100.255.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Maui.Manifest-6.0.300 (HKLM\...\{C2863251-07E7-44A0-B2F8-4C4E2AF08937}) (Version: 24.78.0 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.tvOS.Manifest-6.0.300 (HKLM\...\{69B1631F-5F98-4C6C-B757-46B0ECC8EDBB}) (Version: 125.191.42208 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Emscripten.Manifest (HKLM\...\{7CBF3451-2A94-4DFD-8355-6B97C5EABB26}) (Version: 48.27.39026 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Mono.Toolchain.Manifest (HKLM\...\{DBB48387-294D-4179-81CB-B06A97F8CD8E}) (Version: 48.3.40665 - Microsoft Corporation) Hidden
Minion (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{Minion}}_is1) (Version: 3.0 - Good Game Mods LLC)
ModelSim - Intel FPGA Starter Edition 20.1.1.720 (HKLM\...\ModelSim - Intel FPGA Starter Edition 20.1.1.720) (Version: 20.1 - Intel Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 109.0 (x64 en-US)) (Version: 109.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla)
MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
NC Launcher 2 (HKLM-x32\...\NCLauncherW_plaync) (Version: - NCSOFT)
NordUpdater (HKLM\...\{6E35DB82-3D19-4DD6-B8CB-F082815FDE18}_is1) (Version: 1.3.0.160 - Nord Security)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 7.3.9.0 - Nord Security)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.22.11.12 - NortonLifeLock Inc)
Norton Utilities (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 21.4.5.428 - NortonLifeLock Inc)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.4.4 - Notepad++ Team)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.160 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.160 - NVIDIA Corporation)
NVIDIA Graphics Driver 528.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 528.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15928.20198 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0411-1000-0000000FF1CE}) (Version: 16.0.15928.20198 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B18.1203.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 - GIGABYTE) Hidden
ON_OFF Charge 2 B18.1203.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 - GIGABYTE)
OpenIV (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\OpenIV) (Version: 4.1.1502 - .black/OpenIV Team)
Outlook (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Parsec (HKLM-x32\...\Parsec) (Version: 150-86h - Parsec Cloud Inc.)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.1.0.1 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{07236f40-ec25-4646-8cb6-b6aaf1597324}) (Version: 1.1.0.1 - Patriot Memory) Hidden
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PlatformPowerManagement (HKLM-x32\...\{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE) Hidden
PlatformPowerManagement (HKLM-x32\...\InstallShield_{7A6EB543-522C-4784-9DB5-4FC87522EBDF}) (Version: 1.19.0226.1 - GIGABYTE)
PowerPoint (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PowerWorld Simulator Education-Evalution 22 (HKLM\...\{8368E79D-19AC-4FA2-8A66-32C3D777757F}) (Version: 22.22.0217 - PowerWorld Corporation)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
Quartus Prime Lite Edition (Free) 20.1.1.720 (HKLM\...\Quartus Prime Lite Edition (Free) 20.1.1.720) (Version: 20.1 - Intel Corporation)
Raspberry Pi Imager (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\Raspberry Pi Imager) (Version: 1.7.2 - Raspberry Pi Ltd)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9313.1 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.0420.1 - GIGABYTE)
RivaTuner Statistics Server 7.3.3 (HKLM-x32\...\RTSS) (Version: 7.3.3 - Unwinder)
RogueKiller version 15.8.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.8.0.0 - Adlice Software)
RSI Launcher 1.4.11 (HKLM\...\81bfc699-f883-50c7-b674-2483b6baae23) (Version: 1.4.11 - Cloud Imperium Games)
SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0426.1 - GIGABYTE) Hidden
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0426.1 - GIGABYTE)
Smart Backup (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.18.0911.1 - GIGABYTE)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries GG 30.0.0 (HKLM\...\SteelSeries GG) (Version: 30.0.0 - SteelSeries ApS)
Teams (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\606d17a2359c9b915c2ca2796bdad606) (Version: 1.0 - Teams)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)
TeighaX 4.00 (x64) (HKLM\...\{2AB65377-C672-498E-BE74-5C60CCFEAC5C}) (Version: 4.0.0 - Open Design Alliance)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
Unity Hub 2.4.5 (HKLM\...\{Unity Technologies - Hub}) (Version: 2.4.5 - Unity Technologies Inc.)
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
Visual Studio Community 2019 (HKLM-x32\...\9d4ca075) (Version: 16.8.30804.86 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.4.15 - Black Tree Gaming Ltd.)
vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{DE982ACB-A44E-44A5-BEA5-F0816490312C}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
Windows Subsystem for Linux Update (HKLM\...\{18E72D39-392C-419D-9B86-C4C633B4CED9}) (Version: 4.19.128 - Microsoft Corporation)
Word (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 310.0.0.0 - Wrye & Wrye Bash Development Team)
Zoom (HKU\S-1-5-21-128556331-799817740-448323406-1001\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-01-26] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-11-06] (INTEL CORP)
Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2023-01-25] (0)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2023-01-14] (NVIDIA Corp.)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2021-05-25] (Pandora Media Inc) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-11-05] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.35.266.0_x64__dt26b99r8h8gj [2022-12-03] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-06] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0 [2023-01-19] (Spotify AB) [Startup Task]
Ubuntu on Windows -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2022.1.0_x64__79rhkp1fndgsc [2022-11-06] (Canonical Group Limited)

 

[rickyralph]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Rich\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\Rich\AppData\Local\Autodesk\webdeploy\production\414da7cdec4faa7986fe0d205fb521fc68f5d46c\NPreview10.dll (Autodesk, Inc. -> )
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Rich\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2022\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F}\localserver32 -> "C:\Program Files\cFosSpeed\cfosspeed.exe" -ToastActivated => No File
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-09] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2021-01-29] (Autodesk, Inc. -> Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2021-01-29] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-07-15] (Notepad++ -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.11.12\NavShExt.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.11.12\NavShExt.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-12-09] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2020-08-04] (Free Time) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f840d03a202f8a32\nvshext.dll [2022-12-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.11.12\buShell.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.11.12\NavShExt.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-27 19:41 - 2019-12-23 18:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2022-10-25 18:25 - 2022-10-25 18:25 - 001868800 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll
2022-06-14 15:39 - 2022-06-14 15:39 - 000057856 _____ () [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\HiResTimers.dll
2022-06-14 15:39 - 2022-06-14 15:39 - 000041472 _____ () [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\PowerStateListener.dll
2022-01-28 14:37 - 2022-01-28 14:37 - 001469440 _____ () [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6\e_sqlite3.dll
2022-08-24 11:45 - 2022-08-24 11:45 - 000242176 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\yccV3.dll
2019-04-15 15:24 - 2019-04-15 15:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\yccV2.dll
2021-03-09 13:00 - 2021-03-09 13:00 - 000205824 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\yccV3.DLL
2021-03-09 13:00 - 2021-03-09 13:00 - 000205824 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\SIV\yccV3.dll
2022-08-23 19:48 - 2022-08-23 19:48 - 000246272 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files\GIGABYTE\Control Center\YccDrvv3.dll
2020-12-20 17:27 - 2013-03-08 11:28 - 000187392 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files\Gigabyte\Smart Backup\RescuePlan.dll
2020-12-20 17:27 - 2014-09-15 16:52 - 000705536 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files\Gigabyte\Smart Backup\srpCore.dll
2020-12-20 17:27 - 2018-01-03 18:32 - 000390656 _____ (Gigabyte Technology CO., LTD.) [File not signed] C:\Program Files\Gigabyte\Smart Backup\srpVss.dll
2021-03-24 09:46 - 2021-03-24 09:46 - 000475648 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GVDisplay.dll
2020-11-05 13:16 - 2020-11-05 13:16 - 000268800 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvIllumLib.dll
2022-09-22 23:46 - 2022-09-22 23:46 - 002701824 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files\GIGABYTE\Control Center\Gv\GvDisplayA.dll
2022-09-18 18:58 - 2022-09-18 18:58 - 000475648 _____ (GIGABYTE Technology Co.,Ltd.) [File not signed] C:\Program Files\GIGABYTE\Control Center\Lib\GBT_VGA\Service\GVDisplay.dll
2021-03-12 10:18 - 2021-03-12 10:18 - 001989120 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACPCIeSSD_Lib.dll
2021-03-12 10:17 - 2021-03-12 10:17 - 001983488 _____ (GIGABYTE) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\AACSSD_Lib.dll
2022-09-19 23:45 - 2022-09-19 23:45 - 002502144 _____ (Gigabyte) [File not signed] C:\Program Files\GIGABYTE\Control Center\Lib\GBT_MB_Update\GBT_MB_Lib.dll
2022-11-14 06:25 - 2022-11-14 06:25 - 002146304 _____ (Holtek Semiconductor Inc.) [File not signed] C:\Program Files\SteelSeries\GG\apps\engine\HIDDLL.dll
2022-11-14 06:25 - 2022-11-14 06:25 - 002284032 _____ (Holtek) [File not signed] C:\Program Files\SteelSeries\GG\apps\engine\ISPDLL.dll
2023-01-26 06:55 - 2023-01-26 06:55 - 127856128 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6\HP.Smart.dll
2022-08-23 17:52 - 2022-08-23 17:53 - 008856064 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2023-01-26 06:55 - 2023-01-26 06:55 - 000134144 _____ (HP Inc) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6\HP.OneDriver.UserForms.dll
2023-01-24 16:33 - 2023-01-24 16:33 - 000013824 _____ (HP Inc.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6\NativeRpcClient.dll
2020-12-19 16:41 - 2019-02-21 08:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-08-30 15:26 - 2018-08-30 15:26 - 000053760 _____ (MS) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\MsIo32_Galax.dll
2022-04-26 15:10 - 2022-04-26 15:10 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files\Corsair\CORSAIR iCUE 4 Software\SiUSBXp.dll
2020-12-27 19:41 - 2019-06-26 16:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2020-12-27 19:41 - 2019-06-26 16:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2020-12-27 19:41 - 2019-07-31 14:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll
2015-10-14 01:15 - 2015-10-14 01:15 - 002042368 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll
2017-10-05 14:26 - 2017-10-05 14:26 - 002247168 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\CRtive.dll
2018-12-08 07:22 - 2018-12-08 07:22 - 002059264 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GHidApi.dll
2021-04-09 15:43 - 2021-04-09 15:43 - 000372736 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\GvLedLib.dll
2021-04-08 09:09 - 2021-04-08 09:09 - 002109952 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\GIGABYTE\RGBFusion\SMBCtrl.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg:com.dropbox.attrs [58]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-128556331-799817740-448323406-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-11-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.11.12\coIEPlg.dll [2022-11-27] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-01-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-128556331-799817740-448323406-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-128556331-799817740-448323406-1001\...\sharepoint.com -> hxxps://uwnetid-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 01:14 - 2019-12-07 01:12 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts

2021-01-08 13:47 - 2023-01-22 20:27 - 000000433 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.28.112.1 Rich.mshome.net # 2027 5 6 8 3 2 31 545

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\MATLAB\R2022a\bin;C:\Program Files\dotnet\
HKU\S-1-5-21-128556331-799817740-448323406-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rich\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wallpaperflare.com_wallpaper.jpg
HKU\S-1-5-80-2318606733-4105731500-2265514868-2382646068-3090068018\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.50.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: CorsairGamingAudioConfig => 2
MSCONFIG\Services: CorsairLLAService => 2
MSCONFIG\Services: CorsairService => 2
MSCONFIG\Services: JTAGServer => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
HKLM\...\StartupApproved\StartupFolder: => "NI Error Reporting.lnk"
HKLM\...\StartupApproved\Run: => "Gigabyte Speed"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-128556331-799817740-448323406-1001\...\StartupApproved\Run: => "Battle.net"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{89BF5CA3-47A1-41D6-96C9-EED067C606A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B2674EDF-2CBF-4A68-9C3C-8FFF219A355C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3A6C4A2F-9D93-4EAF-81B8-E87C62051E6B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{067AF954-CC29-464C-A0B1-BB9B869866E9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0658824B-1190-47B4-810A-5F591B626CEB}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{E571848D-1988-4618-B5C6-8535CDD26FC5}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{29127E1C-01B7-4357-B933-E708B83F80F8}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{6D6B20E2-9354-4B77-BAFB-93CB1964D0E2}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{0F4CB4D9-7F1B-4A84-AB88-82283F0AF97F}] => (Allow) LPort=9009
FirewallRules: [{02C73E3B-8F49-4554-8A43-BF4FFBAA56FD}] => (Allow) LPort=9009
FirewallRules: [{8B9F1386-97B5-4E11-A5F5-59842A2C764D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{797F7B8D-2068-40FD-AD3E-249EF993974B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{5F16B855-4594-40ED-B0D6-394D50EBE777}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E6117CE9-976D-4014-AD44-80F3FF976A5A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{06FCBFE7-A1A8-473E-96C1-2ACC28DF551F}] => (Allow) C:\Users\Rich\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{680E1B46-2FF3-4169-8A2B-EF501B825991}] => (Allow) C:\Users\Rich\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6C5779AE-8904-4095-B714-51E459A34F92}] => (Allow) C:\Users\Rich\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{64539D97-5EE5-4AE2-8C9A-7D373BC02914}] => (Allow) LPort=9009
FirewallRules: [{4DF0D967-0184-4017-9F1B-6D0242588B3B}] => (Allow) LPort=9009
FirewallRules: [{2DAACFF0-5E9B-4FA6-AD64-610CC2276980}] => (Allow) LPort=9009
FirewallRules: [{2BB5B80D-3D10-440C-89D1-D4BCF71431A4}] => (Allow) LPort=9009
FirewallRules: [{A1E98979-6E5A-4534-8E64-11003E652DEF}] => (Allow) LPort=9009
FirewallRules: [{A9EE8503-1AEB-4566-A4DB-C3B42F54E745}] => (Allow) LPort=9009
FirewallRules: [{106EDA14-FEDB-44F0-94FE-2CD080264DEA}] => (Allow) LPort=9009
FirewallRules: [{ADF4AAFD-412F-4547-BBF2-5BC6A869260F}] => (Allow) LPort=9009
FirewallRules: [{0D96937F-5B08-4C0E-8011-13F71EC23533}] => (Allow) LPort=9009
FirewallRules: [{EC7CC9F5-2D27-41E6-90E4-8B7989ECDF63}] => (Allow) LPort=9009
FirewallRules: [{1D135321-1351-4469-ACDE-8243BA98CA99}] => (Allow) LPort=9009
FirewallRules: [{1F4803E2-9912-4047-BFBB-8A1A8275D2F7}] => (Allow) LPort=9009
FirewallRules: [{C0E38396-2464-4DD3-9507-BCA4B7AF6F7A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{A301819B-5C0A-4572-A1F4-3EE5A7F61E41}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{5F7B982F-3292-4AD0-912C-D257A7F0DB75}] => (Allow) LPort=9009
FirewallRules: [{57D41C33-93D6-4792-9798-F8C89BF3FEDD}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{A6965949-9789-49A1-BB9F-9C1878CF412B}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{A0ECF37E-FF40-4587-8DC2-FE27C9CD99D7}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File
FirewallRules: [{FD9C724E-5A01-46D7-ACB6-BB7C68C05D89}] => (Allow) LPort=9009
FirewallRules: [{1F3DD21F-A2CE-4FDB-9554-7E8950F56C7A}] => (Allow) LPort=9009
FirewallRules: [{507375E4-3F22-4A4E-924E-F6DF3B6BE54D}] => (Allow) LPort=9009
FirewallRules: [{4BB7DE85-7BE0-40C6-A897-50238D25145B}] => (Allow) LPort=9009
FirewallRules: [{78F2CAC7-A446-4040-93D1-120014E585DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{50140A6E-5A81-48C5-A5C6-B98524AC5B75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{5D8FBEFD-7BF8-431E-A705-517B0C66BE66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{34C42213-7BEB-42A2-AB06-2B71D9779643}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{57113370-0386-4475-9AEC-F90B9F2FCD0E}] => (Allow) LPort=9009
FirewallRules: [{BD0EB3EE-1BFE-4099-8466-D419A142BC15}] => (Allow) LPort=9009
FirewallRules: [{B29A3FB5-09D1-417E-91DE-7DFF40BA106D}] => (Allow) LPort=9009
FirewallRules: [{609FED39-4637-48E6-9301-A38F2D755389}] => (Allow) LPort=9009
FirewallRules: [{538D30C6-D09E-4E1A-8E9A-F19CBFB67203}] => (Allow) LPort=9009
FirewallRules: [{37891622-3BAA-4E24-BA08-CD35B84D3303}] => (Allow) LPort=9009
FirewallRules: [{FAC4944A-398D-4BF7-AC40-5C421A244ADE}] => (Allow) LPort=9009
FirewallRules: [{1F1CDE5C-F43F-41C4-B3E2-8A1C94BDC824}] => (Allow) LPort=9009
FirewallRules: [{85DFE9A1-3FB3-43C1-9742-89B7CC4AEC7D}] => (Allow) LPort=9009
FirewallRules: [{BE5C3A7E-449C-4062-BEB6-33A38F22B335}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{163A9AAD-498E-428E-AB9D-801BF7476D26}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{912A390D-D42C-4907-A809-49729A5DDB6B}] => (Allow) LPort=9009
FirewallRules: [{CADA71B1-C0EE-4FBE-9D57-A5C16538961F}] => (Allow) C:\intelFPGA_lite\20.1\quartus\bin64\jtagserver.exe () [File not signed]
FirewallRules: [{9B38CDAC-B98E-4980-8004-EBD2E837EEE8}] => (Allow) C:\intelFPGA_lite\20.1\quartus\bin64\jtagserver.exe () [File not signed]
FirewallRules: [{8E502060-1F02-4D16-9C63-4EBDC734F351}] => (Allow) LPort=9009
FirewallRules: [{A80CD842-CBB2-499D-9177-84D0A6C7307C}] => (Allow) LPort=9009
FirewallRules: [{90157C4E-488C-41E7-806E-E19E4FECAD68}] => (Allow) LPort=9009
FirewallRules: [{44A5E74E-B262-408C-9384-C4CA8618B6ED}] => (Allow) LPort=9009
FirewallRules: [{4B0A14C5-A65E-4E1E-A7E5-C7D78D3C863B}] => (Allow) LPort=9009
FirewallRules: [{8483AE06-6DDB-484A-80EF-FBAD290B2871}] => (Allow) LPort=9009
FirewallRules: [{B937F16D-0D8A-405F-B0E2-6FFA169F79A9}] => (Allow) LPort=9009
FirewallRules: [{8406EBCA-DEB8-4D07-8025-CE181B5F84C4}] => (Allow) LPort=9009
FirewallRules: [{9684DBF5-BAE2-4FF4-9123-2BEF00DE4D1F}] => (Allow) D:\Program Files\FormatFactory\FormatFactory.exe => No File
FirewallRules: [{E935DAEF-61D9-47DE-9F0E-9BBDA123B8BF}] => (Allow) LPort=9009
FirewallRules: [{288734D2-180D-415E-BAB5-C83766DA0925}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{B8554B34-F973-4C5E-97A4-931ABBA5C77D}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{6012DD61-5E11-4E06-8A47-E4FB7C6AAF10}] => (Allow) LPort=9009
FirewallRules: [{579788CC-2D88-406F-9F7E-6B9188A26886}] => (Allow) LPort=9009
FirewallRules: [{67B84AC2-DB57-4C9E-A215-1DA54AAF31A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B928CF60-345D-44B1-AF5B-6F39532ADC79}] => (Allow) LPort=9009
FirewallRules: [{1A7DCECA-AE57-4FB9-8287-DDB19EDEBA0B}] => (Allow) LPort=9009
FirewallRules: [{CB378685-A549-4861-AB6E-4E43E9BFF736}] => (Allow) LPort=9009
FirewallRules: [{73D7C279-95A3-42BE-B3BB-473DEC19663F}] => (Allow) LPort=9009
FirewallRules: [{7766EA58-0647-4117-93C1-8396A12178B2}] => (Allow) LPort=9009
FirewallRules: [{E1D95E15-503C-41A2-8900-669C36E3D34E}] => (Allow) LPort=9009
FirewallRules: [{A161BDD7-920D-4107-9BF5-637C18F409B9}] => (Allow) LPort=9009
FirewallRules: [{EB70A75F-410A-42DE-A4BD-62C868AB25B0}] => (Allow) G:\Program Files\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{542B274E-AF12-469A-A93B-3AE1686D441E}] => (Allow) G:\Program Files\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4FE11056-A22F-4222-82FE-9B6669CF6ABB}] => (Allow) G:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A58AF17A-66AF-4B5D-9120-1DAA1997C777}] => (Allow) G:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{7B56329C-B0C8-41B3-AFE0-02E1CC1F8419}] => (Allow) G:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{29EEC435-8AA7-471B-8BF9-AF5E665AAFB8}] => (Allow) G:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{5F5CC7E1-7619-43D1-918E-7AFA82D012E3}] => (Allow) G:\Program Files\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe (Eleon Game Studios) [File not signed]
FirewallRules: [{003C4870-A835-411E-BB40-009DEFBE2BC3}] => (Allow) G:\Program Files\Steam\steamapps\common\Empyrion - Galactic Survival\EmpyrionLauncher.exe (Eleon Game Studios) [File not signed]
FirewallRules: [{6CB6515D-CC46-4C43-922E-B72D4F9358D3}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{85C24C84-0FB9-4814-875E-33B20953BEE0}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{9B5D0131-CE46-4D46-843A-12CFFA36FD78}] => (Allow) G:\Program Files\Steam\steamapps\common\Osiris\OsirisNewDawn.exe () [File not signed]
FirewallRules: [{04C6D689-65FC-45E2-9E59-818282DC6BAC}] => (Allow) G:\Program Files\Steam\steamapps\common\Osiris\OsirisNewDawn.exe () [File not signed]
FirewallRules: [{AA7A8B73-9E1F-4F77-8F7E-901CF9024711}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Explorers\PE_Launcher.exe => No File
FirewallRules: [{4F80BAFB-6954-46DA-99B8-1A86ABED4F9F}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Explorers\PE_Launcher.exe => No File
FirewallRules: [{0E7F34D8-FC98-4D54-A01D-15936667FEB1}] => (Allow) G:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{95052E8A-0AE1-4478-BABD-96B446FD7112}] => (Allow) G:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{F9183F41-9EE6-4CF9-AAC1-A84F0E6E528E}] => (Allow) G:\Program Files\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{875A723B-5800-467B-B836-DEF7E97D3132}] => (Allow) G:\Program Files\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{914CF361-B37F-469F-BB6E-A12F66FC6BFE}] => (Allow) G:\Program Files\Steam\steamapps\common\Miscreated\Miscreated.exe => No File
FirewallRules: [{367BE639-A2AE-4B17-B362-6BCD4DB95E48}] => (Allow) G:\Program Files\Steam\steamapps\common\Miscreated\Miscreated.exe => No File
FirewallRules: [{324598A9-69E6-43CF-ACB0-860FF53D7112}] => (Allow) G:\Program Files\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe => No File
FirewallRules: [{B325BAB5-836B-4C72-952B-99D48185CD7A}] => (Allow) G:\Program Files\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe => No File
FirewallRules: [{F31A55B2-CB9D-404C-A462-C1B4D5420B18}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Nomads\PlanetNomads.exe => No File
FirewallRules: [{CAB04CE6-4B4C-4978-AB80-297993AD2D1B}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Nomads\PlanetNomads.exe => No File
FirewallRules: [{DF1050EE-E995-4944-8F3D-934F419C2B34}] => (Allow) G:\Program Files\Steam\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe () [File not signed]
FirewallRules: [{066BDB18-1AFC-45D3-9CE3-2FB7AAF6A85C}] => (Allow) G:\Program Files\Steam\steamapps\common\Car Mechanic Simulator 2018\cms2018.exe () [File not signed]
FirewallRules: [{00FF9B7D-DE0E-463A-8B49-ADC8D2778DED}] => (Allow) G:\Program Files\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{D61B5621-6AB2-4D8F-A171-7608A9A0BD90}] => (Allow) G:\Program Files\Steam\steamapps\common\Watch_Dogs2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{867F4683-E94E-414F-AF32-8DA807C8446F}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD Projekt Red)
FirewallRules: [{F782D00D-814D-49C2-8720-F5D4AFE7265A}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD Projekt Red)
FirewallRules: [{C0AE431B-EA95-434C-A903-DCEEBD90484C}] => (Allow) G:\Program Files\Steam\steamapps\common\Mad Max\MadMax.exe (Fatalist Development -> )
FirewallRules: [{C7B5985B-75C0-4E97-B19F-5C2DA64B5DB4}] => (Allow) G:\Program Files\Steam\steamapps\common\Mad Max\MadMax.exe (Fatalist Development -> )
FirewallRules: [{678C51E3-CFED-434F-823B-554834BB75A4}] => (Allow) LPort=9009
FirewallRules: [{A1129ECC-D570-4D86-94A6-C8AEDF3E688B}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (暇光软件科技（上海）有限公司 -> Free Time Co., Ltd.)
FirewallRules: [{EDB811BB-828B-46CB-B6B1-A70E6CAE2E07}] => (Allow) LPort=9009
FirewallRules: [{C7DE3A5F-9C00-4481-8E1A-6606146A19DD}] => (Allow) LPort=9009
FirewallRules: [{B31E2328-B3BB-41AF-86C2-82111DACDF43}] => (Allow) LPort=9009
FirewallRules: [{33EB6B57-6A1D-457B-B128-9CE106BE8911}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{13E32C09-F2D3-4414-810E-6C235A04CA93}] => (Allow) C:\Program Files\Unity\Hub\Editor\2020.3.15f2\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies ApS)
FirewallRules: [{16BD7134-0787-47DE-A98A-E082B578B921}] => (Block) C:\Program Files\Unity\Hub\Editor\2020.3.15f2\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies ApS)
FirewallRules: [{6CDEB226-F078-4C5C-AE59-2E9C69EFEBED}] => (Allow) LPort=9009
FirewallRules: [{9F04B770-299B-457F-88C6-FD85286FB41D}] => (Allow) LPort=9009
FirewallRules: [{F33A9E5B-B90B-463B-B868-B5BFD394C410}] => (Allow) LPort=9009
FirewallRules: [{0B97B825-48A6-418B-B60D-98F93AA2F500}] => (Allow) LPort=9009
FirewallRules: [{BC82EE22-CB3F-4FEA-B77D-C626AE56EC79}] => (Allow) LPort=9009
FirewallRules: [{B4FDEEF0-CD63-4292-9170-7D9254C16E0B}] => (Allow) LPort=9009
FirewallRules: [{23D311E5-E690-409D-BD61-CD2E417EB515}] => (Allow) LPort=9009
FirewallRules: [{78B8EA35-70F2-4E53-BC5C-C4DAA97A28E6}] => (Allow) LPort=9009
FirewallRules: [{4E596592-567D-470C-8ADD-FC145D0BDF1E}] => (Allow) LPort=9009
FirewallRules: [{8A3BB187-468E-4D84-9792-02A814D0A23C}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{DF58609B-7294-4D7B-8E9A-A4EABA727F0B}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{A9C2A7E2-75FE-4C61-8B15-6FCD44513AE3}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{3FC52F1C-B5E7-4F0D-97B9-6F93F4E1AAF5}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{9B465090-21F7-4403-B3A2-734E1447F170}] => (Allow) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation -> National Instruments Corporation)
FirewallRules: [{8171E21E-E173-4D5C-991A-A863F807787D}] => (Allow) LPort=9009

 

[rickyralph]

FirewallRules: [{D462DB6C-8318-487A-A772-454D3217FEDE}] => (Allow) LPort=9009
FirewallRules: [{5D11FF6D-1DA2-43E3-9ED3-E698106B420E}] => (Allow) LPort=9009
FirewallRules: [{A5B91F8A-E6B0-4A7F-BCB5-1FB34F4C9DEF}] => (Allow) LPort=9009
FirewallRules: [{BBEC7B62-0437-475D-B4B4-05DE378A5166}] => (Allow) G:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{8A09A69C-4336-44A2-BE3D-EBD09D188341}] => (Allow) G:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{0787C69B-EF76-4ED9-AE32-0DEFD82ABDA5}] => (Allow) G:\Program Files\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{A4DEC20D-6CB0-4F88-A5A2-BD2233B2B20D}] => (Allow) G:\Program Files\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{071EE953-9B0C-4626-9609-9488D1A389C8}] => (Allow) LPort=9009
FirewallRules: [{FA0C499A-9395-4C13-971E-921213C4C963}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{9C1925D8-B4E8-408A-8FD4-50A2B8992ECD}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{63D878DD-CCA3-472B-A2A7-F137FB80E5D1}] => (Allow) LPort=9009
FirewallRules: [{EB759C41-4A99-42BA-9721-866E3A2A3700}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36C9F319-4B33-4687-BF3C-62E1F99BFADC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D5DBBA3-3903-42AB-A3B0-FC188F0A2EF8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE71480F-B539-4367-8E19-A8F83CC4BB17}] => (Allow) LPort=9009
FirewallRules: [{D72AE089-85BE-4C08-B732-A56F35DA6F8A}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{40F00992-BC41-4B37-8433-D4A40D3935D4}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{FB35F87E-EC26-4005-9A7F-0B0E5C16A2C6}] => (Allow) LPort=9009
FirewallRules: [{FD9EF55F-65DB-402E-96EE-038F0C86698E}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{DA7E0393-222C-4595-A624-2E663CF3D8AD}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{B6234EFD-14DF-4E67-99EB-0E65B09B36BE}] => (Allow) LPort=9009
FirewallRules: [{6BFB8706-0662-4D82-AE05-8E6D559A7FD2}] => (Allow) LPort=9009
FirewallRules: [{B2CDAFA5-3915-424F-9978-404E3E50A0E7}] => (Allow) LPort=9009
FirewallRules: [{93CFC587-70EF-4EC6-943A-17E374DBD7C2}] => (Allow) LPort=9009
FirewallRules: [{E6AF6804-814A-4E97-8FB6-7862F1C8EAA9}] => (Allow) G:\Program Files\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8538DE07-8C8C-4097-9550-954058830BD4}] => (Allow) G:\Program Files\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{FE06DE6E-D398-405B-B4F0-EE6DC1E68F86}] => (Allow) LPort=9009
FirewallRules: [{6F25BAF6-6D30-46D1-9402-CC946BC2B5DE}] => (Allow) LPort=9009
FirewallRules: [{88EA7C90-EED0-47B9-832C-E1F0C1846373}] => (Allow) LPort=9009
FirewallRules: [{F380C294-2F31-43ED-8185-7AC7F1CD2369}] => (Allow) LPort=9009
FirewallRules: [{D10439ED-3914-46C5-B6A7-A98043C2B2AF}] => (Allow) LPort=9009
FirewallRules: [{86D55718-7D99-4A16-BB05-4E591D3B422D}] => (Allow) LPort=9009
FirewallRules: [{B9922B8C-BA93-4743-92C4-78A54F3B4FAE}] => (Allow) LPort=9009
FirewallRules: [{2DDA9B10-FB73-4F0F-AAFD-7E99DC790C93}] => (Allow) LPort=9009
FirewallRules: [{D7FF0450-6A13-45EB-95AE-FE81F85010BB}] => (Allow) LPort=9009
FirewallRules: [{84DA6DCF-0791-41AF-81FA-4C69C346DABF}] => (Allow) G:\Program Files\Steam\steamapps\common\MonsterHunterRise\MonsterHunterRise.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{8D161590-EBF6-4D12-889D-0528F21A4C15}] => (Allow) G:\Program Files\Steam\steamapps\common\MonsterHunterRise\MonsterHunterRise.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{AD1762C2-B751-4463-B2D5-6EDCF265004F}] => (Allow) G:\Program Files\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [{6D2533D3-FF01-4C2C-8BC6-5BC10BFDDCE7}] => (Allow) G:\Program Files\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [{EDF5F99D-8204-4CDC-87AF-7D5B33BC8D18}] => (Allow) LPort=9009
FirewallRules: [{C09C7F61-4248-43CF-8720-9388DBD74FEE}] => (Allow) LPort=9009
FirewallRules: [{11812F56-4473-443B-832F-0221B8692853}] => (Allow) LPort=9009
FirewallRules: [{7665967A-0BBB-46C7-B326-8A90E2714EA1}] => (Allow) LPort=9009
FirewallRules: [{9AB65945-43BA-4B63-B5EC-C7F8266D1709}] => (Allow) G:\Program Files\Steam\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF1F3642-09F0-46D2-8CB7-26B379F00150}] => (Allow) G:\Program Files\Steam\steamapps\common\Sea of Thieves\Athena\Binaries\Win64\SoTGame.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F8198C2F-0AE0-43EC-A9D4-04DDE95ABC42}] => (Allow) LPort=9009
FirewallRules: [{D206DA7E-9E37-42E0-88C8-2FFEC2C82E9E}] => (Allow) LPort=9009
FirewallRules: [{A540F0B1-B1A1-4524-9FA8-642E0EB32AAE}] => (Allow) LPort=9009
FirewallRules: [{AE3F7961-9D6E-42A4-BFCB-8D4E5DA85DA2}] => (Allow) G:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{0580BD85-0555-4335-843E-B72FDB7F42D7}] => (Allow) G:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe (Keen Software House s.r.o. -> Keen Software House)
FirewallRules: [{24ECFA1F-CFFC-44C9-BA3D-9222A8AA5843}] => (Allow) G:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{D10E40A7-3F2D-4E00-907F-414447EA3B93}] => (Allow) G:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{3FF38DD9-5AB3-49DA-ACB6-D2D11932BA9E}] => (Allow) LPort=9009
FirewallRules: [{A7B663CF-4C58-4008-B0E0-D604E60248D4}] => (Allow) LPort=9009
FirewallRules: [{88FDB7F0-9E0F-42E0-9EB7-E5E5541D351E}] => (Allow) LPort=9009
FirewallRules: [{6BA88015-F59A-47EB-849A-2247B9370A1A}] => (Allow) LPort=9009
FirewallRules: [{976CD94A-6C4E-4D59-B358-1D0BA1D08B5F}] => (Allow) LPort=9009
FirewallRules: [{4E4DE52D-98EC-4509-8CC5-ADCF4CB1FA4D}] => (Allow) LPort=9009
FirewallRules: [{44D8DFEA-09AB-4139-B1F2-4662DB13F06F}] => (Allow) LPort=9009
FirewallRules: [{BFF1F4B9-DC5C-4C77-AC4D-03BD0407D25E}] => (Allow) LPort=9009
FirewallRules: [{DC7E55B9-1EF9-40ED-9EA9-3F25D3DD23A8}] => (Allow) LPort=9009
FirewallRules: [{4E2139F8-7E2F-4D89-A067-61BDB98431A1}] => (Allow) G:\Program Files\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{AEEF4D74-8CDD-4873-B222-43215731F4E6}] => (Allow) G:\Program Files\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{8F4A2663-D273-4804-BCC3-CAC21D770269}] => (Allow) LPort=9009
FirewallRules: [{E5480309-30C8-40B3-BD6A-9AA8DCDF6D23}] => (Allow) LPort=9009
FirewallRules: [{EFE14D98-380D-4A09-A28C-74C4AD30C2F6}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW3\oppw3.exe (KOEI TECMO GAMES CO., LTD. -> )
FirewallRules: [{3E10A376-2F25-41CC-911E-557874FF7008}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW3\oppw3.exe (KOEI TECMO GAMES CO., LTD. -> )
FirewallRules: [{138D980A-B3A4-4419-9749-FBE3E8411F77}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW4\OPPW4.exe () [File not signed]
FirewallRules: [{063C92FC-DBFC-4020-978C-0C4054BB3322}] => (Allow) G:\Program Files\Steam\steamapps\common\OPPW4\OPPW4.exe () [File not signed]
FirewallRules: [{AC62EB32-FCB9-4C87-BD75-95C1860666FD}] => (Allow) G:\Program Files\Steam\steamapps\common\ONE PIECE WORLD SEEKER\OPWS.exe () [File not signed]
FirewallRules: [{D236EF42-B25D-43A9-BF84-73D5B4E6955C}] => (Allow) G:\Program Files\Steam\steamapps\common\ONE PIECE WORLD SEEKER\OPWS.exe () [File not signed]
FirewallRules: [{5DA1DBE1-A073-4DF0-A236-69BE683E9C79}] => (Allow) G:\Program Files\Steam\steamapps\common\Ranch Simulator\Ranch_Simulator.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{86465569-D137-499B-B395-1AFF6398A656}] => (Allow) G:\Program Files\Steam\steamapps\common\Ranch Simulator\Ranch_Simulator.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{5E6AD25C-550B-4043-B1DB-BA5EBC2A028C}] => (Allow) LPort=9009
FirewallRules: [{021456CD-15E5-4F18-9DFB-D015854D66E8}] => (Allow) LPort=9009
FirewallRules: [{2D181910-55A8-47B4-93D5-4E7F5955729C}] => (Allow) LPort=9009
FirewallRules: [{37CA7483-7342-42E9-9AA7-3AED485F3581}] => (Allow) LPort=9009
FirewallRules: [{FD90CBE9-80C7-44C0-AE1C-9F77D8BDDFA7}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{F6CCF1FB-99DC-4CA6-B04F-7F5621FA2D17}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{D8FA61DE-5D8A-407C-84A7-A9A7C17873B3}] => (Allow) LPort=9009
FirewallRules: [{54361DEA-7241-4BA6-A89E-C44865EDFDF5}] => (Allow) LPort=9009
FirewallRules: [{3721D2DE-8BDA-4E31-A1F5-34C844100FBB}] => (Allow) F:\Program Files\Steam\steam.exe => No File
FirewallRules: [{8A50A544-3BFA-4EFC-9B9D-8098CBF947A8}] => (Allow) F:\Program Files\Steam\steam.exe => No File
FirewallRules: [{BAFCD2C2-D927-49D6-967E-FE0B2C0D008D}] => (Allow) F:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{56E96F64-12A6-4F78-9851-A1E9E2848B37}] => (Allow) F:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{66F4FE14-D171-448B-9A6A-ECBB1C044B94}] => (Allow) F:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{0157E20A-4522-496B-B428-FCECC5305E7A}] => (Allow) F:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{2FE8B8B7-7567-460D-9BD4-3D011F18E6AB}] => (Allow) F:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{0615D636-0836-4649-A9AE-31999A69019D}] => (Allow) F:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{F9115A02-EA11-4F2B-A199-D4E2F16222FB}] => (Allow) F:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe => No File
FirewallRules: [{5DA1119E-7E55-4754-9426-2DB33D0267B0}] => (Allow) F:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe => No File
FirewallRules: [{308E134C-9F19-4D2D-B4FF-8B67200F3758}] => (Allow) F:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{1A69E187-F1AE-417F-B84D-3CE48BBC3070}] => (Allow) F:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{A6553DF4-F8D5-4ECB-AB54-7814536F8712}] => (Allow) F:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{A5D53F17-037A-4A4F-9453-419525C8DDFE}] => (Allow) F:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{7FB95689-5FFE-4426-89F0-2251F6DF3807}] => (Allow) LPort=9009
FirewallRules: [{87EFD50C-4FE9-4B75-ADA0-CCAA6D7C4372}] => (Allow) G:\Program Files\Steam\steamapps\common\Days Gone\BendGame\Binaries\Win64\DaysGone.exe (Sony Interactive Entertainment LLC) [File not signed]
FirewallRules: [{C387ACE2-360E-490D-814D-EBC759D411E6}] => (Allow) G:\Program Files\Steam\steamapps\common\Days Gone\BendGame\Binaries\Win64\DaysGone.exe (Sony Interactive Entertainment LLC) [File not signed]
FirewallRules: [{161C24CE-5EAE-445E-A7C8-CE000D9A32EF}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{6F9906EA-61EE-4FA2-8C8F-A6D35F5E6C85}] => (Allow) G:\Program Files\Steam\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{7DA52F86-95A3-48DD-AC7D-C8CDD7509C22}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{8D384CDC-E5B5-438C-B8F5-4C0666880F31}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd.)
FirewallRules: [{44FAF432-E30E-44E5-AA51-A05BD39105F1}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [{1413B49B-891C-4D1E-B003-A1B07EC2124A}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe (Warner Bros. Interactive Entertainment, Inc. -> Rocksteady Studios Ltd)
FirewallRules: [{9E64E1F2-AB04-4BB2-9FAE-33900B4AD176}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{06AFBA6C-9E3E-4613-9EB6-91FE5A2D4D09}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{8263A865-4686-42F6-A792-3670403B8563}] => (Allow) G:\Program Files\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{75B4042B-5359-4B77-B763-2E4FDDCF57F2}] => (Allow) G:\Program Files\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{C14C3408-A229-475D-8A48-36D33CD4D6DB}] => (Allow) G:\Program Files\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{33B4E2A7-07D2-4F08-A3EB-DEDBC57D78E4}] => (Allow) G:\Program Files\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{DF8B2B33-43A3-4EE7-9F57-B048A9B46CD9}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{28EDAF14-B0FB-489E-8B6F-BD4A422F14EF}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{E142B45F-9759-46E1-BD96-2387DAC6F134}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{1F8898E4-0590-4F4A-87B3-3DC8AB9ECEBE}] => (Allow) G:\Program Files\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe (Wildcard Properties LLC -> Epic Games, Inc.)
FirewallRules: [{DC44BAFB-DEA2-4D35-A6D3-D77F9B0D227B}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (Rocksteady Studios Ltd.) [File not signed]
FirewallRules: [{369E7FEC-EDED-4087-AE19-F621EE551788}] => (Allow) G:\Program Files\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe (Rocksteady Studios Ltd.) [File not signed]
FirewallRules: [{A9B5D992-A392-446C-843A-1B7701632CD1}] => (Allow) G:\Program Files\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe () [File not signed]
FirewallRules: [{8FCFDD93-BF4F-44C9-9464-665E5BD4EF43}] => (Allow) G:\Program Files\Steam\steamapps\common\Assassins Creed Origins\ACOrigins.exe () [File not signed]
FirewallRules: [{3923F466-A196-405E-82AD-A1CFE066036C}] => (Allow) LPort=9009
FirewallRules: [{35943186-7929-45EE-ACD8-215706EEF6B2}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{EB095DAA-172D-4D57-823E-EB6442AB552E}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{F87BC7DD-60C8-4A18-A565-744B92D77A84}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{67122236-6F91-4D99-9D62-6D9BDB3AE63F}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{AFEF8070-778A-474C-981A-F62C795161CD}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{F0CECF79-999D-4487-85BB-417EDC98CF59}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{73C7AFCB-FBB3-4254-952F-CC8E3606328E}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{EB85F752-4AF8-44AE-8BA7-13E06D7B017B}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{BDAF3E86-529B-4FBD-A909-6D53E176A5D9}] => (Allow) LPort=9009
FirewallRules: [{9617E171-BBC7-4D6E-AC26-A8DE4F01D9DB}] => (Allow) LPort=9009
FirewallRules: [{3FFF04A1-9A6B-48BC-810D-007850887ADC}] => (Allow) LPort=9009
FirewallRules: [{981E98B6-072E-4683-B44D-7AB41A1C7795}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{AC5B1A7A-E63F-40F0-92DB-4A0441A504DF}] => (Allow) G:\Program Files\Steam\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{8AE356CD-0AEC-47F1-A46C-D9FB3716866C}] => (Allow) LPort=9009
FirewallRules: [{9DFA46D0-E1D7-45F9-9C9F-E4F222A0E0C1}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{6B4D0369-BFC2-4465-9540-E68895BAE6F7}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{E5EE0E6B-21BA-411F-8500-BC3C745A4446}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{12EC5CD2-A078-469A-A649-42A79BD43AB9}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout 4\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{F54A5ABA-C4EC-4483-A8D5-A1DE62D1871F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{8B40ADD9-0453-44A3-8631-0A1AAB8986FC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B576CC46-082C-4B72-B339-114038C9FB53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{7D54EB6C-449B-4AC6-9C63-E85D112AAA50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{B6FF81FC-21E0-499F-BBAB-416ADF82DF94}] => (Allow) LPort=9009
FirewallRules: [{4F715247-3E61-4FA8-B3D6-4A978F8A5F69}] => (Allow) LPort=9009
FirewallRules: [{8332F5DE-E4B1-4056-8191-3A616AA44CD4}] => (Allow) LPort=9009
FirewallRules: [{0ABF027B-7FDD-46B4-ADA3-E06960EAD733}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{069B772B-6606-4B75-99F5-431F6DFCC5D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FF8BC272-24D1-4BE4-823E-681088E18D91}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4FB0075C-7752-4957-BD05-7AD394EC3F55}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{409D88C9-A51F-4768-99B9-15AD14E5A54A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF0FBFAC-B02D-455C-92DE-CA4C95D58E13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E1B310F9-79A7-4C3C-99E9-33DB48D45BB4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A9F0C858-EEC3-435B-9071-BBB71028D7B8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.203.1115.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D222F39-17B2-47F4-8A9F-947C402570E2}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{7A8E98DB-43C0-4C02-A01A-E9DABFAD60BC}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{3DB8FE39-6191-4B95-9D7E-BACDBEC55D4E}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{7482059F-5E74-4D9F-9CE6-24B8EA71DEA2}] => (Allow) F:\SteamLibrary\steamapps\common\Skyrim Special Edition\CreationKit.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{DEA9F9BA-5469-428F-9D40-84996A2B8F66}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C91ABFFD-C8B7-47BE-A326-227F103CB828}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\110.0.1587.22\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E31D8E43-2D4A-43AE-99BC-AB33D0D33328}] => (Allow) LPort=9009
FirewallRules: [{36F61125-13B9-4F34-85D0-158A7893139E}] => (Allow) C:\Program Files\Parsec\parsecd.exe (Parsec Cloud, Inc. -> Parsec)
FirewallRules: [{B1CE70FD-0FAE-4324-AD10-4D5830C67783}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2016709D-97E8-4E89-B067-C5F7EF6F921F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F447AF8D-E50A-4282-988C-51B9AB371A45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A985316C-5E1A-4F70-9AD6-3E580B6324A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5F84547-BD98-4196-8CF3-49F771AFE590}] => (Allow) LPort=9009
FirewallRules: [{B511F5B1-1469-4493-9D53-9D97FC7EC9A7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{96630E5D-CFBF-4FFD-97B4-BA6644F7A6B0}] => (Allow) LPort=9009

==================== Restore Points =========================

25-01-2023 08:54:15 Scheduled Checkpoint
26-01-2023 21:08:31 Removed Bonjour

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/27/2023 11:43:56 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (01/27/2023 11:43:56 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2022-07-20T03:56:25.5597470Z and was inactive for 90.00:00:00.
Trace ID: 42296b0b-5269-4ee5-9708-c2ccba410301
Correlation ID: cbc75796-451b-410c-b029-0a62db79ab55
Timestamp: 2023-01-28 07:43:30Zmcpmanagementservice.dll

Error: (01/27/2023 11:43:52 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (01/27/2023 11:43:52 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2022-07-20T03:56:25.5597470Z and was inactive for 90.00:00:00.
Trace ID: 42296b0b-5269-4ee5-9708-c2ccba410301
Correlation ID: cbc75796-451b-410c-b029-0a62db79ab55
Timestamp: 2023-01-28 07:43:30Zmcpmanagementservice.dll

Error: (01/27/2023 11:43:48 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (01/27/2023 11:43:48 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2022-07-20T03:56:25.5597470Z and was inactive for 90.00:00:00.
Trace ID: 42296b0b-5269-4ee5-9708-c2ccba410301
Correlation ID: cbc75796-451b-410c-b029-0a62db79ab55
Timestamp: 2023-01-28 07:43:30Zmcpmanagementservice.dll

Error: (01/27/2023 11:43:44 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: Failed to get auth header with 0x8086000cmcpmanagementservice.dll

Error: (01/27/2023 11:43:44 PM) (Source: Universal Print) (EventID: 1) (User: )
Description: User Interaction Required while trying to get a token silently. ErrorCode: 0xcaa20003, Error: AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2022-07-20T03:56:25.5597470Z and was inactive for 90.00:00:00.
Trace ID: 42296b0b-5269-4ee5-9708-c2ccba410301
Correlation ID: cbc75796-451b-410c-b029-0a62db79ab55
Timestamp: 2023-01-28 07:43:30Zmcpmanagementservice.dll


System errors:
=============
Error: (01/26/2023 09:57:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Desktop Licensing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (01/26/2023 09:45:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NI Service Locator service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2023 09:45:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60 milliseconds: Restart the service.

Error: (01/26/2023 09:45:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10 milliseconds: Restart the service.

Error: (01/26/2023 09:45:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AORUS LCD Panel Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3 milliseconds: Restart the service.

Error: (01/26/2023 09:45:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NI Network Discovery service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2023 09:45:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/26/2023 09:45:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Gservice service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===============
Date: 2023-01-27 23:44:23
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2023-01-27 23:43:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.11.12\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-01-27 23:43:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 10/15/2019
Motherboard: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA-CF
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 61%
Total physical RAM: 16316.88 MB
Available physical RAM: 6201.66 MB
Total Virtual: 31452.88 MB
Available Virtual: 18576.17 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.34 GB) (Free:193.17 GB) (Model: Samsung SSD 850 PRO 512GB) NTFS
Drive d: (3TB Storage) (Fixed) (Total:2794.39 GB) (Free:1944.16 GB) (Model: TOSHIBA HDWD130) NTFS
Drive e: (1TB Storage) (Fixed) (Total:931.51 GB) (Free:928.46 GB) (Model: ST1000DM003-1CH162) NTFS
Drive f: (2TB Games) (Fixed) (Total:1863 GB) (Free:1245.29 GB) (Model: Samsung SSD 970 EVO Plus 2TB) NTFS
Drive g: (4TB Games) (Fixed) (Total:3726.01 GB) (Free:1961.7 GB) (Model: CT4000P3PSSD8) NTFS

\\?\Volume{757ebd54-dc08-4f2d-91a0-263e898b80a4}\ () (Fixed) (Total:0.49 GB) (Free:0.05 GB) NTFS
\\?\Volume{1a8c6f05-8312-4e2c-b6f8-ca9fd9427567}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: 90A11827)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[rickyralph]

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-01-2023
Ran by Rich (28-01-2023 09:30:46) Run:1
Running from C:\Users\Rich\Documents\Tools
Loaded Profiles: Rich & lkClassAds
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
Task: {02E02FA7-452B-4D39-9B8F-DE9330DC4096} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -startupTask (No File)
Task: {2A597280-EE92-4DD5-B967-28ED70EDD30C} - System32\Tasks\NIUpdateServiceRetryCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {3304BE02-5178-4DEF-A751-51A81943382F} - System32\Tasks\MicrosoftMalwareProtection => C:\Program Files\WindowsMalwareProtection\config\MicrosoftMalwareProtection.exe [1511913120 2022-11-05] () [File not signed] <==== ATTENTION'
Task: {47ACF60A-1773-48CB-8A69-BC26D44B3089} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe -c -task (No File)
Task: {8C9D294A-AF66-4F54-924D-57655B3518F3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-128556331-799817740-448323406-500 => C:\Users\Rich\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {D05EC4F9-617D-4A3B-AABD-307865FE0F55} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe -appexecutable nup.exe -tuds (No File)
Task: {E8247A4D-FDB5-47A7-8FCE-DA02FE5B8EA1} - System32\Tasks\Norton Utility\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\ActiveBridge.exe -appexecutable NUP.exe -ammode (No File)
S3 Rockstar Service; "G:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
2020-12-21 11:09 - 2022-09-18 09:36 - 001065984 _____ () C:\Users\Rich\AppData\Local\file__0.localstorage
2023-01-22 21:43 - 2023-01-22 21:43 - 000001551 _____ () C:\Users\Rich\AppData\Local\recently-used.xbel
2023-01-14 00:22 - 2023-01-14 12:40 - 000007601 _____ () C:\Users\Rich\AppData\Local\Resmon.ResmonCfg
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Rich\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F}\localserver32 -> "C:\Program Files\cFosSpeed\cfosspeed.exe" -ToastActivated => No File
AlternateDataStreams: C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg:com.dropbox.attrs [58]
FirewallRules: [{8B9F1386-97B5-4E11-A5F5-59842A2C764D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{797F7B8D-2068-40FD-AD3E-249EF993974B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{5F16B855-4594-40ED-B0D6-394D50EBE777}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{E6117CE9-976D-4014-AD44-80F3FF976A5A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{C0E38396-2464-4DD3-9507-BCA4B7AF6F7A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{A301819B-5C0A-4572-A1F4-3EE5A7F61E41}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{A0ECF37E-FF40-4587-8DC2-FE27C9CD99D7}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe => No File
FirewallRules: [{78F2CAC7-A446-4040-93D1-120014E585DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{50140A6E-5A81-48C5-A5C6-B98524AC5B75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{5D8FBEFD-7BF8-431E-A705-517B0C66BE66}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{34C42213-7BEB-42A2-AB06-2B71D9779643}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{9684DBF5-BAE2-4FF4-9123-2BEF00DE4D1F}] => (Allow) D:\Program Files\FormatFactory\FormatFactory.exe => No File
FirewallRules: [{AA7A8B73-9E1F-4F77-8F7E-901CF9024711}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Explorers\PE_Launcher.exe => No File
FirewallRules: [{4F80BAFB-6954-46DA-99B8-1A86ABED4F9F}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Explorers\PE_Launcher.exe => No File
FirewallRules: [{0E7F34D8-FC98-4D54-A01D-15936667FEB1}] => (Allow) G:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{95052E8A-0AE1-4478-BABD-96B446FD7112}] => (Allow) G:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{914CF361-B37F-469F-BB6E-A12F66FC6BFE}] => (Allow) G:\Program Files\Steam\steamapps\common\Miscreated\Miscreated.exe => No File
FirewallRules: [{367BE639-A2AE-4B17-B362-6BCD4DB95E48}] => (Allow) G:\Program Files\Steam\steamapps\common\Miscreated\Miscreated.exe => No File
FirewallRules: [{324598A9-69E6-43CF-ACB0-860FF53D7112}] => (Allow) G:\Program Files\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe => No File
FirewallRules: [{B325BAB5-836B-4C72-952B-99D48185CD7A}] => (Allow) G:\Program Files\Steam\steamapps\common\Novus Inceptio\NovusInceptio.exe => No File
FirewallRules: [{F31A55B2-CB9D-404C-A462-C1B4D5420B18}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Nomads\PlanetNomads.exe => No File
FirewallRules: [{CAB04CE6-4B4C-4978-AB80-297993AD2D1B}] => (Allow) G:\Program Files\Steam\steamapps\common\Planet Nomads\PlanetNomads.exe => No File
FirewallRules: [{3721D2DE-8BDA-4E31-A1F5-34C844100FBB}] => (Allow) F:\Program Files\Steam\steam.exe => No File
FirewallRules: [{8A50A544-3BFA-4EFC-9B9D-8098CBF947A8}] => (Allow) F:\Program Files\Steam\steam.exe => No File
FirewallRules: [{BAFCD2C2-D927-49D6-967E-FE0B2C0D008D}] => (Allow) F:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{56E96F64-12A6-4F78-9851-A1E9E2848B37}] => (Allow) F:\Program Files\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{66F4FE14-D171-448B-9A6A-ECBB1C044B94}] => (Allow) F:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{0157E20A-4522-496B-B428-FCECC5305E7A}] => (Allow) F:\Program Files\Steam\steamapps\common\Rust\Rust.exe => No File
FirewallRules: [{2FE8B8B7-7567-460D-9BD4-3D011F18E6AB}] => (Allow) F:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{0615D636-0836-4649-A9AE-31999A69019D}] => (Allow) F:\Program Files\Steam\steamapps\common\7 Days To Die\7dLauncher.exe => No File
FirewallRules: [{F9115A02-EA11-4F2B-A199-D4E2F16222FB}] => (Allow) F:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe => No File
FirewallRules: [{5DA1119E-7E55-4754-9426-2DB33D0267B0}] => (Allow) F:\Program Files\Steam\steamapps\common\FINAL FANTASY VII REMAKE\ff7remake.exe => No File
FirewallRules: [{308E134C-9F19-4D2D-B4FF-8B67200F3758}] => (Allow) F:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{1A69E187-F1AE-417F-B84D-3CE48BBC3070}] => (Allow) F:\Program Files\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe => No File
FirewallRules: [{A6553DF4-F8D5-4ECB-AB54-7814536F8712}] => (Allow) F:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{A5D53F17-037A-4A4F-9453-419525C8DDFE}] => (Allow) F:\Program Files\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{35943186-7929-45EE-ACD8-215706EEF6B2}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{EB095DAA-172D-4D57-823E-EB6442AB552E}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{F87BC7DD-60C8-4A18-A565-744B92D77A84}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{67122236-6F91-4D99-9D62-6D9BDB3AE63F}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File
FirewallRules: [{AFEF8070-778A-474C-981A-F62C795161CD}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe => No File
FirewallRules: [{F0CECF79-999D-4487-85BB-417EDC98CF59}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{73C7AFCB-FBB3-4254-952F-CC8E3606328E}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Warframe.x64.exe => No File
FirewallRules: [{EB85F752-4AF8-44AE-8BA7-13E06D7B017B}] => (Allow) C:\Users\Rich\AppData\Local\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe => No File

*****************

HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02E02FA7-452B-4D39-9B8F-DE9330DC4096}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02E02FA7-452B-4D39-9B8F-DE9330DC4096}" => removed successfully
C:\Windows\System32\Tasks\NIUpdateServiceStartupTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceStartupTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A597280-EE92-4DD5-B967-28ED70EDD30C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A597280-EE92-4DD5-B967-28ED70EDD30C}" => removed successfully
C:\Windows\System32\Tasks\NIUpdateServiceRetryCheckTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceRetryCheckTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3304BE02-5178-4DEF-A751-51A81943382F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3304BE02-5178-4DEF-A751-51A81943382F}" => removed successfully
C:\Windows\System32\Tasks\MicrosoftMalwareProtection => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftMalwareProtection" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47ACF60A-1773-48CB-8A69-BC26D44B3089}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47ACF60A-1773-48CB-8A69-BC26D44B3089}" => removed successfully
C:\Windows\System32\Tasks\NIUpdateServiceCheckTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIUpdateServiceCheckTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C9D294A-AF66-4F54-924D-57655B3518F3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C9D294A-AF66-4F54-924D-57655B3518F3}" => removed successfully
C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-128556331-799817740-448323406-500 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-128556331-799817740-448323406-500" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D05EC4F9-617D-4A3B-AABD-307865FE0F55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D05EC4F9-617D-4A3B-AABD-307865FE0F55}" => removed successfully
C:\Windows\System32\Tasks\TUDsDownloader => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TUDsDownloader" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8247A4D-FDB5-47A7-8FCE-DA02FE5B8EA1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8247A4D-FDB5-47A7-8FCE-DA02FE5B8EA1}" => removed successfully
C:\Windows\System32\Tasks\Norton Utility\ActiveSync-NortonUtility => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Utility\ActiveSync-NortonUtility" => removed successfully
HKLM\System\CurrentControlSet\Services\Rockstar Service => removed successfully
Rockstar Service => service removed successfully
C:\Users\Rich\AppData\Local\file__0.localstorage => moved successfully
C:\Users\Rich\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Rich\AppData\Local\Resmon.ResmonCfg => moved successfully
HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKU\S-1-5-21-128556331-799817740-448323406-1001_Classes\CLSID\{FD848478-65F5-4F01-ACD9-69195EC3631F} => removed successfully
C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg => ":com.dropbox.attributes" ADS removed successfully
C:\Users\Rich\Desktop\Photo Sep 29, 6 39 04 PM.jpg => ":com.dropbox.attrs" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8B9F1386-97B5-4E11-A5F5-59842A2C764D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{797F7B8D-2068-40FD-AD3E-249EF993974B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F16B855-4594-40ED-B0D6-394D50EBE777}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6117CE9-976D-4014-AD44-80F3FF976A5A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0E38396-2464-4DD3-9507-BCA4B7AF6F7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A301819B-5C0A-4572-A1F4-3EE5A7F61E41}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0ECF37E-FF40-4587-8DC2-FE27C9CD99D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78F2CAC7-A446-4040-93D1-120014E585DE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50140A6E-5A81-48C5-A5C6-B98524AC5B75}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5D8FBEFD-7BF8-431E-A705-517B0C66BE66}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{34C42213-7BEB-42A2-AB06-2B71D9779643}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9684DBF5-BAE2-4FF4-9123-2BEF00DE4D1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA7A8B73-9E1F-4F77-8F7E-901CF9024711}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4F80BAFB-6954-46DA-99B8-1A86ABED4F9F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E7F34D8-FC98-4D54-A01D-15936667FEB1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95052E8A-0AE1-4478-BABD-96B446FD7112}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{914CF361-B37F-469F-BB6E-A12F66FC6BFE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{367BE639-A2AE-4B17-B362-6BCD4DB95E48}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{324598A9-69E6-43CF-ACB0-860FF53D7112}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B325BAB5-836B-4C72-952B-99D48185CD7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F31A55B2-CB9D-404C-A462-C1B4D5420B18}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAB04CE6-4B4C-4978-AB80-297993AD2D1B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3721D2DE-8BDA-4E31-A1F5-34C844100FBB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A50A544-3BFA-4EFC-9B9D-8098CBF947A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAFCD2C2-D927-49D6-967E-FE0B2C0D008D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56E96F64-12A6-4F78-9851-A1E9E2848B37}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66F4FE14-D171-448B-9A6A-ECBB1C044B94}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0157E20A-4522-496B-B428-FCECC5305E7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FE8B8B7-7567-460D-9BD4-3D011F18E6AB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0615D636-0836-4649-A9AE-31999A69019D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9115A02-EA11-4F2B-A199-D4E2F16222FB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5DA1119E-7E55-4754-9426-2DB33D0267B0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{308E134C-9F19-4D2D-B4FF-8B67200F3758}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A69E187-F1AE-417F-B84D-3CE48BBC3070}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6553DF4-F8D5-4ECB-AB54-7814536F8712}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A5D53F17-037A-4A4F-9453-419525C8DDFE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35943186-7929-45EE-ACD8-215706EEF6B2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB095DAA-172D-4D57-823E-EB6442AB552E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F87BC7DD-60C8-4A18-A565-744B92D77A84}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67122236-6F91-4D99-9D62-6D9BDB3AE63F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AFEF8070-778A-474C-981A-F62C795161CD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0CECF79-999D-4487-85BB-417EDC98CF59}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73C7AFCB-FBB3-4254-952F-CC8E3606328E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB85F752-4AF8-44AE-8BA7-13E06D7B017B}" => removed successfully

==== End of Fixlog 09:30:46 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[rickyralph]

Results of screen317's Security Check version 0.99.93
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Malwarebytes
Norton 360
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````