Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Trojan Attack with Wacatac & Znyonm


  • This topic is locked This topic is locked
22 replies to this topic

#1 Xyneravyn

Xyneravyn

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 15 April 2024 - 06:53 PM

Hey, I downloaded a corrupted file two days ago and executed a shady .exe before noticing. Got hacked on several accounts like IG, Paypal and my MetaMask Wallet was drained (luckily only 300 Euro). I have since recovered my Paypal and prevented losses on that front. 

 

I am wondering now how to procede best in order to make sure no infected files remain. Windows defender busted a few programs, at first the scans didn't finish, I did some manual deletes from temp folder in secure mode and deleted Defender history and now full scan runs through and doesn't detect anything. I also used RKill before scanning. 

 

On the internet I hear conflicting takes ranging from I should be fine now to I should defo format my drive and backups I make now might be corrupted too.

 

Any help will be greatly appreciated!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.04.2024
Ran by paulm (administrator) on DESKTOP-NG833IV (16-04-2024 01:00:11)
Running from C:\Users\paulm\Downloads\FRST64.exe
Loaded Profiles: paulm
Platform: Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) Language: German (Germany) -> English (United Kingdom)
Default browser not detected!
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <6>
(C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe ->) (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> ) C:\Program Files\AMD\CNext\CNext\PresentMon-x64.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\LGHUB\lghub_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe <2>
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe ->) (Wondershare Technology Group Co.,Ltd -> ) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Core UX Service.exe
(C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe ->) (Wondershare Technology Group Co.,Ltd -> ) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Wsid Service.exe
(C:\Users\paulm\AppData\Local\TIDAL\app-2.36.2\TIDAL.exe ->) (TIDAL Music AS -> TIDAL Music AS) C:\Users\paulm\AppData\Local\TIDAL\app-2.36.2\resources\app.asar.unpacked\resources\win\TIDALPlayer.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Discord Inc. -> Discord Inc.) C:\Users\paulm\AppData\Local\Discord\app-1.0.9041\Discord.exe <6>
(DriverStore\FileRepository\u0401413.inf_amd64_997830838cb299a9\B401180\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0401413.inf_amd64_997830838cb299a9\B401180\atieclxx.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <22>
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Scarlet.Crush Productions) [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Wondershare Technology Group Co.,Ltd -> ) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\paulm\AppData\Local\Microsoft\OneDrive\24.055.0317.0002\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0401413.inf_amd64_997830838cb299a9\B401180\atiesrxx.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_5c8b7491ec867e20\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
(services.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(services.exe ->) (NoMachine S.a.r.l. -> NoMachine) C:\Program Files\NoMachine Enterprise Client\bin\nxservice64.exe
(services.exe ->) (Reincubate Limited -> Reincubate) C:\Program Files (x86)\Camo Studio\Service\CamoService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\paulm\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(svchost.exe ->) (Nefarius Software Solutions) [File not signed] C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe
(TIDAL Music AS -> TIDAL Music AS) C:\Users\paulm\AppData\Local\TIDAL\app-2.36.2\TIDAL.exe <7>
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Recorder Plugin] => C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe [7345392 2023-07-27] (Wondershare Technology Group Co.,Ltd -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [188808 2021-06-21] (Mixbyte Inc -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2044568 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4384104 2024-03-06] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [OpenOffice Updater] => C:\Users\paulm\AppData\Roaming\OpenOffice Updater\Updater.exe [365680 2019-11-03] (Arne Koenig -> ) <==== ATTENTION
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [Discord] => C:\Users\paulm\AppData\Local\Discord\Update.exe [1512040 2021-03-18] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13952992 2023-09-01] (GOG  sp. z o.o -> GOG.com)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [TIDAL] => C:\Users\paulm\AppData\Local\TIDAL\update.exe [1937688 2024-01-16] (TIDAL Music AS -> )
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37448168 2024-04-10] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [11411360 2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [MicrosoftEdgeAutoLaunch_797A2DBDD7213EBC9130902B164D2CF6] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4063800 2024-04-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [46056704 2024-03-10] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [145336 2024-04-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [203936 2023-08-01] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\NoMachine Port Monitor: C:\Program Files\NoMachine Enterprise Client\bin\libnxlp64.dll [6711872 2023-05-10] (NoMachine S.a.r.l. -> )
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [38832 2021-06-12] (PlotSoft LLC -> Windows ® Codename Longhorn DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\Installer\chrmstp.exe [2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2022-10-03]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {C414C77C-4D2F-454A-A8F0-4A3966D15194} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {A101E9D3-3601-444A-9A4D-1C4A4309A7BD} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {6080DCAD-417C-4B4A-AE7C-8C8A765C4FBE} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {4B1D6CAB-E9D0-4B44-BB97-1DA00C1EE97B} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{A5986FEE-AD5A-4830-BC78-AA12F70778A9} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {18167299-9F51-4E0E-97DD-7CC99BBC438B} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{EA8D9083-BCA0-4B3D-BEAF-106D8A73979E} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {6599B6CB-2DFF-4C85-8DF8-AF16E6EB7F97} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [4036480 2023-06-06] (Easeware Technology Limited -> Easeware) -> C:\Program Files\Easeware\DriverEasy\--scan
Task: {73B0ACF9-D664-4FFA-A503-BCB63120AC0A} - System32\Tasks\Git for Windows Updater => C:\Program Files\Git\git-bash.exe [137224 2023-08-30] (Johannes Schindelin -> The Git Development Community) -> --hide --no-needs-console --command=cmd\git.exe update-git-for-windows --quiet --gui
Task: {40333AFA-096F-4B58-B9F1-6503D52C1312} - System32\Tasks\Intel PTT EK Recertification => C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe [855664 2024-04-04] (Intel Corporation -> Intel® Corporation)
Task: {C345DF8A-F8FB-4045-89A8-0BC7B1812E79} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4910680 2024-02-21] (Intel Corporation -> Intel Corporation)
Task: {39193CDD-8E81-4CEA-A4A7-CC0E62C26DEB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4910680 2024-02-21] (Intel Corporation -> Intel Corporation)
Task: {1C480066-EF63-41C0-833C-E5F73705D88B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {045595DC-D52A-4F8C-9DC4-DA63DC082A1D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5FED66F-707F-41DF-B174-3AEFC4221AD0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3DEE4496-FF2D-4BA9-8261-2B39BB947F33} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DCB31883-DA5F-4DEE-871D-D3B36FEB2EAE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpCmdRun.exe [1654168 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3B73C6AE-F893-4911-A93D-033F520A446E} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {8A1EC5B7-1D98-4327-9832-17DC8A66D42F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [58704 2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {4ECFD581-3D7A-4353-A7FF-29D95F1DD2D9} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [322384 2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {955E0158-8995-439E-938B-05E2E9C40C06} - System32\Tasks\updater => C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]
Task: {2F2DD772-0389-4370-9CE2-EA929F021231} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [170496 2023-10-13] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{92b01cbb-a781-4be8-8004-0576539fc472}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{92b01cbb-a781-4be8-8004-0576539fc472}: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{92b01cbb-a781-4be8-8004-0576539fc472}\255646D69602E4F64756021303: [DhcpNameServer] 192.168.144.56
Tcpip\..\Interfaces\{92b01cbb-a781-4be8-8004-0576539fc472}\7416C6168797021453430253740264634353: [DhcpNameServer] 192.168.253.60
Tcpip\..\Interfaces\{92b01cbb-a781-4be8-8004-0576539fc472}\75C414E4D223B4E4B46324: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{92b01cbb-a781-4be8-8004-0576539fc472}\75C414E4D223B4E4B46324: [DhcpDomain] speedport.ip
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\paulm\AppData\Local\Microsoft\Edge\User Data\Default [2024-04-16]
Edge Extension: (Phantom) - C:\Users\paulm\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2024-04-08]
Edge Extension: (Google Docs Offline) - C:\Users\paulm\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-07]
Edge Extension: (Edge relevant text changes) - C:\Users\paulm\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-31]
 
FireFox:
========
FF DefaultProfile: 9v8q3ctv.default
FF ProfilePath: C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\9v8q3ctv.default [2021-10-08]
FF ProfilePath: C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release [2024-04-15]
FF Session Restore: Mozilla\Firefox\Profiles\t26ul9qy.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\t26ul9qy.default-release -> hxxps://trovo.live; hxxps://mail.uni-bonn.de; hxxps://www.immobilienscout24.de; hxxps://www.reddit.com; hxxps://online-go.com
FF Extension: (uBlock Origin) - C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-04-12]
FF Extension: (MetaMask) - C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release\Extensions\webextension@metamask.io.xpi [2024-03-28]
FF Extension: (Phantom) - C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release\Extensions\{7c42eea1-b3e4-4be4-a56f-82a5852b12dc}.xpi [2023-03-06]
FF Extension: (Video DownloadHelper) - C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2024-03-22]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2024-04-08]
FF Extension: (video downloader - CocoCut) - C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release\Extensions\{db329f96-f4db-4b6d-b270-2b84192d5308}.xpi [2022-10-10]
FF Extension: (Block Site) - C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Profiles\t26ul9qy.default-release\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2022-07-05]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
 
Chrome: 
=======
CHR HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fjoaledfpmneenckfbpdfhkmimnjocfa]
 
Brave: 
=======
BRA Profile: C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-04-16]
BRA Extension: (Phantom) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\bfnaelmomeimhlpmgjnjophhpkkoljpa [2024-04-10]
BRA Extension: (Keplr) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\dmkamcknogkgcdfhhbddcghachkejeap [2024-04-15]
BRA Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-04-10]
BRA Extension: (NordVPN - VPN proxy for privacy and security) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2024-04-15]
BRA Extension: (AdBlock — best ad blocker) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-04-15]
BRA Extension: (Inspect - Crypto | NFTs | DeFi | Web3) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kamfleanhcmjelnhaeljonilnmjpkcjc [2024-04-15]
BRA Extension: (MetaMask) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-04-10]
BRA Extension: ([SOLSniperNFT] Snipe best ranked NFTs!) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ogefhfdeljjlmhmbipoimkggolpeghan [2022-10-12]
BRA Extension: (Slope Wallet) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pocmplpaccanhmnllbbkpgfliimjljgo [2022-10-12]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-04-15]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-04-15]
BRA Extension: (Brave NTP background images) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-03-05]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-04-16]
BRA Extension: (Wallet Data Files Updater) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-11]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-04-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-11-12]
BRA Extension: (Brave Ads Resources) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\cmdlemldhabgmejfognbhdejendfeikd [2024-03-05]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-04-10]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-04-16]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-10-12]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-03-05]
BRA Extension: (Brave NTP sponsored images) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2024-04-15]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\paulm\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2024-01-11]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\123.1.64.122\elevation_service.exe [2671128 2024-04-11] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [174960 2022-10-12] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 CamoService; C:\Program Files (x86)\Camo Studio\Service\CamoService.exe [102384 2024-03-11] (Reincubate Limited -> Reincubate)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2023-05-17] (BioWare -> BioWare)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-03-27] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [291592 2024-03-27] (Intel Corporation -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1136040 2023-02-24] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [935344 2024-03-11] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-05-01] (Epic Games Inc. -> Epic Games, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [86920 2021-06-21] (Mixbyte Inc -> Freemake)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2348000 2023-09-01] (GOG  sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7173088 2023-09-01] (GOG  sp. z o.o -> GOG.com)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [234968 2024-03-15] (HP Inc. -> HP Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10994432 2024-03-10] (Logitech Inc -> Logitech, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [13142392 2024-04-02] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R2 nxservice; C:\Program Files\NoMachine Enterprise Client\bin\nxservice64.exe [7120304 2023-05-10] (NoMachine S.a.r.l. -> NoMachine)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1201648 2023-12-07] (Rockstar Games, Inc. -> Rockstar Games)
S3 updater; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpUpdater.exe [464384 2016-01-10] (Nefarius Software Solutions) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe [3199648 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe [133576 2024-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 acsock; C:\Windows\system32\DRIVERS\acsock64.sys [310216 2023-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [25688 2024-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2024-04-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0401413.inf_amd64_997830838cb299a9\B401180\amdkmdag.sys [100125200 2024-03-20] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [61888 2024-04-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 camodriver; C:\Windows\System32\DriverStore\FileRepository\camodriver.inf_amd64_99bad0a66e30f6f3\x64\camodriver.sys [36912 2024-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Reincubate Ltd.)
R3 Camo_e070661c-ac3f-4aae-aa3f-7d4e8ded5142; C:\Windows\System32\drivers\vacrnckd.sys [193120 2024-03-11] (Muzychenko Evgenii Viktorovich, IP -> )
R3 ks2avs; C:\Windows\System32\Drivers\ks2avs.sys [359784 2012-12-18] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
R3 ks2usb_svc; C:\Windows\System32\Drivers\ks2usb.sys [83816 2012-12-18] (NATIVE INSTRUMENTS GmbH -> Native Instruments GmbH)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2021-08-11] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2023-11-30] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2023-11-30] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2023-11-30] (Logitech Inc -> Logitech)
R3 MpKsl6e92d9e5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E062DC2-940D-491F-9786-E488D6B7874D}\MpKslDrv.sys [301336 2024-04-16] (Microsoft Windows -> Microsoft Corporation)
R2 nxfs; C:\Program Files\NoMachine Enterprise Client\bin\drivers\nxdisk\amd64\nxfs.sys [66032 2020-02-18] (Microsoft Windows Hardware Compatibility Publisher -> NoMachine)
R2 nxusbf; C:\Windows\System32\drivers\nxusbf.sys [114784 2022-09-13] (Microsoft Windows Hardware Compatibility Publisher -> NoMachine S.a.r.l)
R3 nxusbh; C:\Windows\System32\drivers\nxusbh.sys [121936 2022-09-13] (Microsoft Windows Hardware Compatibility Publisher -> NoMachine S.a.r.l)
R3 nxusbs; C:\Windows\System32\drivers\nxusbs.sys [33872 2022-09-13] (Microsoft Windows Hardware Compatibility Publisher -> NoMachine S.a.r.l)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2022-06-29] (nordvpn s.a. -> The OpenVPN Project)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74064 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20936 2024-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601376 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105760 2024-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\System32\drivers\wintun.sys [29592 2022-10-12] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X] <==== ATTENTION
U4 nxdeviced; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-16 01:53 - 2024-04-16 01:53 - 106692608 _____ C:\Windows\system32\config\SOFTWARE
2024-04-15 09:07 - 2024-04-15 09:09 - 000117514 _____ C:\Users\paulm\Downloads\Addition.txt
2024-04-15 09:05 - 2024-04-16 01:00 - 000036855 _____ C:\Users\paulm\Downloads\FRST.txt
2024-04-15 07:57 - 2024-04-15 07:58 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-04-15 07:57 - 2024-04-15 07:57 - 000000000 ____D C:\Windows\pss
2024-04-15 07:55 - 2024-04-15 07:55 - 000000000 ____D C:\Users\paulm\Desktop\Alte Firefox-Daten
2024-04-15 06:16 - 2024-04-16 01:00 - 000000000 ____D C:\FRST
2024-04-15 06:15 - 2024-04-15 06:15 - 002394112 _____ (Farbar) C:\Users\paulm\Downloads\FRST64.exe
2024-04-15 04:40 - 2024-04-15 04:42 - 000001872 _____ C:\Users\paulm\Desktop\Rkill.txt
2024-04-15 04:40 - 2024-04-15 04:40 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\paulm\Downloads\rkill (2).exe
2024-04-15 04:28 - 2024-04-16 01:52 - 000000000 ____D C:\Windows\Microsoft Antimalware
2024-04-15 00:13 - 2024-04-15 00:13 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\paulm\Downloads\rkill.exe
2024-04-15 00:13 - 2024-04-15 00:13 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\paulm\Downloads\rkill (1).exe
2024-04-14 16:24 - 2024-04-14 16:24 - 003244475 _____ C:\Users\paulm\Downloads\toaz.info-miller-jason-the-sorcererx27s-secretsstrategies-in-practical-magick-pr_febeb5ccc3fc91798e4245d4ffd9b395.pdf
2024-04-13 19:18 - 2024-04-13 19:18 - 000121604 _____ C:\Users\paulm\Downloads\serum presets-20240413T171840Z-001.zip
2024-04-13 19:13 - 2024-04-13 19:13 - 000000000 ____D C:\Users\paulm\Documents\Xfer
2024-04-13 19:13 - 2024-04-13 19:13 - 000000000 ____D C:\Program Files\Xfer Records
2024-04-13 19:13 - 2024-04-13 19:13 - 000000000 ____D C:\Program Files\Common Files\VST3
2024-04-13 19:13 - 2024-04-13 19:13 - 000000000 ____D C:\Program Files\Common Files\Avid
2024-04-13 18:06 - 2024-04-13 19:15 - 000000000 ____D C:\Users\paulm\Desktop\prsts
2024-04-13 17:51 - 2024-04-13 17:51 - 162201512 _____ C:\Users\paulm\Downloads\Xfer Records - Serum 1.357.7z
2024-04-13 17:45 - 2024-04-13 17:52 - 000000000 ____D C:\Users\paulm\Desktop\SERUM
2024-04-13 17:45 - 2024-04-13 17:45 - 000000000 ____D C:\Users\paulm\Desktop\New folder (4)
2024-04-13 17:44 - 2024-04-13 17:44 - 000000000 ____D C:\Users\paulm\AppData\Roaming\FHM
2024-04-13 17:34 - 2024-04-13 17:34 - 024904312 _____ ( ) C:\Users\paulm\Downloads\VitalInstaller.exe
2024-04-12 20:35 - 2024-04-12 20:35 - 000149788 _____ C:\Users\paulm\Downloads\photo1712946880.jpeg
2024-04-12 15:45 - 2024-04-12 15:45 - 000020861 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-04-12 15:45 - 2024-04-12 15:45 - 000020861 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-04-12 15:40 - 2024-04-12 15:40 - 000000000 ___HD C:\$WinREAgent
2024-04-10 01:39 - 2024-04-10 01:39 - 000000000 ____D C:\Users\paulm\AppData\Local\ATI
2024-04-10 00:44 - 2024-04-10 00:44 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2024-04-10 00:44 - 2024-02-22 09:58 - 000047240 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2024-04-07 15:44 - 2024-04-16 00:53 - 000003118 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2024-04-07 15:44 - 2024-04-07 15:44 - 000003484 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2024-04-07 15:44 - 2024-04-07 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2024-04-07 15:44 - 2024-04-07 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2024-04-07 15:42 - 2024-03-20 20:00 - 002100752 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-04-07 15:42 - 2024-03-20 20:00 - 002100752 _____ C:\Windows\system32\vulkaninfo.exe
2024-04-07 15:42 - 2024-03-20 20:00 - 001658896 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-04-07 15:42 - 2024-03-20 20:00 - 001658896 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-04-07 15:42 - 2024-03-20 20:00 - 001465784 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-04-07 15:42 - 2024-03-20 20:00 - 001465784 _____ C:\Windows\system32\vulkan-1.dll
2024-04-07 15:42 - 2024-03-20 20:00 - 001307232 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-04-07 15:42 - 2024-03-20 20:00 - 001307232 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-04-07 15:42 - 2024-03-20 20:00 - 000731152 _____ C:\Windows\system32\hiprt0200064.dll
2024-04-07 15:42 - 2024-03-20 20:00 - 000607760 _____ C:\Windows\system32\GameManager64.dll
2024-04-07 15:42 - 2024-03-20 20:00 - 000460816 _____ C:\Windows\SysWOW64\GameManager32.dll
2024-04-07 15:42 - 2024-03-20 19:59 - 000998416 _____ (AMD) C:\Windows\system32\atieclxx.exe
2024-04-07 15:42 - 2024-03-20 19:59 - 000535568 _____ C:\Windows\system32\atieah64.exe
2024-04-07 15:42 - 2024-03-20 19:59 - 000502288 _____ C:\Windows\system32\EEURestart.exe
2024-04-07 15:42 - 2024-03-20 19:59 - 000404392 _____ C:\Windows\SysWOW64\atieah32.exe
2024-04-07 15:42 - 2024-03-20 19:59 - 000266256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2024-04-07 15:42 - 2024-03-20 19:59 - 000226936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2024-04-07 15:42 - 2024-03-20 19:59 - 000196216 _____ (AMD) C:\Windows\system32\atimuixx.dll
2024-04-07 15:42 - 2024-03-20 19:59 - 000183712 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2024-04-07 15:42 - 2024-03-20 19:59 - 000146960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 011526376 _____ C:\Windows\system32\amdsmi.exe
2024-04-07 15:42 - 2024-03-20 19:58 - 002222208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsasrv64.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 001314832 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsacli64.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 001254416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 001055248 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 001039376 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdsacli32.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 000473000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 000138768 _____ C:\Windows\system32\amdxc64.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 000114816 _____ C:\Windows\SysWOW64\amdxc32.dll
2024-04-07 15:42 - 2024-03-20 19:58 - 000074768 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 105804920 _____ C:\Windows\system32\amd_comgr_2.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 089173624 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 021762176 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 018444416 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64_6.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 001725640 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 001400208 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000801296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000678416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000568336 _____ C:\Windows\system32\amdgfxinfo64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000543248 _____ C:\Windows\system32\dgtrayicon.exe
2024-04-07 15:42 - 2024-03-20 19:57 - 000524928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000471056 _____ C:\Windows\system32\amdlogum.exe
2024-04-07 15:42 - 2024-03-20 19:57 - 000432144 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000389760 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000361080 _____ C:\Windows\system32\clinfo.exe
2024-04-07 15:42 - 2024-03-20 19:57 - 000176656 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000167240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000167144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000159776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000145424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000136688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000136576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000131360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000051216 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2024-04-07 15:42 - 2024-03-20 19:57 - 000048144 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2024-04-07 15:42 - 2024-03-20 19:56 - 000567944 _____ C:\Windows\system32\amdmiracast.dll
2024-04-07 15:42 - 2024-03-20 19:56 - 000177160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2024-04-07 15:42 - 2024-03-20 19:56 - 000151208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2024-04-07 15:41 - 2024-03-20 19:57 - 105432696 _____ C:\Windows\system32\amd_comgr.dll
2024-04-07 15:38 - 2024-04-07 15:38 - 045553272 _____ (AMD Inc.) C:\Users\paulm\Downloads\amd-software-adrenalin-edition-24.3.1-minimalsetup-240320_web (1).exe
2024-04-07 15:37 - 2024-04-07 15:37 - 045553272 _____ (AMD Inc.) C:\Users\paulm\Downloads\amd-software-adrenalin-edition-24.3.1-minimalsetup-240320_web.exe
2024-04-04 19:46 - 2024-04-04 19:46 - 000388469 _____ C:\Users\paulm\Downloads\Karrieretag Bonn.pdf
2024-04-04 19:45 - 2024-04-04 19:45 - 000388469 _____ C:\Users\paulm\Downloads\Ticket.pdf
2024-04-04 19:28 - 2024-04-04 19:28 - 000007621 _____ C:\Users\paulm\Downloads\Qigong.html
2024-04-04 19:28 - 2024-04-04 19:28 - 000000000 ____D C:\Users\paulm\Downloads\Qigong_files
2024-04-04 19:24 - 2024-04-04 19:24 - 000007693 _____ C:\Users\paulm\Downloads\TAI CHI.html
2024-04-04 19:24 - 2024-04-04 19:24 - 000000000 ____D C:\Users\paulm\Downloads\TAI CHI_files
2024-04-04 19:19 - 2024-04-04 19:19 - 000008148 _____ C:\Users\paulm\Downloads\Bestätigung.html
2024-04-04 19:19 - 2024-04-04 19:19 - 000000000 ____D C:\Users\paulm\Downloads\Bestätigung_files
2024-04-04 16:21 - 2024-04-04 16:21 - 000124627 _____ C:\Users\paulm\Downloads\photo1712240460.jpeg
2024-04-04 16:18 - 2024-04-04 16:18 - 000151093 _____ C:\Users\paulm\Downloads\Studienbescheinigung WiSe 2023 24.pdf
2024-04-04 00:15 - 2024-04-04 00:15 - 001315816 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2024-04-04 00:14 - 2024-04-04 00:14 - 006121304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2024-04-04 00:14 - 2024-04-04 00:14 - 005191864 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwtw10.sys
2024-04-04 00:14 - 2024-04-04 00:14 - 001472184 _____ (Intel Corporation) C:\Windows\system32\IntelIHVRouter10.dll
2024-04-04 00:13 - 2024-04-04 00:13 - 000338952 _____ (Intel Corporation) C:\Windows\system32\JHI64.dll
2024-04-04 00:13 - 2024-04-04 00:13 - 000323080 _____ (Intel Corporation) C:\Windows\system32\TEEManagement64.dll
2024-04-04 00:13 - 2024-04-04 00:13 - 000273928 _____ (Intel Corporation) C:\Windows\SysWOW64\JHI.dll
2024-04-04 00:13 - 2024-04-04 00:13 - 000261128 _____ (Intel Corporation) C:\Windows\SysWOW64\TEEManagement.dll
2024-04-04 00:12 - 2024-04-04 00:12 - 000049584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ANR-bgproc-Lib.dll
2024-04-04 00:10 - 2024-04-04 00:10 - 002120640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2024-04-04 00:10 - 2024-04-04 00:10 - 001631168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2024-04-04 00:10 - 2024-04-04 00:10 - 001631168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2024-04-04 00:10 - 2024-04-04 00:10 - 000132544 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2024-04-04 00:10 - 2024-04-04 00:10 - 000108592 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2024-04-04 00:08 - 2024-04-04 00:09 - 105728848 _____ C:\Windows\system32\amdxc64.so
2024-04-04 00:06 - 2024-04-04 00:06 - 007549888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdadlx64.dll
2024-04-04 00:06 - 2024-04-04 00:06 - 007329728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdadlx32.dll
2024-04-03 16:59 - 2024-04-15 07:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-03 00:33 - 2024-04-03 00:33 - 000000000 ____D C:\Users\paulm\AppData\Roaming\Arrowhead
2024-04-03 00:33 - 2024-04-02 21:29 - 013142392 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2024-04-02 21:29 - 2024-04-02 21:29 - 000000222 _____ C:\Users\paulm\Desktop\HELLDIVERS™ 2.url
2024-04-02 06:25 - 2024-04-02 21:29 - 000000000 ____D C:\Users\paulm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-04-02 04:09 - 2024-04-02 04:09 - 000000000 ____D C:\Users\paulm\AppData\Local\ModTheSpire
2024-03-30 05:01 - 2024-03-30 07:23 - 000022910 _____ C:\Users\paulm\Documents\conclusion.odt
2024-03-30 03:35 - 2024-03-30 03:35 - 000027376 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_419008085946622.dll
2024-03-28 22:27 - 2024-03-29 00:49 - 000041199 _____ C:\Users\paulm\Documents\fantasy term paper 2.0(2).odt
2024-03-27 18:00 - 2024-03-27 18:00 - 000097773 _____ C:\Users\paulm\Downloads\GJoIzv_XkAE9cPl.jfif
2024-03-25 00:28 - 2024-03-25 00:28 - 000000053 _____ C:\Users\paulm\.git-for-windows-updater
2024-03-23 18:26 - 2024-03-23 18:26 - 000007334 _____ C:\Users\paulm\Desktop\New OpenDocument Text (9).odt
2024-03-22 19:20 - 2024-03-25 23:21 - 000043760 _____ C:\Users\paulm\Documents\fantasy term paper 2.0.1.odt
2024-03-22 07:12 - 2024-03-22 07:12 - 000009055 _____ C:\Users\paulm\Documents\blast.odt
2024-03-21 17:11 - 2024-03-21 17:11 - 000000000 ____D C:\Users\paulm\AppData\Local\ToastNotificationManagerCompat
2024-03-21 17:11 - 2024-03-21 17:11 - 000000000 ____D C:\Users\paulm\.android
2024-03-21 17:10 - 2024-03-21 17:10 - 000001971 _____ C:\Users\Public\Desktop\Camo Studio.lnk
2024-03-21 17:10 - 2024-03-21 17:10 - 000001049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camo Studio.lnk
2024-03-21 17:10 - 2024-03-21 17:10 - 000000000 ____D C:\Users\paulm\AppData\Roaming\Reincubate
2024-03-21 17:10 - 2024-03-21 17:10 - 000000000 ____D C:\Program Files (x86)\Camo Studio
2024-03-21 17:09 - 2024-03-21 17:10 - 092798976 _____ C:\Users\paulm\Downloads\camo-windows-latest.msi
2024-03-21 17:09 - 2024-03-21 17:10 - 092798976 _____ C:\Users\paulm\Downloads\camo-windows-latest (1).msi
2024-03-21 03:37 - 2024-03-21 03:37 - 002314718 _____ C:\Users\paulm\Downloads\Learning Agreement FINAL-3.pdf
2024-03-21 03:33 - 2024-03-21 03:33 - 002314718 _____ C:\Users\paulm\Downloads\Learning Agreement FINAL-2.pdf
2024-03-21 03:29 - 2024-03-21 03:29 - 002314718 _____ C:\Users\paulm\Downloads\Learning Agreement FINAL-1.pdf
2024-03-21 03:27 - 2024-03-21 03:27 - 002314718 _____ C:\Users\paulm\Downloads\Learning Agreement FINAL.pdf
2024-03-21 03:26 - 2024-03-21 03:26 - 001883931 _____ C:\Users\paulm\Downloads\Rest.pdf
2024-03-21 03:26 - 2024-03-21 03:26 - 000379307 _____ C:\Users\paulm\Downloads\Signed whole.pdf
2024-03-21 03:25 - 2024-03-21 03:25 - 000641298 _____ C:\Users\paulm\Downloads\Seite 1 verbessert.pdf
2024-03-21 03:21 - 2024-03-21 03:21 - 000000000 ____D C:\Users\paulm\Downloads\LearningAgreementFinal1
2024-03-21 03:21 - 2024-03-21 03:21 - 000000000 ____D C:\Users\paulm\Desktop\LearningAgreementFinal1
2024-03-21 03:05 - 2024-03-21 03:10 - 000000000 ____D C:\Users\paulm\Documents\UPDF
2024-03-21 03:05 - 2024-03-21 03:09 - 000000000 ____D C:\Users\paulm\AppData\Local\UPDF
2024-03-21 03:05 - 2024-03-21 03:06 - 000000000 ____D C:\Users\Public\AppData\Local\UPDF
2024-03-21 03:05 - 2024-03-21 03:05 - 000001012 _____ C:\Users\paulm\Desktop\UPDF.lnk
2024-03-21 03:05 - 2024-03-21 03:05 - 000000000 ____D C:\Users\paulm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UPDF
2024-03-21 03:05 - 2024-03-21 03:05 - 000000000 ____D C:\Users\paulm\AppData\Local\WebView
2024-03-21 03:05 - 2024-03-21 03:05 - 000000000 ____D C:\Program Files (x86)\UPDF
2024-03-21 03:04 - 2024-03-21 03:05 - 000000000 ____D C:\Users\paulm\AppData\Local\UPDFSetup
2024-03-21 03:04 - 2024-03-21 03:04 - 000000000 ____D C:\Program Files (x86)\UPDF_Win
2024-03-21 03:00 - 2024-03-21 03:00 - 000001165 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2024-03-21 03:00 - 2024-03-21 03:00 - 000001135 _____ C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
2024-03-21 03:00 - 2024-03-21 03:00 - 000000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2024-03-21 03:00 - 2024-03-21 03:00 - 000000000 ____D C:\Users\paulm\Documents\My PDFill
2024-03-21 03:00 - 2024-03-21 03:00 - 000000000 ____D C:\ProgramData\PlotSoft
2024-03-21 03:00 - 2024-03-21 03:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2024-03-21 03:00 - 2024-03-21 03:00 - 000000000 ____D C:\Program Files (x86)\PlotSoft
2024-03-21 02:53 - 2024-03-21 02:53 - 000269115 _____ C:\Users\paulm\Downloads\LearningAgreementFinal.pdf
2024-03-18 23:53 - 2024-03-18 23:58 - 000000335 _____ C:\Users\paulm\Desktop\New Text Document (5).txt
2024-03-18 17:08 - 2024-03-18 17:08 - 000233095 _____ C:\Users\paulm\Downloads\photo1710773985.jpeg
2024-03-18 17:08 - 2024-03-18 17:08 - 000198590 _____ C:\Users\paulm\Downloads\photo1710773985(1).jpeg
2024-03-17 23:10 - 2024-03-17 23:10 - 000514741 _____ C:\Users\paulm\Downloads\273804__brainclaim__dark-choir-singing.wav.asd
2024-03-17 23:10 - 2024-03-17 23:10 - 000152805 _____ C:\Users\paulm\Downloads\584225__diboz__spooks.flac.asd
2024-03-17 23:10 - 2024-03-17 23:10 - 000124828 _____ C:\Users\paulm\Downloads\437475__camel7695__short-eerie-chorus.wav.asd
2024-03-17 23:09 - 2024-03-17 23:10 - 007848095 _____ C:\Users\paulm\Downloads\584225__diboz__spooks.flac
2024-03-17 23:09 - 2024-03-17 23:09 - 030048524 _____ C:\Users\paulm\Downloads\273804__brainclaim__dark-choir-singing.wav
2024-03-17 23:09 - 2024-03-17 23:09 - 007134748 _____ C:\Users\paulm\Downloads\437475__camel7695__short-eerie-chorus.wav
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-04-16 00:55 - 2022-04-15 20:21 - 000000000 ____D C:\Users\paulm\AppData\Roaming\TIDAL
2024-04-16 00:55 - 2021-12-17 01:28 - 000000000 ____D C:\Windows\SystemTemp
2024-04-16 00:55 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-16 00:54 - 2023-11-30 20:23 - 000000000 ____D C:\Users\paulm\AppData\Local\LGHUB
2024-04-16 00:54 - 2021-05-21 00:09 - 000000000 ____D C:\Users\paulm\AppData\Roaming\discord
2024-04-16 00:54 - 2021-05-21 00:09 - 000000000 ____D C:\Users\paulm\AppData\Local\Discord
2024-04-16 00:54 - 2021-05-15 18:19 - 000000000 ____D C:\Program Files (x86)\Steam
2024-04-16 00:53 - 2023-10-02 12:22 - 000000000 ____D C:\ProgramData\Wondershare DemoCreator Spark
2024-04-16 00:53 - 2023-10-02 12:21 - 000000000 ____D C:\ProgramData\Wondershare DemoCreator
2024-04-16 00:53 - 2021-05-15 18:38 - 000003110 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2024-04-16 00:53 - 2020-11-19 01:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-04-16 00:48 - 2021-10-13 15:17 - 000001426 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2024-04-16 00:48 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-04-15 08:12 - 2022-05-01 12:11 - 000477958 _____ C:\Windows\system32\perfh011.dat
2024-04-15 08:12 - 2022-05-01 12:11 - 000132836 _____ C:\Windows\system32\perfc011.dat
2024-04-15 08:12 - 2021-05-15 23:07 - 002334564 _____ C:\Windows\system32\PerfStringBackup.INI
2024-04-15 08:12 - 2019-12-07 16:50 - 000743876 _____ C:\Windows\system32\perfh007.dat
2024-04-15 08:12 - 2019-12-07 16:50 - 000150298 _____ C:\Windows\system32\perfc007.dat
2024-04-15 08:12 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2024-04-15 07:56 - 2022-02-09 18:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-04-15 07:51 - 2021-08-27 22:59 - 000000000 ____D C:\Users\paulm\AppData\Local\Google
2024-04-15 07:51 - 2021-08-27 22:59 - 000000000 ____D C:\Program Files (x86)\Google
2024-04-15 07:27 - 2021-10-06 19:03 - 000000000 ____D C:\Users\paulm\AppData\Roaming\Ledger Live
2024-04-15 07:23 - 2021-05-15 18:14 - 000000000 ____D C:\Users\paulm\AppData\Local\D3DSCache
2024-04-15 05:46 - 2020-11-19 00:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-04-15 03:19 - 2021-05-16 00:26 - 000000000 ____D C:\Users\paulm\AppData\Local\ElevatedDiagnostics
2024-04-15 03:15 - 2023-08-16 11:52 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-04-15 03:15 - 2022-10-12 18:39 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-04-15 03:15 - 2022-10-12 18:39 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-04-15 03:15 - 2021-09-20 21:24 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-04-15 01:19 - 2021-06-18 18:29 - 000000000 ___RD C:\Users\paulm\Desktop\Set Project
2024-04-15 00:19 - 2021-05-17 20:15 - 000000000 ____D C:\Users\paulm\Documents\VST
2024-04-14 21:09 - 2021-05-17 19:06 - 000000000 ____D C:\Users\paulm\Documents\Max 8
2024-04-14 17:14 - 2023-04-24 20:16 - 000000000 ____D C:\Users\paulm\Desktop\100 enigmatic samples
2024-04-14 16:11 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-04-14 16:11 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2024-04-14 04:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat
2024-04-14 03:28 - 2020-11-19 01:37 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-13 19:21 - 2021-05-17 20:34 - 000000000 ____D C:\Users\paulm\AppData\Roaming\Xfer
2024-04-13 17:29 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-04-13 15:36 - 2020-11-19 00:34 - 000355008 _____ C:\Windows\system32\FNTCACHE.DAT
2024-04-13 15:36 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2024-04-13 15:36 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-04-13 15:36 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2024-04-13 15:35 - 2023-12-16 17:18 - 000000000 ____D C:\Windows\InboxApps
2024-04-13 15:35 - 2022-07-28 17:41 - 000000000 ____D C:\Windows\en-GB
2024-04-13 15:35 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-04-13 15:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\DDFs
2024-04-13 15:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-04-13 15:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2024-04-13 15:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2024-04-12 15:47 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2024-04-12 15:45 - 2020-11-19 01:36 - 003017216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-04-12 05:09 - 2023-11-13 23:56 - 000000000 ____D C:\Users\paulm\AppData\Roaming\paradox-launcher-v2
2024-04-12 01:19 - 2021-05-15 18:34 - 000000000 ____D C:\Users\paulm\AppData\Local\AMD_Common
2024-04-11 18:50 - 2023-06-20 14:54 - 000000000 ___HD C:\Users\paulm\.nx
2024-04-11 18:27 - 2022-10-12 02:57 - 000002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2024-04-11 18:27 - 2022-10-12 02:57 - 000002315 _____ C:\Users\Public\Desktop\Brave.lnk
2024-04-11 16:04 - 2023-06-20 14:52 - 000044980 _____ C:\Users\paulm\Downloads\Telefonie@Home.nxs
2024-04-11 13:17 - 2021-05-15 20:17 - 000000000 ____D C:\Windows\system32\MRT
2024-04-11 13:15 - 2021-05-15 20:17 - 192651728 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-04-10 20:59 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2024-04-10 10:12 - 2020-11-19 01:34 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-04-10 10:08 - 2021-09-24 15:29 - 000003834 _____ C:\Windows\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2024-04-10 00:44 - 2021-09-23 16:57 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2024-04-10 00:44 - 2021-09-23 16:57 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2024-04-09 13:46 - 2021-05-15 18:14 - 000000000 ____D C:\Users\paulm\AppData\Local\Packages
2024-04-08 22:21 - 2022-10-12 02:57 - 000004024 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{EA8D9083-BCA0-4B3D-BEAF-106D8A73979E}
2024-04-08 22:21 - 2022-10-12 02:57 - 000003900 _____ C:\Windows\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{A5986FEE-AD5A-4830-BC78-AA12F70778A9}
2024-04-08 22:20 - 2021-12-13 16:16 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2822836515-2594661799-1331936652-1001
2024-04-08 22:20 - 2021-05-15 18:15 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2822836515-2594661799-1331936652-1001
2024-04-08 22:20 - 2021-05-15 18:12 - 000002383 _____ C:\Users\paulm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-04-07 15:50 - 2021-05-15 18:40 - 000000000 ____D C:\Users\paulm\AppData\Local\AMD
2024-04-07 15:44 - 2021-05-15 18:37 - 000003152 _____ C:\Windows\system32\Tasks\StartCN
2024-04-07 15:44 - 2021-05-15 18:37 - 000003072 _____ C:\Windows\system32\Tasks\StartDVR
2024-04-07 15:44 - 2021-05-15 18:34 - 000000000 ____D C:\Program Files\AMD
2024-04-07 15:44 - 2021-05-15 18:34 - 000000000 ____D C:\AMD
2024-04-04 01:23 - 2020-11-19 01:36 - 000003756 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-04 01:23 - 2020-11-19 01:36 - 000003632 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-04 00:17 - 2021-05-15 18:39 - 000003840 _____ C:\Windows\system32\Tasks\Intel PTT EK Recertification
2024-04-04 00:12 - 2021-05-15 18:38 - 000000000 ____D C:\Windows\system32\AMD
2024-04-04 00:06 - 2021-05-15 18:37 - 000061888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdxe.sys
2024-04-02 07:19 - 2021-05-15 18:12 - 000000000 ____D C:\Users\paulm
2024-03-29 20:01 - 2023-05-12 03:11 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-03-29 20:01 - 2021-05-15 18:37 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-23 18:37 - 2021-11-18 13:55 - 000000000 ____D C:\Users\paulm\AppData\Roaming\Telegram Desktop
2024-03-17 14:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-03-17 14:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2024-03-17 14:28 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-03-17 14:28 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
 
==================== Files in the root of some directories ========
 
2023-03-06 21:20 - 2023-03-06 21:20 - 454686437 _____ () C:\Program Files\Native Instruments.zip
2022-11-30 21:55 - 2022-11-30 21:55 - 008388608 _____ () C:\Users\paulm\AppData\Roaming\fs_1024x2048_f_saw.dat
2022-11-30 21:55 - 2022-11-30 21:55 - 008388608 _____ () C:\Users\paulm\AppData\Roaming\fs_1024x2048_f_tri.dat
2024-02-19 19:11 - 2024-02-19 19:11 - 000002096 _____ () C:\Users\paulm\AppData\Local\recently-used.xbel
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2024-03-18 16:06:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.407.492.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2023-09-28 07:02:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Aktuell
Error Code: 0x80501102
Error description: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". 
Security intelligence Version: 1.397.1638.0;1.397.1638.0
Engine Version: 1.1.23080.2005
 
CodeIntegrity:
===============
Date: 2024-04-16 00:54:00
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\paulm\AppData\Local\Discord\app-1.0.9041\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook32.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P1.50 09/03/2020
Motherboard: ASRock B460 Steel Legend
Processor: Intel® Core™ i7-10700F CPU @ 2.90GHz
Percentage of memory in use: 48%
Total physical RAM: 16314.16 MB
Available physical RAM: 8352.09 MB
Total Virtual: 38842.16 MB
Available Virtual: 26162.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.25 GB) (Free:50.64 GB) (Model: Patriot M.2 P300) NTFS
Drive d: (New Volume) (Fixed) (Total:1863 GB) (Free:613.33 GB) (Model: CT2000P3SSD8) NTFS
Drive e: (INTENSO) (Removable) (Total:7.49 GB) (Free:7.49 GB) FAT32
 
\\?\Volume{a414ce20-f078-4499-b493-9476e13a74b3}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{65b593e2-1ac6-4719-b1b1-31014ae85ca1}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 0232E55A)
Partition 1: (Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================
 
 
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 15 April 2024 - 08:31 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us.
  • It is important to not run any tools or take any steps other than those I will provide for you.
  • Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
  • Please copy and paste all logs into your post unless otherwise requested.
  • When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
  • If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know.

Please allow me some time to review what you have posted.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#3 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 16 April 2024 - 08:46 AM

The Addition.txt report is incomplete. Copy and paste the entire report in your reply. If necessary, rerun a FRST Scan to produce the report again.
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#4 Xyneravyn

Xyneravyn
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 April 2024 - 08:59 AM

Oh sorry, must have messed up, reran the scan, full additional attached.
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by paulm (16-04-2024 15:54:47)
Running from C:\Users\paulm\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2021-05-15 21:02:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2822836515-2594661799-1331936652-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2822836515-2594661799-1331936652-503 - Limited - Disabled)
Gast (S-1-5-21-2822836515-2594661799-1331936652-501 - Limited - Disabled)
paulm (S-1-5-21-2822836515-2594661799-1331936652-1001 - Administrator - Enabled) => C:\Users\paulm
WDAGUtilityAccount (S-1-5-21-2822836515-2594661799-1331936652-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888poker.de (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\888poker.de) (Version: 1.1.2.39 - 888)
Ableton Live 10 Suite (HKLM\...\{3AFBB4AE-59CA-414C-8264-BA833986EE54}) (Version: 10.0.0.0 - Ableton)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.002.20687 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.3.1 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Attribute Changer 10.10 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 10.0 - Romain Petges)
Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.74.4 - Bethesda Softworks)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 123.1.64.122 - Die Brave-Autoren)
By Click Downloader (HKLM-x32\...\{A197105C-61BF-450F-B10A-177130E2CF25}) (Version: 2.3.42 - ByClick) Hidden
By Click Downloader (HKLM-x32\...\By Click Downloader 2.3.42) (Version: 2.3.42 - ByClick)
Camo Studio (HKLM\...\{3B3388F2-5E83-4C7A-ACB3-939FA3419D1F}) (Version: 2.1.11.11612 - Reincubate)
CapCut (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\CapCut) (Version: 2.0.0.348 - Bytedance Pte. Ltd.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.07061 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{11E16B39-0FA6-4DF0-9736-73BB638C9924}) (Version: 4.10.07061 - Cisco Systems, Inc.) Hidden
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: 2.01 - GOG.com)
Cyberpunk 2077 REDmod (HKLM-x32\...\1597316373_is1) (Version: 2.01 - GOG.com)
Cyberpunk 2077: Phantom Liberty (HKLM-x32\...\1256837418_is1) (Version: 2.01 - GOG.com)
DarkPsy FX466 DEMO version 1.0 (HKLM\...\DarkPsy FX466 DEMO_is1) (Version: 1.0 - G-Sonique)
DarkPsy FX466 version 1.0 (HKLM\...\DarkPsy FX466_is1) (Version: 1.0 - G-Sonique)
Discord (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Discord) (Version: 1.0.9001 - Discord Inc.)
Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned Oghren© (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned© (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© Leliana (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Wynne (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned© Wynne) (Version:  - )
Driver Easy 5.8.1 (HKLM\...\DriverEasy_is1) (Version: 5.8.1 - Easeware)
Epic Games Launcher (HKLM-x32\...\{37D87A98-763A-44A7-AD9E-8D661616A2C4}) (Version: 1.3.78.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2018.2 - FabFilter & Team V.R)
Fiddler Everywhere 3.1.1 (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\8652495b-663c-5255-8c97-412896fbef82) (Version: 3.1.1 - Progress Software Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
GIMP 2.10.28 (HKLM\...\GIMP-2_is1) (Version: 2.10.28 - The GIMP Team)
Git (HKLM\...\Git_is1) (Version: 2.42.0.2 - The Git Development Community)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.71.2 - GOG.com)
HitFilm Express (HKLM\...\{1D791529-BF85-4D61-89F5-EEA81034F26E}) (Version: 17.0.11715.56097 - FXHOME)
Image Eye v9.2 x64 (HKLM\...\Image Eye x64_is1) (Version:  - FMJ-Software)
Infected Mushroom - Wider version 1.0 (HKLM\...\{A7684FCF-245F-4C90-87EE-472DC3EC3868}_is1) (Version: 1.0 - Polyverse Music, Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{CCDC49A6-B288-4623-AA1D-332D328A8FA8}) (Version: 24.1.13.10 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{76751700-CC7A-4C8E-A7EE-D66651594A6A}) (Version: 2.4.10802 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{64f50684-bac6-488b-9bab-93616f34d6ec}) (Version: 24.1.13.10 - Intel)
ISM BazzISM (HKLM\...\BazzISM_is1) (Version: 2.5.3 - ISM)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ledger Live 2.60.0 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.60.0 - Ledger Live Team)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.2.534136 - Logitech)
Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM-x32\...\{231e3b76-4d0f-4e60-9d69-f11c9c448630}) (Version: 3.1.28.31513 - Microsoft Corporation)
Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-164f20d7-a9e4-47f5-950c-778e91ea852f) (Version:  - Epic Games, Inc.)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.1.0.183 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.3.136 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.11.3.17 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NoMachine Enterprise Client (HKLM\...\NoMachine Enterprise Client_is1) (Version: 8.5.3 - NoMachine S.a.r.l.)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.10 (HKLM-x32\...\{5A9673DB-4BBE-4FEA-8AB6-840C89E79913}) (Version: 4.110.9807 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{0af024f5-c0d4-481b-bb6b-5f781bfc6fbc}) (Version: latest - ppy Pty Ltd)
Paradox Launcher v2 (HKLM\...\{D3A03918-53CA-485C-B819-E4B86DF5AE82}) (Version: 2.4.0 - Paradox Interactive)
PDFill PDF Editor Professional (HKLM\...\{26037138-C111-4BC5-88E8-DD2B2F2460C7}) (Version: 15.0 - PlotSoft LLC)
Python 3.10.9 (64-bit) (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{e8531749-5517-4937-a722-a4052cb2d75e}) (Version: 3.10.9150.0 - Python Software Foundation)
Python 3.10.9 Add to Path (64-bit) (HKLM\...\{59ED0114-0C86-4B18-83E2-929AD7D232AD}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Core Interpreter (64-bit) (HKLM\...\{9802C929-A3F0-480D-A4B2-DAD129F2236E}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Development Libraries (64-bit) (HKLM\...\{E2BC2EBD-7260-458B-A42C-3322DCB0B82F}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Documentation (64-bit) (HKLM\...\{F007E8E2-B4A7-4559-BB78-7AC533822431}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Executables (64-bit) (HKLM\...\{F115E5B8-9719-4BDF-8B0D-551809BB677D}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 pip Bootstrap (64-bit) (HKLM\...\{067C6FFC-0FD1-4F3A-8E94-58F091BCC0D5}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Standard Library (64-bit) (HKLM\...\{0CBB496F-1D15-42F1-AA45-C01C95196EC8}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Tcl/Tk Support (64-bit) (HKLM\...\{92CFA54C-9CE5-4284-83FD-1D0B8AB2AB69}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Test Suite (64-bit) (HKLM\...\{0DDDDA24-0876-4BEF-AC9B-26D8B78DCCC9}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Utility Scripts (64-bit) (HKLM\...\{1F097B66-81E9-46FB-BBAC-315C5F50CF94}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{35A2AF4F-C504-4D2A-A025-F69379ECDF07}) (Version: 3.10.8009.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - CD Projekt RED)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.81.1699 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.2.3.4 - Rockstar Games)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Serum (HKLM\...\Serum_XR_is1) (Version: 1.357 - Xfer Records)
SonoBus version 1.7.2 (HKLM\...\SonoBus_is1) (Version: 1.7.2 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg VST Classics 1 64bit (HKLM\...\{AA322103-FC2B-4D86-BA6C-67D4DDB4209C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Telegram Desktop (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.15.2 - Telegram FZ-LLC)
TIDAL (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\TIDAL) (Version: 2.36.2 - TIDAL Music AS)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.51 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UPDF (HKLM\...\UPDF) (Version:  - Superace Software Technology Co., Ltd.)
UPDF_Win version 1.0.7.0 (HKLM-x32\...\{64F0F31B-1791-46EC-96ED-44120E105F77}_is1) (Version: 1.0.7.0 - Superace Software Technology Co., Ltd.)
ValhallaSupermassive version 1.1.1v5 (HKLM-x32\...\{AC6A778B-2004-4BAF-9E1F-CAA5CC27D7FA}_is1) (Version: 1.1.1v5 - Valhalla DSP, LLC)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.10.6 - Black Tree Gaming Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8  - Winamp SA)
WinDirStat 1.1.2 (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\WinDirStat) (Version:  - )
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
Wondershare DemoCreator Spark(Build 6.7.5) (HKLM\...\Wondershare DemoCreator Spark_is1) (Version:  - Wondershare Software)
Wondershare DemoCreator(Build 6.9.0) (HKLM\...\Wondershare DemoCreator_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2023-08-16] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
FBReader -> C:\Program Files\WindowsApps\FBReader_2.0.3.0_x64__0ydjfefeqf4sp [2023-08-01] (FBReader.ORG Limited)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-15] (HP Inc.)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-01] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-13] (Spotify AB) [Startup Task]
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-04-13] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2024-02-11] (New Work SE)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{002add35-e00a-f3ef-f484-215bb738aa23}\localserver32 -> C:\Program Files (x86)\Camo Studio\CamoStudio.exe (Reincubate Limited -> Reincubate)
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2021-05-12] (Romain Petges) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-03-11 16:47 - 2024-03-11 16:47 - 000295936 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Camo Studio\Service\CamoServiceSupport.dll
2023-10-02 12:22 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2023-10-02 12:22 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2023-11-05 05:48 - 2023-11-05 05:48 - 000010240 _____ () [File not signed] C:\Program Files\Adobe\Acrobat DC\Acrobat\locale\de_de\AcroTray.deu
2023-10-02 12:26 - 2023-07-27 14:33 - 000009216 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureBase.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000342528 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureEngineEx.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000303104 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureNLEMgr.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000434688 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureSource.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000018944 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\COMSupport.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 002674688 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\data_api.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 027441664 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\libkernaldec.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000216064 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\quazip1-qt5.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 002374656 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\WS_Image.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000101888 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\WS_Log.DLL
2024-04-13 06:51 - 2024-04-13 06:51 - 000356864 _____ (Benjamin Höglinger) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Libarius\0dc73dbff72283235375853041284104\Libarius.ni.dll
2024-03-21 03:00 - 2006-11-02 16:18 - 000850432 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PDFILLPS5UI.DLL
2023-10-02 12:26 - 2023-07-27 14:33 - 000094720 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\pthreadGC2.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 001626624 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 003160576 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2024-04-13 06:50 - 2024-04-13 06:50 - 000978432 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\9abb5f12056216794776bec54561d515\log4net.ni.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2023-10-02 12:22 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\paulm\AppData\Local\Temp:$DATA​ [16]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 11:14 - 2021-09-20 21:56 - 000000828 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Git\cmd
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\StartupApproved\Run: => "GogGalaxy"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5CBB5121-F99E-41E7-816E-C1CACD8923F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{7F72BB38-4595-420D-875D-CD9C617FBBF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4CFD9B71-C7AC-43B7-B3B0-2C4522352046}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CD046BC7-007B-42D0-831F-889A93DA8722}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AB774F71-2D61-4727-8B5F-2CCF8BC9BE9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A842B544-17DF-4A36-90F2-04934E6AF0D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{EF73914C-65EE-4290-AABF-59EC3C768CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{264492A4-92FD-4155-A316-82571EBEDA3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [{9ADDCC27-74D3-4F89-ABA9-AF04EDA6FDF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [{CEA17D5E-3106-471A-BC45-1849441D0A71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe (Supergiant Games, LLC) [File not signed]
FirewallRules: [{2DDFC459-A167-4603-A274-63DBB2939D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe (Supergiant Games, LLC) [File not signed]
FirewallRules: [{E9529E00-32DF-4FD4-AC16-AE87DA294339}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{6D8519EF-9157-425C-ADC9-0B2E667824E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{AA16543A-312E-4D41-8C91-87D6987A8F73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{FE13B242-3812-467E-B7E2-B5187DF1BF00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{A2F57542-2800-4EAF-A3DA-4F764D86EFA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{FD0428F4-9850-42A7-81A1-B926F9F96FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{2A192FA9-4CEE-4BE0-A98F-2D3B3C6CEA93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{10A230D5-C0D1-40E4-A017-CA394FA5D48F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [TCP Query User{550FFCF3-3FDF-4D5A-8E52-610FEF4578DE}C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6C52BADC-03FD-4935-9F2B-E051B80A84EB}C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe => No File
FirewallRules: [{79F8DDC9-F868-4C2F-AE08-888676B8A9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outer Wilds\OuterWilds.exe () [File not signed]
FirewallRules: [{5445952C-A7B3-4C4D-9D3A-8E47BA7B3D62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outer Wilds\OuterWilds.exe () [File not signed]
FirewallRules: [{2F31F89B-0CFE-4397-9BBD-FD77959E91DD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{F27D7863-4583-43CC-863D-EC6057B19174}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{8A5D2B06-9D88-4862-ACB3-AEF08592A8C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{158A935A-BFAC-412B-8C0E-441E19D2AB96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [TCP Query User{94DDD160-907D-4F20-848C-60E71D3CC9D5}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{D5266F78-6488-4FC0-AAA3-DD783B3242BD}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{58DF3D11-D207-4FA1-B5A5-85A4CA9EC378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe => No File
FirewallRules: [{8BEB37D4-6729-483C-9451-0500730BED98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{2EE4F1FA-5202-4C8F-85BC-B53898D1CDE3}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{1867ED0E-0841-4602-84BF-2FC5E0470171}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{D16DE47B-37BF-40AC-A6A7-3DAF22E93D1B}] => (Allow) C:\Users\paulm\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9ECF1E22-59A4-4F88-856A-B4CD6AE9A6F5}] => (Allow) C:\Users\paulm\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{00161AC3-9C07-47AA-A05E-E39C3BE3A2CD}] => (Allow) C:\Users\paulm\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{17A1D82F-3923-401E-B3BA-2DB0424AC3C9}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{E9731FC8-7D31-4F70-8400-DB5623064A30}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{654E3226-39A0-4415-8D1B-475A2A531F94}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{04ADD5EE-1E2C-4BDC-9276-B67584580A4E}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{C9B82815-D8CA-40A7-89F2-061F51A23C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Edna & Harvey The Breakout\_anniversary\edna.exe => No File
FirewallRules: [{3BCDE331-DAD7-4ED5-8FDF-E03F28BBF9D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Edna & Harvey The Breakout\_anniversary\edna.exe => No File
FirewallRules: [{52D6A670-53DA-445C-8685-7E6188EEC855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{C1712F27-26EB-4189-BE80-E19B6E944782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{309CABE2-5276-465B-8A46-8DDD4093F3B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exe () [File not signed]
FirewallRules: [{288C363D-E0B1-4164-B52A-98B334FCD957}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exe () [File not signed]
FirewallRules: [{6951D87E-E401-44BF-8021-6016F063DCC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{A8BDC877-E086-4583-9F07-28082D4F741F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{BFD596E0-43EE-46B2-B373-026892BBD615}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LobotomyCorp\LobotomyCorp.exe () [File not signed]
FirewallRules: [{D5DB6019-507F-4C95-9A5D-D37B0A8C2903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LobotomyCorp\LobotomyCorp.exe () [File not signed]
FirewallRules: [{A6D9451E-FD46-45C9-958E-6E9418CC2F38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{73548B90-CDE6-4B7C-A353-397095832312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [TCP Query User{FAC5452D-58EE-492C-942F-01BCC57025C9}C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe => No File
FirewallRules: [UDP Query User{498FC9B1-B8E1-4472-821D-6BB5A231AF64}C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe => No File
FirewallRules: [TCP Query User{011A68BE-28FF-41EC-8FDD-EE4FB06EF1A7}C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe => No File
FirewallRules: [UDP Query User{071BBEBC-6A27-437C-BE08-6CDA6DC3AE16}C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe => No File
FirewallRules: [{F2459B09-B50F-4E69-AEBB-042EB16E759C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{C3A10CA6-7F00-420F-A00C-AF02CCCBE28C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{4DA13CBE-0313-46CB-83EF-81AB8E8EE881}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{4128719D-7D5B-4611-92C8-049E94DABFD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [TCP Query User{02759236-E290-4874-92C4-BAA192A5A4E7}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe => No File
FirewallRules: [UDP Query User{A9C6ED46-0948-4C1A-93FC-258CFE72360E}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe => No File
FirewallRules: [{638A0FF8-4AB3-40E6-A55D-42A1769B1AA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phantom Abyss\PhantomAbyss.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A16151A1-9607-4C2E-A543-FDCCD1EE3868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phantom Abyss\PhantomAbyss.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F081488B-8736-48CB-874D-3ABFCFE0DCCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkwood\Darkwood.exe () [File not signed]
FirewallRules: [{84885960-7C76-4DBB-8C5C-7237F028E74D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkwood\Darkwood.exe () [File not signed]
FirewallRules: [{2B66BF4E-BED5-4183-B6B7-547BEAF5341A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{F10DC04B-1220-4BCC-B322-1E50B72D053C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{9B7B6799-0324-463B-A45B-4762DE176E4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pony Island\PonyIsland.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{FC473EE7-7747-4A71-9559-E2A6D9BD5AAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pony Island\PonyIsland.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{217834F7-7FF9-42D4-8F73-32FC5C33D36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{ED9B42F6-E42F-4770-B202-1872D25FD89D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{3CB30662-1E19-4F64-B1C2-C04EC2040E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe () [File not signed]
FirewallRules: [{7AC7C6CC-CCB5-4FEC-B6DD-FB1660096299}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe () [File not signed]
FirewallRules: [{A5D02687-761C-470E-9D3C-0E16EBFCB22C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{05825AF7-E74C-4078-B7AA-C0684F3B6472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{1C1CB156-BF4B-4957-9CCB-57C79FC2B2A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{2565599E-CA60-4701-9134-683D64BB26B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{F5760022-E73A-411E-86F8-D65BE6924BFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lily's Well\Game.exe (The NW.js Community) [File not signed]
FirewallRules: [{178B7C2B-658C-4D4C-84A2-B29A0FB27C85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lily's Well\Game.exe (The NW.js Community) [File not signed]
FirewallRules: [TCP Query User{3CA662E3-98E1-46E8-89C9-B5A57FC0AB9F}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{41C9B4E1-F636-455E-B736-7655570C67DC}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{47FD5E93-7D49-40B6-8E5D-F04DE7D4F011}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{7867B8EA-0C74-4C78-885A-7C31AF0FAF39}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{1AE3F11C-C454-481F-94C8-57BACD322AAE}C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe => No File
FirewallRules: [UDP Query User{19BFEF8C-ACCA-49B2-9FAE-EE9891D7CBCA}C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe => No File
FirewallRules: [TCP Query User{727B6A16-E808-4F3F-9E2B-0827D084112C}C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{041967A2-6CFC-47C5-8EF3-51047539DAE6}C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [{AB1AD9B4-4CDC-4E80-9A71-7E1FC48B3E0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{B9C1A52D-0D8E-4585-B6CA-F68A6EFAE147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9E3CF469-5443-40A6-BD99-EE15289C4257}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [UDP Query User{5D8AC470-32DB-4556-A27D-BCDF4C754609}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [TCP Query User{104B7C1E-345F-4BFA-B5B5-5BA4138AE5A6}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [UDP Query User{671F6468-A5F4-484D-A8A3-3C713DCFC4C6}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [TCP Query User{56F38355-0067-4DD6-BE9E-E78E23C297A1}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [UDP Query User{8B1AABCE-AE4E-40D8-B2E8-382FA2BD0F41}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [{9726BEDD-9DBE-4503-840D-A612D2B3612B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Arena\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{9C0A054A-2CCE-4798-8B83-4EF6349BFB9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Arena\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{2D1C0A71-9132-489F-88FC-ED48D3437318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Daggerfall\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{5967373E-8474-4923-9533-C96E385F33E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Daggerfall\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [TCP Query User{0304CB81-546C-4168-941C-CDC6232A3BDF}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [UDP Query User{8067F666-65C3-466A-8B0E-3F244059E171}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [TCP Query User{B40799F5-6D4A-43BF-931D-BCA18D445D70}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [UDP Query User{CC2D9B0D-B7E1-414F-BDCA-800A01ACD2EB}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [TCP Query User{4AB3A05C-8CFC-461C-9D65-1B59982140B7}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [UDP Query User{09ABE797-5E50-4F49-9FE0-499756FB3E8F}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [{ABAAFFA4-D4B4-4B12-99DB-A88C9F26BF86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\ioawn4t.exe (Dead Idle Games) [File not signed]
FirewallRules: [{F227217C-5847-49E7-B065-CEC7B3B885EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\ioawn4t.exe (Dead Idle Games) [File not signed]
FirewallRules: [{EAD9AD8F-E039-44BC-B88E-12DFD4D9E053}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\winsetup.exe (Chris Jones) [File not signed]
FirewallRules: [{DE08192D-2C44-4905-8510-860F9F0F944D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\winsetup.exe (Chris Jones) [File not signed]
FirewallRules: [TCP Query User{DEC4D06B-11B8-4731-9A91-F6B8AAFAC1A3}C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe => No File
FirewallRules: [UDP Query User{2EB6C223-176C-4A59-B6D0-7D8E9CE19011}C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe => No File
FirewallRules: [TCP Query User{CDBE2899-FF39-43C6-A3F0-D720A71A991E}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [UDP Query User{1EDECDB3-E72B-40E8-AD05-A2A7A8465255}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [TCP Query User{4BAC10AF-A9E2-486E-889B-2C6066E8F5B5}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [UDP Query User{4C76AC44-78B2-4C7F-BE74-68797DBAD1F7}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [{7ECFA62E-5B86-4A47-8E45-2FC4417BBC16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{3F9EA018-D500-45B9-8681-CC6B62569FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{EDBEFF1E-7ECF-40D2-A5D2-999CDF17F7DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{343BC216-5558-4BCE-B3EA-CBA76B6C9CF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{A2243EA0-BBC8-48A8-9ED6-4F7F39EAC55D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Spell\The Last Spell.exe () [File not signed]
FirewallRules: [{7FA43983-A490-4E2F-8BFB-4F84AF0FB3A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Spell\The Last Spell.exe () [File not signed]
FirewallRules: [{E4D03E02-0B68-475E-B93B-F950E9896C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{A592BE3A-ECB0-402C-9D42-B76439AEC866}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [TCP Query User{B8D026D1-9BBF-49B2-9B94-01F7D2E0245B}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [UDP Query User{CEC66938-40ED-4BFB-BB62-4C2802CA3027}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [{3703A619-06F1-4604-9502-6E61E415599B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Manifold Garden\ManifoldGarden.exe () [File not signed]
FirewallRules: [{DA6645BE-5432-4C68-9CDB-4D31C924F4CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Manifold Garden\ManifoldGarden.exe () [File not signed]
FirewallRules: [TCP Query User{BD3841CA-395D-4BAE-AE46-2C866F8B7069}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [UDP Query User{1C939270-75F9-42B1-BB5D-7DB4D1CE925C}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [{E199AEF2-9C9A-48E6-965F-2BA6A43B7F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{0B52872A-75CF-4717-8ED5-11FC96FBA9CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [TCP Query User{9BF7C049-31DF-495A-BE72-C0C13427FE42}C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [UDP Query User{C3E3E687-F9CC-4029-9BB8-996BB27F11F2}C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [TCP Query User{865C0702-4D22-4162-9692-B3FE0E486850}C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe => No File
FirewallRules: [UDP Query User{83040525-88A2-416C-838C-865D26A791F7}C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe => No File
FirewallRules: [TCP Query User{8B09DA2C-4190-4DB2-815B-091F61C82C08}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{B53AC5E0-419A-4385-9AA2-AE4CF63261A2}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{53502F14-2B63-40E1-8B2E-934A0729E680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games) [File not signed]
FirewallRules: [{1968F963-A2A9-49D5-BD70-31AC6A379CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games) [File not signed]
FirewallRules: [{5A77C17A-415D-4EB5-8446-ADCE7225E743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [{AC0430E8-A9F7-4A41-84C0-B2B280780423}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [{E3F19289-6A93-418E-89DA-B1E027403AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{B7C8C2AB-F673-4A69-A688-512C9C37DC56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{9B28C20F-E0C3-4BF7-9C5C-0C6633300CF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{7545DD18-8BFB-4D07-8F0B-8E23163389CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{68AC3871-1F7B-4B68-A101-964BE53E5F7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{26AA6A7F-71C1-4B1F-A313-BA5ECEA0FBEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{C2227807-B89F-41C6-B0FB-E830B305006F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inscryption\Inscryption.exe () [File not signed]
FirewallRules: [{1739C4B5-4EE9-4BF2-852A-2AB939027376}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inscryption\Inscryption.exe () [File not signed]
FirewallRules: [{ED1B85FA-72E3-4458-8DC6-381BA1236782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{D937C477-5CF1-433E-941A-B87A79527D01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{D8234E5C-0509-46E4-BF86-F5A6703C99ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (ZeniMax Media Inc.) [File not signed]
FirewallRules: [{33FB8FF2-6F61-4788-82F7-5BEE2C9F2146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (ZeniMax Media Inc.) [File not signed]
FirewallRules: [{70FF661D-3CF3-4119-A0F1-AB6667ED9A1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [File not signed]
FirewallRules: [{3A4B0E5D-0416-4412-B880-85EC204D9EBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [File not signed]
FirewallRules: [{FC070CF6-9200-4452-B9A9-5B3F7A2D84D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [File not signed]
FirewallRules: [{26BADE71-71D4-4945-BB58-CF78B6C7B257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [File not signed]
FirewallRules: [{3A1977F8-CB89-47F3-B5F7-265E3651289E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELEX\system\ELEX.exe => No File
FirewallRules: [{A5106284-F2FA-46D2-89AD-F44C3B12210C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELEX\system\ELEX.exe => No File
FirewallRules: [{ACDE3EB5-44D4-46B4-91FF-F6D4FE165AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nova Drift\NovaDrift.exe (Chimeric) [File not signed]
FirewallRules: [{3145FC45-DE28-4FF4-A1D0-E21ACE1488E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nova Drift\NovaDrift.exe (Chimeric) [File not signed]
FirewallRules: [{6288F6C6-76C5-4127-A1B4-C0540853653B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yakuza Like a Dragon\runtime\media\startup.exe => No File
FirewallRules: [{7BC0B32B-263E-446F-BBFC-B1A6F49CCF75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yakuza Like a Dragon\runtime\media\startup.exe => No File
FirewallRules: [{AA78EFD7-8D9F-42D9-A343-F5BF434E4265}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe () [File not signed]
FirewallRules: [{E1D35659-C393-400B-8A7D-B2AC44586BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe () [File not signed]
FirewallRules: [{40A65686-C13F-4ACA-B6D1-DCA6A68D2DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe () [File not signed]
FirewallRules: [{A0BD6093-3992-4597-A491-6609E3F4542D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe () [File not signed]
FirewallRules: [{50ECD17F-B8E3-4F00-9347-D970D71E8F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe () [File not signed]
FirewallRules: [{1C40B2BB-84BA-4626-A09E-A66DA9CD56A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe () [File not signed]
FirewallRules: [{5BCA191F-2515-4C25-A83A-B12CB701194B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - House of Ashes\HouseOfAshes.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [{F51B1B62-1F0E-4206-BCD4-AD542E495EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - House of Ashes\HouseOfAshes.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [{089E3118-7ACA-49FF-AFCA-33AAD82DAE8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{7AC40C3D-3284-4F50-A271-875E43164BAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{63279FE3-26D0-4007-97DD-51E7324CDF3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\PlayLAN.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{4EAD9F42-F4BB-49E9-9B4C-E374447B4A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\PlayLAN.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{86722720-17F7-46CC-929F-59A2D9FA6812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{8D1F2D91-DFE3-4774-9D05-49FC38380FFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{1C6917B5-ABE1-4DBA-A77A-A327B78AE4A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{102AA153-1A82-46BB-963E-A0AB178D282E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{AA2EF6A0-E5AA-4751-90ED-BC78FD045CC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
FirewallRules: [{3AFE8AA4-E0A3-460D-AA0C-CEC2D8356E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
FirewallRules: [{9B359619-5827-4FC7-BEA2-C0BF9A0245E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{A8ACA7A4-F177-4AE3-AFCF-0FEC8E6B079E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [TCP Query User{E163FCA7-2DC3-4FE1-9EEE-F2C892AB4837}C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{36E5BD30-053B-4053-98B5-1588893272D0}C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{D4DD9C1E-F396-4B61-845F-1DAD31247DC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bio Prototype\Bio Prototype.exe () [File not signed]
FirewallRules: [{5840E4FE-D3BA-4ADD-A679-7D8EE3A73A0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bio Prototype\Bio Prototype.exe () [File not signed]
FirewallRules: [{C6F0C037-4D8C-4223-87D2-1A2E225FB22D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{32D89744-5FA5-40A4-AAC8-913DCCEF707A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{4980298E-60E7-4BEF-A28B-199438ACC368}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{5AEC4A01-F968-4C1F-8598-DD0A7135BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{4CA1CB18-79E2-44CE-BE5F-51DD3660C26A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{138F60C6-AAAD-465F-B9E3-FAF862450FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{B75742DE-012F-4871-8ECB-767692879C8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{96BEDC93-A210-47E8-992B-61B726366DEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{44F57F78-093C-4367-9EA6-AEF07A3B4102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{1ABB121C-F967-4704-867F-D70AF3AAEA5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{E03F2355-AB01-4417-8130-A296B0AACB35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2698A658-A7AA-4EBB-BC03-BB906FC75F8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{43E4C68A-64C7-4217-8109-5866452E43C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{3246BEEE-389F-4DC1-BA62-E0A26E2ADEBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{27339DC9-A0F4-4CC8-9F90-04018EA672B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Train\MonsterTrain.exe () [File not signed]
FirewallRules: [{B42948DC-19AE-42A8-B0D8-A2744161DEB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Train\MonsterTrain.exe () [File not signed]
FirewallRules: [{E7151668-5CC4-4F32-96AE-C90A6D154436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{5627392F-A128-4877-A5B4-908D674D57E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{7CEE62E9-8628-471C-98C1-9AC20562A3DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downfall - A Slay the Spire Fan Expansion\jre\bin\javaw.exe
FirewallRules: [{A9132E54-ABCD-47DD-9505-1381BAA71B99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downfall - A Slay the Spire Fan Expansion\jre\bin\javaw.exe
FirewallRules: [{3F104A5C-EEE5-48F9-9D1C-A9E12EC2395E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pentiment\Pentiment.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{8AD123A8-2C34-4333-A344-68A1A4C4EA5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pentiment\Pentiment.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{0CC64679-4A3F-481B-AF0A-5D0B7854F416}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Life and Suffering of Sir Brante\The Life and Suffering of Sir Brante.exe () [File not signed]
FirewallRules: [{9C4E6ED2-9B3B-4E50-9699-588059F674BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Life and Suffering of Sir Brante\The Life and Suffering of Sir Brante.exe () [File not signed]
FirewallRules: [{F6FC6035-3E37-4105-83F0-A3E50908AFFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe (BioWare -> BioWare)
FirewallRules: [{DD7795A9-2CB5-4042-ABC0-A3622F2DACD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe (BioWare -> BioWare)
FirewallRules: [{00039E20-4318-4055-81C1-FFB22D5DC624}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare -> BioWare)
FirewallRules: [{2FA2DB80-A6C4-4466-9A60-16549AED38EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare -> BioWare)
FirewallRules: [TCP Query User{078E83EC-26F6-45B8-8DE0-0565D77D1A78}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe (Electronic Arts -> BioWare)
FirewallRules: [UDP Query User{30A084C1-C6FD-4C42-A442-0A385B69E417}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe (Electronic Arts -> BioWare)
FirewallRules: [{0EB11E6A-8E53-4854-ABBA-92C9797F9E76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{90773DE9-06E7-4B75-9565-24A582BDFC9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{6FB9C554-2CC4-407D-8320-BB17EF4D18B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3318CB53-495C-428A-B17C-E78199C0A952}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A0A49E5-90BD-4936-B7EA-794DF9C2E775}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7E3D4BD0-53EC-4B57-B642-49B02BDB3B09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C981B149-400A-4624-AC07-163AF1D0E74F}C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe] => (Block) C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe => No File
FirewallRules: [UDP Query User{4A157D86-4F45-46AD-8DD6-C1B9528C1B3F}C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe] => (Block) C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe => No File
FirewallRules: [{01C6463B-D168-4513-9C99-F1FB2BEB6812}] => (Allow) C:\Program Files\NoMachine Enterprise Client\bin\nxplayer.bin (NoMachine S.a.r.l. -> NoMachine)
FirewallRules: [{85F104F9-D095-4359-ABEA-F85330B68591}] => (Allow) C:\Program Files\NoMachine Enterprise Client\bin\nxplayer.bin (NoMachine S.a.r.l. -> NoMachine)
FirewallRules: [{2B4DD900-D13C-4E69-9170-E6BCB7C9DCA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Outer Worlds Spacer's Choice\TheOuterWorldsSpacersChoiceEdition.exe => No File
FirewallRules: [{A50BDD17-D40E-42F6-B408-DB24E9BBA98B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Outer Worlds Spacer's Choice\TheOuterWorldsSpacersChoiceEdition.exe => No File
FirewallRules: [TCP Query User{C4658C91-3C80-47D8-9018-E9A64A427828}C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{9E5005CE-FA9F-4F8E-ACCB-15C9EFF6D572}C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{8FC2A435-B926-4D40-A539-7AED7CD4F9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEEDY GIRL OVERDOSE\Windose.exe () [File not signed]
FirewallRules: [{FBEDFD9F-361B-4884-9CBB-244BC7E08B6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEEDY GIRL OVERDOSE\Windose.exe () [File not signed]
FirewallRules: [TCP Query User{067F73B9-F387-48A0-BED9-018C96D4A3F0}C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe => No File
FirewallRules: [UDP Query User{E3AE9685-220D-43CE-82BF-C2B39F24DC65}C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe => No File
FirewallRules: [{611C41C6-2EB8-4EA1-B023-6FFA09A76A63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Across the Obelisk\AcrossTheObelisk.exe () [File not signed]
FirewallRules: [{D29798B3-1A21-4206-9D15-30F4FAC10CBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Across the Obelisk\AcrossTheObelisk.exe () [File not signed]
FirewallRules: [{838C9884-4937-45E8-8E99-D8A3C578F446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blasphemous\Blasphemous.exe () [File not signed]
FirewallRules: [{33091920-D99D-4FD3-AC7F-068612BE810B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blasphemous\Blasphemous.exe () [File not signed]
FirewallRules: [{F70CE465-1F4D-4357-B252-A5F127717DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OCTOPATH TRAVELER\Octopath_Traveler.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{D5A92856-5122-4B4E-A186-D123EA1C3FC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OCTOPATH TRAVELER\Octopath_Traveler.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{6F7EBBE4-9012-4C71-B673-BAC59039436B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{3E1A314C-5E7B-41DB-9E93-E044BFC4D934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{3BA5B48E-D2D9-441D-983A-66839C507F3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Against the Storm\Against the Storm.exe () [File not signed]
FirewallRules: [{4F1B3B7F-BC9E-40FE-95B1-FA14BB143035}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Against the Storm\Against the Storm.exe () [File not signed]
FirewallRules: [{D3497ABC-0D54-41F9-A9CE-989B1D56874E}] => (Allow) D:\SteamLibrary\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6F6287AD-A795-4C53-83A6-B4D9C7036AFA}] => (Allow) D:\SteamLibrary\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{87B3C9D7-3514-409A-980B-0D5CFAB90DB3}] => (Allow) D:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{A26B84FA-930F-4C53-919A-A2D073835A6F}] => (Allow) D:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{C6620A69-C710-4906-BE34-A2EA0574F874}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [TCP Query User{F5D58BBD-ACDD-4F62-AF55-D01AB4DE4722}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{A5257E08-8DE5-466E-B1CA-64BAF0737EFB}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [TCP Query User{7239C912-E328-4F7E-A098-BD3CF49D8E8D}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{9353E957-C6DD-4EB8-A0CD-81AACBC5885E}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [TCP Query User{9DBAC37C-A377-4329-8927-09DBD19719CA}C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe => No File
FirewallRules: [UDP Query User{01C5EF14-5C82-44E9-9CFF-946C554F5019}C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe => No File
FirewallRules: [TCP Query User{89253688-7F57-4550-BA22-8A568D826420}D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{031F8DF3-1C71-422A-B6A7-CA53673C8334}D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{6DB0C2D9-32FD-4C0C-AF2E-995D7786CC16}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{DA97D99F-339E-467F-ABFC-E141CC09A299}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{13366C8C-7C02-42CE-BF39-0E76516D6250}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{D529CAAF-C031-454B-A4E2-7F8D187B4C4D}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{45571C24-6995-4C2E-A693-6BD898AACABB}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Camera Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{66DE1A0E-9568-417F-AD7D-46C5F15F572F}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{D0B5AF47-37C5-408A-883F-AA70B016B0F2}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Recorder.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{3A422DAB-37D2-4DA9-A10C-BEDD7957B947}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DomainNameChecker.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{A6C8EE14-817B-4ED6-A9E9-6837C64A1395}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{5C30440C-1208-4F62-98BC-0436748D9C79}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\LiveDemo\DemoCreator LiveDemo.exe (Wondershare Technology Group Co.,Ltd -> wondershare kx)
FirewallRules: [{B5CEFF64-1C1B-4377-9030-47E28A0CC224}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{1FCBA979-B3E4-4AA9-B5B2-6F666CE0636C}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{CD6BEB85-E029-4B36-975D-226EFB770245}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{1E612EB4-34F6-4F76-B400-8682EDA34247}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{96E9E82C-B2B3-4F88-82EB-150AD089DB19}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Camera Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{84491B60-C8DC-4C33-B566-EE502C1725E7}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{2E14631E-7AF6-43D0-AC28-4292C2C1C1AD}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Recorder.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{6B899995-9285-43C7-88B7-7E1FC39344BF}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DomainNameChecker.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{38BC13D2-2538-4CD2-8354-0CE128F4A9FF}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{6A53BBBE-C3A9-4809-BFFE-0B65B5C29639}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\LiveDemo\DemoCreator LiveDemo.exe (Wondershare Technology Group Co.,Ltd -> wondershare kx)
FirewallRules: [{9035E80F-81C9-4D21-BA96-43C883FDF268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{F591F2BA-0003-4740-AA5F-AAD1E4A4CA6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{7CDF4821-0C01-415F-9F92-4B9682E2E038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{EBFF9745-49A5-4684-8C10-23B0EC0ED0C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{1E52B262-CC6B-434C-9597-0C6506C4903C}C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{270FBA6B-77BE-4D3D-869F-BC580EB7A0F2}C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [{F3D1D34B-C210-4C53-9E97-360AA7511A55}] => (Allow) D:\SteamLibrary\steamapps\common\Slay the Princess\SlaythePrincess.exe () [File not signed]
FirewallRules: [{ED2EC936-89A2-47F4-986B-04DB33133AFC}] => (Allow) D:\SteamLibrary\steamapps\common\Slay the Princess\SlaythePrincess.exe () [File not signed]
FirewallRules: [{0448984A-0F97-4063-A2AF-713CADE50BA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ScarletHollow\ScarletHollow.exe () [File not signed]
FirewallRules: [{2A762EE4-E7ED-4035-99B0-D24EEF78FBD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ScarletHollow\ScarletHollow.exe () [File not signed]
FirewallRules: [{3489DC9E-8431-47EC-AC9B-C0C149631C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RoboQuest\RoboQuest.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{67394401-FBA4-4A34-B75A-ED520692C0D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RoboQuest\RoboQuest.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{6360AC58-6AE2-4C7D-9616-D66E8474E15D}C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{CEFB4B4B-12B1-4403-9950-B5871BA3674E}C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{6349A254-F041-457E-B8C5-AC627B620749}D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe => No File
FirewallRules: [UDP Query User{ACF63D3C-4E54-4282-B6C6-F8C8A55514DA}D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe => No File
FirewallRules: [{3915C062-EC75-4060-9BE4-D2730292C5BC}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C230A0D2-9749-4A55-AB6E-0A831CB48A9B}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{4CFDCC44-5039-4978-A516-02ABE180FFCB}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{6D4827EA-8281-4F32-BC6F-7AD1061F9BEA}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{F91EBADF-EEB2-41DB-B206-9E7C5146C8EA}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6679E165-B2CD-42D2-93D4-1C4C12731C25}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{FC2C7AE3-AF8D-46BD-A0EC-C623FF7A61B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dave the Diver\DaveTheDiver.exe (NEXON Korea Corporation. -> )
FirewallRules: [{8255833D-60E4-4C7E-8FA6-F6AC86753CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dave the Diver\DaveTheDiver.exe (NEXON Korea Corporation. -> )
FirewallRules: [{39E80803-77E0-4700-9659-968DCE780C19}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{8C5234E3-502D-451B-B5D8-B1E5430C3513}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{C33C4C10-190E-4C5D-8AE0-D1811E5B0BEB}] => (Allow) D:\SteamLibrary\steamapps\common\Detroit Become Human\DetroitBecomeHuman.exe () [File not signed]
FirewallRules: [{8B303A54-248F-45EC-BA06-9450B8411726}] => (Allow) D:\SteamLibrary\steamapps\common\Detroit Become Human\DetroitBecomeHuman.exe () [File not signed]
FirewallRules: [{AAAB25A6-35CE-4525-95F0-2D731FFE502D}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{DE3A14C0-A24A-4D6B-8AAB-867E6BA5888E}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{5660A261-1810-47D2-BDF2-650E2E743C4C}] => (Allow) D:\SteamLibrary\steamapps\common\Skul\Skul.exe () [File not signed]
FirewallRules: [{1E80B554-EED0-492D-99B6-1643828EBD86}] => (Allow) D:\SteamLibrary\steamapps\common\Skul\Skul.exe () [File not signed]
FirewallRules: [{0FEDC5E0-308A-4DB1-A3A4-3937493F3011}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1556A106-A253-47C0-B7BE-07E51DC6F05A}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{D10EED90-E046-49DF-B43E-968701353BF7}] => (Allow) D:\SteamLibrary\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{166E2F03-2C61-418F-A145-82CF9D20EBF1}] => (Allow) D:\SteamLibrary\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{B5134261-D090-4AF1-9CB0-D0BEF8C94214}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{A2D09089-87A7-4D91-BD41-C2C768CC5107}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{5A695BBF-440E-4A2A-A8A2-D572ECC4A101}] => (Allow) D:\SteamLibrary\steamapps\common\EYE\EYE.exe () [File not signed]
FirewallRules: [{0F547ED1-60F1-4982-9E67-1610E9BAF35A}] => (Allow) D:\SteamLibrary\steamapps\common\EYE\EYE.exe () [File not signed]
FirewallRules: [TCP Query User{3F97B547-84B9-49B0-937F-A165F7724CA4}C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{54D5C5FD-1B9C-4145-8E6A-55C1F3BBF610}C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [{655A3982-BC78-48D5-9800-AA1623B61E63}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{8C15DD12-0A6B-42A3-8F93-B91BDFF4D384}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2620A287-5AE8-4DCC-A517-4F28D8A3F9BB}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F0FF869B-30EA-4453-A29A-861385887EA8}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{B862C789-7DA9-4DB9-93CF-1E3B642BBB6E}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG  sp. z o.o -> GOG.com)
FirewallRules: [{867966C4-685B-4880-B28C-25413EAB031D}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG  sp. z o.o -> GOG.com)
FirewallRules: [{FD4DA9EB-0F65-4426-8437-9E87BAEB1AB1}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{720EEC5B-7659-48F5-B65A-B5D41AAC9E1B}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1BA40A33-4EB6-45D8-8E1F-DF89BDA2AB11}] => (Allow) D:\SteamLibrary\steamapps\common\ARMORED CORE VI FIRES OF RUBICON\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{5AC6CE6C-5637-4EC0-B3CC-0BFA0377D53B}] => (Allow) D:\SteamLibrary\steamapps\common\ARMORED CORE VI FIRES OF RUBICON\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{D5979AA1-C9FC-4D5B-8439-7D709D928C66}] => (Allow) D:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{7D9DF2D3-2936-4B4C-B0B2-8C1EFDF0A81E}] => (Allow) D:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{D14EB02E-F54F-44B7-9AB9-84A37D5D778C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chrono Trigger\Chrono Trigger.exe (SQUARE ENIX CO., LTD. -> Square Enix)
FirewallRules: [{E975DAEC-8CE5-424B-AE0B-1C9DEF2FEFE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chrono Trigger\Chrono Trigger.exe (SQUARE ENIX CO., LTD. -> Square Enix)
FirewallRules: [{4A743622-F9E5-4F3F-85E0-4B9561AE1BC7}] => (Allow) D:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{5DA7785E-5AFF-45AA-BC56-0425204BE0F6}] => (Allow) D:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [TCP Query User{ADA7C5BE-3B06-4A23-8CEE-729D909AB90F}C:\program files (x86)\updf\updf.exe] => (Block) C:\program files (x86)\updf\updf.exe (Superace Software Technology Co., Ltd. -> Superace Software Technology Co., Ltd.)
FirewallRules: [UDP Query User{3357C044-C137-44BD-BE04-C0EA4FA8D2FF}C:\program files (x86)\updf\updf.exe] => (Block) C:\program files (x86)\updf\updf.exe (Superace Software Technology Co., Ltd. -> Superace Software Technology Co., Ltd.)
FirewallRules: [{AA034544-4C98-4A8A-94F8-6ED3D6F322A2}] => (Allow) C:\Program Files (x86)\Camo Studio\CamoStudio.exe (Reincubate Limited -> Reincubate)
FirewallRules: [{9A578876-D38D-4E4A-B522-7AC5966CE206}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers 2\bin\helldivers2.exe (Arrowhead Game Studios AB -> Arrowhead Game Studios AB)
FirewallRules: [{EE33C022-79DF-400F-B3F1-6815D6C8E1CB}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers 2\bin\helldivers2.exe (Arrowhead Game Studios AB -> Arrowhead Game Studios AB)
FirewallRules: [{7460ADB0-4D2B-4973-8347-1D894B90C061}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D63B7CAD-F7FB-466F-B06C-E22766195545}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D647DDED-0AE3-46FE-9495-188E8956735A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4F15D9B-FB65-4FB3-9B83-DFD2DC101F9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{918EBAFD-F1A6-44AB-854A-41F559C8E6AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CF6A2022-E2B2-49F4-85F8-C34713738293}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A564F3CB-E546-495A-BF90-3D1A2D8E0E86}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9DEA931F-4115-470E-8392-C6624E4A7DF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{874242E6-D148-40B2-81C6-D7054D271BD5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DA85F28C-C304-4331-A7DD-D7E2A498E55C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DDA0A0EA-C3DD-45DA-8B22-BC9A0976CB2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C4A68191-E894-4C0C-9AFF-B1F8CB71ECEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9A51AA4E-0F88-4F59-AC0B-9BC101BC5A66}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{505D3114-0262-4A62-B540-E94BD30485EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E4F461D4-D94A-4942-AB14-452725FD72DC}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{AE7DF23A-35BA-47D5-8C50-662B3341D424}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
13-04-2024 06:52:06 Geplanter Prüfpunkt
 
==================== Faulty Device Manager Devices ============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


#5 Xyneravyn

Xyneravyn
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 April 2024 - 09:01 AM

==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/16/2024 03:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdobeCollabSync.exe, version: 24.2.20687.0, time stamp: 0x66170966
Faulting module name: AdobeCollabSync.exe, version: 24.2.20687.0, time stamp: 0x66170966
Exception code: 0xc0000409
Fault offset: 0x0000000000494b31
Faulting process ID: 0x2208
Faulting application start time: 0x01da900584ba052f
Faulting application path: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
Faulting module path: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
Report ID: 3cb67022-1c0c-4dec-aa2b-54600cb730d8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/16/2024 12:57:34 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NG833IV)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (04/16/2024 12:53:24 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" ---> System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed"
 
WRN: Protokollierung der Assemblybindung ist AUS.
Sie können die Protokollierung der Assemblybindungsfehler aktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!E...
 
Error: (04/15/2024 08:32:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
Error: (04/15/2024 08:12:41 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NG833IV)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (04/15/2024 08:08:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
Error: (04/15/2024 08:08:34 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" ---> System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed"
 
WRN: Protokollierung der Assemblybindung ist AUS.
Sie können die Protokollierung der Assemblybindungsfehler aktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!E...
 
Error: (04/15/2024 07:58:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
 
System errors:
=============
Error: (04/16/2024 12:53:25 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (04/16/2024 12:53:23 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the filename and path that caused the failure.
 
Error: (04/16/2024 12:48:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Energy Server Service queencreek service terminated with the following error: 
Debugger received RIP exception.
 
Error: (04/16/2024 12:48:32 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Energy Server Service queencreek service did not shut down properly after receiving a pre-shutdown control.
 
Error: (04/15/2024 08:08:35 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (04/15/2024 08:08:33 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the filename and path that caused the failure.
 
Error: (04/15/2024 08:08:01 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NG833IV)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Nicht verfügbar" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/15/2024 08:07:56 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NG833IV)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Nicht verfügbar" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Windows Defender:
================
Date: 2024-04-16 02:07:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Vollständige Überprüfung
 
Date: 2024-04-15 04:40:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Vollständige Überprüfung
 
Date: 2024-04-15 04:18:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung
 
Date: 2024-04-15 04:09:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung
 
Date: 2024-04-15 00:17:44
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Keygen
Severity: Niedrig
Category: Potenziell unerwünschte Software
Path: containerfile:_C:\Users\paulm\Documents\VST\Bazzism.rar; containerfile:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar; containerfile:_C:\Users\paulm\Documents\VST\Serum.zip; file:_C:\Users\paulm\Documents\VST\Bazzism.rar->ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R/r2r-2596.rar->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.MacOSX.Incl.Keygen-R2R/r2r-2597.r02->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.1.b3.U
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: Benutzer
Process Name: Unknown
Security intelligence Version: AV: 1.409.255.0, AS: 1.409.255.0, NIS: 1.409.255.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Event[0]:
 
Date: 2024-04-15 07:58:55
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Bei Zugriff
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden. 
Reason: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
 
Date: 2024-04-15 07:57:47
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Bei Zugriff
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden. 
Reason: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
 
Date: 2024-03-18 16:06:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.407.492.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2024-03-18 16:06:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.407.492.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2023-09-28 07:02:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Aktuell
Error Code: 0x80501102
Error description: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". 
Security intelligence Version: 1.397.1638.0;1.397.1638.0
Engine Version: 1.1.23080.2005
 
CodeIntegrity:
===============
Date: 2024-04-16 15:53:52
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\paulm\AppData\Local\Discord\app-1.0.9041\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook32.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P1.50 09/03/2020
Motherboard: ASRock B460 Steel Legend
Processor: Intel® Core™ i7-10700F CPU @ 2.90GHz
Percentage of memory in use: 50%
Total physical RAM: 16314.16 MB
Available physical RAM: 8049.11 MB
Total Virtual: 38842.16 MB
Available Virtual: 27183.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.25 GB) (Free:48.86 GB) (Model: Patriot M.2 P300) NTFS
Drive d: (New Volume) (Fixed) (Total:1863 GB) (Free:613.33 GB) (Model: CT2000P3SSD8) NTFS
Drive e: (INTENSO) (Removable) (Total:7.49 GB) (Free:7.49 GB) FAT32
 
\\?\Volume{a414ce20-f078-4499-b493-9476e13a74b3}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{65b593e2-1ac6-4719-b1b1-31014ae85ca1}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 0232E55A)
Partition 1: (Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by paulm (16-04-2024 15:54:47)
Running from C:\Users\paulm\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2021-05-15 21:02:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2822836515-2594661799-1331936652-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2822836515-2594661799-1331936652-503 - Limited - Disabled)
Gast (S-1-5-21-2822836515-2594661799-1331936652-501 - Limited - Disabled)
paulm (S-1-5-21-2822836515-2594661799-1331936652-1001 - Administrator - Enabled) => C:\Users\paulm
WDAGUtilityAccount (S-1-5-21-2822836515-2594661799-1331936652-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888poker.de (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\888poker.de) (Version: 1.1.2.39 - 888)
Ableton Live 10 Suite (HKLM\...\{3AFBB4AE-59CA-414C-8264-BA833986EE54}) (Version: 10.0.0.0 - Ableton)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.002.20687 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.3.1 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Attribute Changer 10.10 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 10.0 - Romain Petges)
Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.74.4 - Bethesda Softworks)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 123.1.64.122 - Die Brave-Autoren)
By Click Downloader (HKLM-x32\...\{A197105C-61BF-450F-B10A-177130E2CF25}) (Version: 2.3.42 - ByClick) Hidden
By Click Downloader (HKLM-x32\...\By Click Downloader 2.3.42) (Version: 2.3.42 - ByClick)
Camo Studio (HKLM\...\{3B3388F2-5E83-4C7A-ACB3-939FA3419D1F}) (Version: 2.1.11.11612 - Reincubate)
CapCut (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\CapCut) (Version: 2.0.0.348 - Bytedance Pte. Ltd.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.07061 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{11E16B39-0FA6-4DF0-9736-73BB638C9924}) (Version: 4.10.07061 - Cisco Systems, Inc.) Hidden
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: 2.01 - GOG.com)
Cyberpunk 2077 REDmod (HKLM-x32\...\1597316373_is1) (Version: 2.01 - GOG.com)
Cyberpunk 2077: Phantom Liberty (HKLM-x32\...\1256837418_is1) (Version: 2.01 - GOG.com)
DarkPsy FX466 DEMO version 1.0 (HKLM\...\DarkPsy FX466 DEMO_is1) (Version: 1.0 - G-Sonique)
DarkPsy FX466 version 1.0 (HKLM\...\DarkPsy FX466_is1) (Version: 1.0 - G-Sonique)
Discord (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Discord) (Version: 1.0.9001 - Discord Inc.)
Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned Oghren© (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned© (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© Leliana (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Wynne (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned© Wynne) (Version:  - )
Driver Easy 5.8.1 (HKLM\...\DriverEasy_is1) (Version: 5.8.1 - Easeware)
Epic Games Launcher (HKLM-x32\...\{37D87A98-763A-44A7-AD9E-8D661616A2C4}) (Version: 1.3.78.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2018.2 - FabFilter & Team V.R)
Fiddler Everywhere 3.1.1 (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\8652495b-663c-5255-8c97-412896fbef82) (Version: 3.1.1 - Progress Software Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
GIMP 2.10.28 (HKLM\...\GIMP-2_is1) (Version: 2.10.28 - The GIMP Team)
Git (HKLM\...\Git_is1) (Version: 2.42.0.2 - The Git Development Community)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.71.2 - GOG.com)
HitFilm Express (HKLM\...\{1D791529-BF85-4D61-89F5-EEA81034F26E}) (Version: 17.0.11715.56097 - FXHOME)
Image Eye v9.2 x64 (HKLM\...\Image Eye x64_is1) (Version:  - FMJ-Software)
Infected Mushroom - Wider version 1.0 (HKLM\...\{A7684FCF-245F-4C90-87EE-472DC3EC3868}_is1) (Version: 1.0 - Polyverse Music, Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{CCDC49A6-B288-4623-AA1D-332D328A8FA8}) (Version: 24.1.13.10 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{76751700-CC7A-4C8E-A7EE-D66651594A6A}) (Version: 2.4.10802 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{64f50684-bac6-488b-9bab-93616f34d6ec}) (Version: 24.1.13.10 - Intel)
ISM BazzISM (HKLM\...\BazzISM_is1) (Version: 2.5.3 - ISM)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ledger Live 2.60.0 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.60.0 - Ledger Live Team)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.2.534136 - Logitech)
Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM-x32\...\{231e3b76-4d0f-4e60-9d69-f11c9c448630}) (Version: 3.1.28.31513 - Microsoft Corporation)
Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-164f20d7-a9e4-47f5-950c-778e91ea852f) (Version:  - Epic Games, Inc.)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.1.0.183 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.3.136 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.11.3.17 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NoMachine Enterprise Client (HKLM\...\NoMachine Enterprise Client_is1) (Version: 8.5.3 - NoMachine S.a.r.l.)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.10 (HKLM-x32\...\{5A9673DB-4BBE-4FEA-8AB6-840C89E79913}) (Version: 4.110.9807 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{0af024f5-c0d4-481b-bb6b-5f781bfc6fbc}) (Version: latest - ppy Pty Ltd)
Paradox Launcher v2 (HKLM\...\{D3A03918-53CA-485C-B819-E4B86DF5AE82}) (Version: 2.4.0 - Paradox Interactive)
PDFill PDF Editor Professional (HKLM\...\{26037138-C111-4BC5-88E8-DD2B2F2460C7}) (Version: 15.0 - PlotSoft LLC)
Python 3.10.9 (64-bit) (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{e8531749-5517-4937-a722-a4052cb2d75e}) (Version: 3.10.9150.0 - Python Software Foundation)
Python 3.10.9 Add to Path (64-bit) (HKLM\...\{59ED0114-0C86-4B18-83E2-929AD7D232AD}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Core Interpreter (64-bit) (HKLM\...\{9802C929-A3F0-480D-A4B2-DAD129F2236E}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Development Libraries (64-bit) (HKLM\...\{E2BC2EBD-7260-458B-A42C-3322DCB0B82F}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Documentation (64-bit) (HKLM\...\{F007E8E2-B4A7-4559-BB78-7AC533822431}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Executables (64-bit) (HKLM\...\{F115E5B8-9719-4BDF-8B0D-551809BB677D}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 pip Bootstrap (64-bit) (HKLM\...\{067C6FFC-0FD1-4F3A-8E94-58F091BCC0D5}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Standard Library (64-bit) (HKLM\...\{0CBB496F-1D15-42F1-AA45-C01C95196EC8}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Tcl/Tk Support (64-bit) (HKLM\...\{92CFA54C-9CE5-4284-83FD-1D0B8AB2AB69}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Test Suite (64-bit) (HKLM\...\{0DDDDA24-0876-4BEF-AC9B-26D8B78DCCC9}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Utility Scripts (64-bit) (HKLM\...\{1F097B66-81E9-46FB-BBAC-315C5F50CF94}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{35A2AF4F-C504-4D2A-A025-F69379ECDF07}) (Version: 3.10.8009.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - CD Projekt RED)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.81.1699 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.2.3.4 - Rockstar Games)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Serum (HKLM\...\Serum_XR_is1) (Version: 1.357 - Xfer Records)
SonoBus version 1.7.2 (HKLM\...\SonoBus_is1) (Version: 1.7.2 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg VST Classics 1 64bit (HKLM\...\{AA322103-FC2B-4D86-BA6C-67D4DDB4209C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Telegram Desktop (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.15.2 - Telegram FZ-LLC)
TIDAL (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\TIDAL) (Version: 2.36.2 - TIDAL Music AS)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.51 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UPDF (HKLM\...\UPDF) (Version:  - Superace Software Technology Co., Ltd.)
UPDF_Win version 1.0.7.0 (HKLM-x32\...\{64F0F31B-1791-46EC-96ED-44120E105F77}_is1) (Version: 1.0.7.0 - Superace Software Technology Co., Ltd.)
ValhallaSupermassive version 1.1.1v5 (HKLM-x32\...\{AC6A778B-2004-4BAF-9E1F-CAA5CC27D7FA}_is1) (Version: 1.1.1v5 - Valhalla DSP, LLC)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.10.6 - Black Tree Gaming Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8  - Winamp SA)
WinDirStat 1.1.2 (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\WinDirStat) (Version:  - )
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
Wondershare DemoCreator Spark(Build 6.7.5) (HKLM\...\Wondershare DemoCreator Spark_is1) (Version:  - Wondershare Software)
Wondershare DemoCreator(Build 6.9.0) (HKLM\...\Wondershare DemoCreator_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2023-08-16] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
FBReader -> C:\Program Files\WindowsApps\FBReader_2.0.3.0_x64__0ydjfefeqf4sp [2023-08-01] (FBReader.ORG Limited)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-15] (HP Inc.)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-01] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-13] (Spotify AB) [Startup Task]
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-04-13] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2024-02-11] (New Work SE)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{002add35-e00a-f3ef-f484-215bb738aa23}\localserver32 -> C:\Program Files (x86)\Camo Studio\CamoStudio.exe (Reincubate Limited -> Reincubate)
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2021-05-12] (Romain Petges) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-03-11 16:47 - 2024-03-11 16:47 - 000295936 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Camo Studio\Service\CamoServiceSupport.dll
2023-10-02 12:22 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2023-10-02 12:22 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2023-11-05 05:48 - 2023-11-05 05:48 - 000010240 _____ () [File not signed] C:\Program Files\Adobe\Acrobat DC\Acrobat\locale\de_de\AcroTray.deu
2023-10-02 12:26 - 2023-07-27 14:33 - 000009216 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureBase.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000342528 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureEngineEx.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000303104 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureNLEMgr.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000434688 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureSource.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000018944 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\COMSupport.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 002674688 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\data_api.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 027441664 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\libkernaldec.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000216064 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\quazip1-qt5.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 002374656 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\WS_Image.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000101888 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\WS_Log.DLL
2024-04-13 06:51 - 2024-04-13 06:51 - 000356864 _____ (Benjamin Höglinger) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Libarius\0dc73dbff72283235375853041284104\Libarius.ni.dll
2024-03-21 03:00 - 2006-11-02 16:18 - 000850432 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PDFILLPS5UI.DLL
2023-10-02 12:26 - 2023-07-27 14:33 - 000094720 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\pthreadGC2.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 001626624 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 003160576 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2024-04-13 06:50 - 2024-04-13 06:50 - 000978432 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\9abb5f12056216794776bec54561d515\log4net.ni.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2023-10-02 12:22 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\paulm\AppData\Local\Temp:$DATA​ [16]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 11:14 - 2021-09-20 21:56 - 000000828 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/16/2024 03:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdobeCollabSync.exe, version: 24.2.20687.0, time stamp: 0x66170966
Faulting module name: AdobeCollabSync.exe, version: 24.2.20687.0, time stamp: 0x66170966
Exception code: 0xc0000409
Fault offset: 0x0000000000494b31
Faulting process ID: 0x2208
Faulting application start time: 0x01da900584ba052f
Faulting application path: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
Faulting module path: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
Report ID: 3cb67022-1c0c-4dec-aa2b-54600cb730d8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/16/2024 12:57:34 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NG833IV)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (04/16/2024 12:53:24 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" ---> System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed"
 
WRN: Protokollierung der Assemblybindung ist AUS.
Sie können die Protokollierung der Assemblybindungsfehler aktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!E...
 
Error: (04/15/2024 08:32:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
Error: (04/15/2024 08:12:41 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NG833IV)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (04/15/2024 08:08:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
Error: (04/15/2024 08:08:34 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" ---> System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed"
 
WRN: Protokollierung der Assemblybindung ist AUS.
Sie können die Protokollierung der Assemblybindungsfehler aktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!E...
 
Error: (04/15/2024 07:58:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
 
System errors:
=============
Error: (04/16/2024 12:53:25 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (04/16/2024 12:53:23 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the filename and path that caused the failure.
 
Error: (04/16/2024 12:48:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Energy Server Service queencreek service terminated with the following error: 
Debugger received RIP exception.
 
Error: (04/16/2024 12:48:32 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Energy Server Service queencreek service did not shut down properly after receiving a pre-shutdown control.
 
Error: (04/15/2024 08:08:35 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (04/15/2024 08:08:33 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the filename and path that caused the failure.
 
Error: (04/15/2024 08:08:01 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NG833IV)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Nicht verfügbar" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/15/2024 08:07:56 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NG833IV)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Nicht verfügbar" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Windows Defender:
================
Date: 2024-04-16 02:07:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Vollständige Überprüfung
 
Date: 2024-04-15 04:40:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Vollständige Überprüfung
 
Date: 2024-04-15 04:18:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung
 
Date: 2024-04-15 04:09:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung
 
Date: 2024-04-15 00:17:44
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Keygen
Severity: Niedrig
Category: Potenziell unerwünschte Software
Path: containerfile:_C:\Users\paulm\Documents\VST\Bazzism.rar; containerfile:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar; containerfile:_C:\Users\paulm\Documents\VST\Serum.zip; file:_C:\Users\paulm\Documents\VST\Bazzism.rar->ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R/r2r-2596.rar->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.MacOSX.Incl.Keygen-R2R/r2r-2597.r02->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.1.b3.U
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: Benutzer
Process Name: Unknown
Security intelligence Version: AV: 1.409.255.0, AS: 1.409.255.0, NIS: 1.409.255.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Event[0]:
 
Date: 2024-04-15 07:58:55
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Bei Zugriff
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden. 
Reason: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
 
Date: 2024-04-15 07:57:47
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Bei Zugriff
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden. 
Reason: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
 
Date: 2024-03-18 16:06:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.407.492.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2024-03-18 16:06:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.407.492.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2023-09-28 07:02:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Aktuell
Error Code: 0x80501102
Error description: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". 
Security intelligence Version: 1.397.1638.0;1.397.1638.0
Engine Version: 1.1.23080.2005
 
CodeIntegrity:
===============
Date: 2024-04-16 15:53:52
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\paulm\AppData\Local\Discord\app-1.0.9041\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook32.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P1.50 09/03/2020
Motherboard: ASRock B460 Steel Legend
Processor: Intel® Core™ i7-10700F CPU @ 2.90GHz
Percentage of memory in use: 50%
Total physical RAM: 16314.16 MB
Available physical RAM: 8049.11 MB
Total Virtual: 38842.16 MB
Available Virtual: 27183.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.25 GB) (Free:48.86 GB) (Model: Patriot M.2 P300) NTFS
Drive d: (New Volume) (Fixed) (Total:1863 GB) (Free:613.33 GB) (Model: CT2000P3SSD8) NTFS
Drive e: (INTENSO) (Removable) (Total:7.49 GB) (Free:7.49 GB) FAT32
 
\\?\Volume{a414ce20-f078-4499-b493-9476e13a74b3}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{65b593e2-1ac6-4719-b1b1-31014ae85ca1}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 0232E55A)
Partition 1: (Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by paulm (16-04-2024 15:54:47)
Running from C:\Users\paulm\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4291 (X64) (2021-05-15 21:02:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2822836515-2594661799-1331936652-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2822836515-2594661799-1331936652-503 - Limited - Disabled)
Gast (S-1-5-21-2822836515-2594661799-1331936652-501 - Limited - Disabled)
paulm (S-1-5-21-2822836515-2594661799-1331936652-1001 - Administrator - Enabled) => C:\Users\paulm
WDAGUtilityAccount (S-1-5-21-2822836515-2594661799-1331936652-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888poker.de (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\888poker.de) (Version: 1.1.2.39 - 888)
Ableton Live 10 Suite (HKLM\...\{3AFBB4AE-59CA-414C-8264-BA833986EE54}) (Version: 10.0.0.0 - Ableton)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 24.002.20687 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.3.1 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Attribute Changer 10.10 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 10.0 - Romain Petges)
Audacity 3.3.3 (HKLM\...\Audacity_is1) (Version: 3.3.3 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.74.4 - Bethesda Softworks)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 123.1.64.122 - Die Brave-Autoren)
By Click Downloader (HKLM-x32\...\{A197105C-61BF-450F-B10A-177130E2CF25}) (Version: 2.3.42 - ByClick) Hidden
By Click Downloader (HKLM-x32\...\By Click Downloader 2.3.42) (Version: 2.3.42 - ByClick)
Camo Studio (HKLM\...\{3B3388F2-5E83-4C7A-ACB3-939FA3419D1F}) (Version: 2.1.11.11612 - Reincubate)
CapCut (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\CapCut) (Version: 2.0.0.348 - Bytedance Pte. Ltd.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.07061 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{11E16B39-0FA6-4DF0-9736-73BB638C9924}) (Version: 4.10.07061 - Cisco Systems, Inc.) Hidden
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
Cyberpunk 2077 (HKLM-x32\...\1423049311_is1) (Version: 2.01 - GOG.com)
Cyberpunk 2077 REDmod (HKLM-x32\...\1597316373_is1) (Version: 2.01 - GOG.com)
Cyberpunk 2077: Phantom Liberty (HKLM-x32\...\1256837418_is1) (Version: 2.01 - GOG.com)
DarkPsy FX466 DEMO version 1.0 (HKLM\...\DarkPsy FX466 DEMO_is1) (Version: 1.0 - G-Sonique)
DarkPsy FX466 version 1.0 (HKLM\...\DarkPsy FX466_is1) (Version: 1.0 - G-Sonique)
Discord (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Discord) (Version: 1.0.9001 - Discord Inc.)
Dragon Age Redesigned © Morrigan (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned Oghren© (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned© (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© Leliana (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Wynne (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Dragon Age Redesigned© Wynne) (Version:  - )
Driver Easy 5.8.1 (HKLM\...\DriverEasy_is1) (Version: 5.8.1 - Easeware)
Epic Games Launcher (HKLM-x32\...\{37D87A98-763A-44A7-AD9E-8D661616A2C4}) (Version: 1.3.78.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{35905844-0610-427D-86A0-2103FABE3D4D}) (Version: 2.0.42.0 - Epic Games, Inc.)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2018.2 - FabFilter & Team V.R)
Fiddler Everywhere 3.1.1 (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\8652495b-663c-5255-8c97-412896fbef82) (Version: 3.1.1 - Progress Software Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter Version 4.1.13 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.13 - Mixbyte Inc.)
GIMP 2.10.28 (HKLM\...\GIMP-2_is1) (Version: 2.10.28 - The GIMP Team)
Git (HKLM\...\Git_is1) (Version: 2.42.0.2 - The Git Development Community)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.71.2 - GOG.com)
HitFilm Express (HKLM\...\{1D791529-BF85-4D61-89F5-EEA81034F26E}) (Version: 17.0.11715.56097 - FXHOME)
Image Eye v9.2 x64 (HKLM\...\Image Eye x64_is1) (Version:  - FMJ-Software)
Infected Mushroom - Wider version 1.0 (HKLM\...\{A7684FCF-245F-4C90-87EE-472DC3EC3868}_is1) (Version: 1.0 - Polyverse Music, Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{CCDC49A6-B288-4623-AA1D-332D328A8FA8}) (Version: 24.1.13.10 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{76751700-CC7A-4C8E-A7EE-D66651594A6A}) (Version: 2.4.10802 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{64f50684-bac6-488b-9bab-93616f34d6ec}) (Version: 24.1.13.10 - Intel)
ISM BazzISM (HKLM\...\BazzISM_is1) (Version: 2.5.3 - ISM)
Java 8 Update 191 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ledger Live 2.60.0 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.60.0 - Ledger Live Team)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2024.2.534136 - Logitech)
Microsoft .NET Core Host - 3.1.28 (x64) (HKLM\...\{26ECE92F-518E-40AF-9108-7B7B444A46DE}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.28 (x64) (HKLM\...\{CDEA72F4-1367-4E0A-AC5F-0EBAF7C6825A}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM\...\{3691148D-EF42-4812-8956-AE11FC413B8D}) (Version: 24.112.31513 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.28 (x64) (HKLM-x32\...\{231e3b76-4d0f-4e60-9d69-f11c9c448630}) (Version: 3.1.28.31513 - Microsoft Corporation)
Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\OneDriveSetup.exe) (Version: 24.055.0317.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-164f20d7-a9e4-47f5-950c-778e91ea852f) (Version:  - Epic Games, Inc.)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.1.0.183 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.3.136 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.11.3.17 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
NoMachine Enterprise Client (HKLM\...\NoMachine Enterprise Client_is1) (Version: 8.5.3 - NoMachine S.a.r.l.)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.10 (HKLM-x32\...\{5A9673DB-4BBE-4FEA-8AB6-840C89E79913}) (Version: 4.110.9807 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{0af024f5-c0d4-481b-bb6b-5f781bfc6fbc}) (Version: latest - ppy Pty Ltd)
Paradox Launcher v2 (HKLM\...\{D3A03918-53CA-485C-B819-E4B86DF5AE82}) (Version: 2.4.0 - Paradox Interactive)
PDFill PDF Editor Professional (HKLM\...\{26037138-C111-4BC5-88E8-DD2B2F2460C7}) (Version: 15.0 - PlotSoft LLC)
Python 3.10.9 (64-bit) (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{e8531749-5517-4937-a722-a4052cb2d75e}) (Version: 3.10.9150.0 - Python Software Foundation)
Python 3.10.9 Add to Path (64-bit) (HKLM\...\{59ED0114-0C86-4B18-83E2-929AD7D232AD}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Core Interpreter (64-bit) (HKLM\...\{9802C929-A3F0-480D-A4B2-DAD129F2236E}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Development Libraries (64-bit) (HKLM\...\{E2BC2EBD-7260-458B-A42C-3322DCB0B82F}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Documentation (64-bit) (HKLM\...\{F007E8E2-B4A7-4559-BB78-7AC533822431}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Executables (64-bit) (HKLM\...\{F115E5B8-9719-4BDF-8B0D-551809BB677D}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 pip Bootstrap (64-bit) (HKLM\...\{067C6FFC-0FD1-4F3A-8E94-58F091BCC0D5}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Standard Library (64-bit) (HKLM\...\{0CBB496F-1D15-42F1-AA45-C01C95196EC8}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Tcl/Tk Support (64-bit) (HKLM\...\{92CFA54C-9CE5-4284-83FD-1D0B8AB2AB69}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Test Suite (64-bit) (HKLM\...\{0DDDDA24-0876-4BEF-AC9B-26D8B78DCCC9}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python 3.10.9 Utility Scripts (64-bit) (HKLM\...\{1F097B66-81E9-46FB-BBAC-315C5F50CF94}) (Version: 3.10.9150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{35A2AF4F-C504-4D2A-A025-F69379ECDF07}) (Version: 3.10.8009.0 - Python Software Foundation)
REDlauncher (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - CD Projekt RED)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.81.1699 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.2.3.4 - Rockstar Games)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Serum (HKLM\...\Serum_XR_is1) (Version: 1.357 - Xfer Records)
SonoBus version 1.7.2 (HKLM\...\SonoBus_is1) (Version: 1.7.2 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steinberg VST Classics 1 64bit (HKLM\...\{AA322103-FC2B-4D86-BA6C-67D4DDB4209C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Telegram Desktop (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.15.2 - Telegram FZ-LLC)
TIDAL (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\TIDAL) (Version: 2.36.2 - TIDAL Music AS)
TmUnitedForever Update 2010-03-15 (HKLM-x32\...\TmUnitedForever_is1) (Version:  - Nadeo)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 10.51 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B9A7A138-BFD5-4C73-A269-F78CCA28150E}) (Version: 8.94.0.0 - Microsoft Corporation)
UPDF (HKLM\...\UPDF) (Version:  - Superace Software Technology Co., Ltd.)
UPDF_Win version 1.0.7.0 (HKLM-x32\...\{64F0F31B-1791-46EC-96ED-44120E105F77}_is1) (Version: 1.0.7.0 - Superace Software Technology Co., Ltd.)
ValhallaSupermassive version 1.1.1v5 (HKLM-x32\...\{AC6A778B-2004-4BAF-9E1F-CAA5CC27D7FA}_is1) (Version: 1.1.1v5 - Valhalla DSP, LLC)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.10.6 - Black Tree Gaming Ltd.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8  - Winamp SA)
WinDirStat 1.1.2 (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\WinDirStat) (Version:  - )
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
Wondershare DemoCreator Spark(Build 6.7.5) (HKLM\...\Wondershare DemoCreator Spark_is1) (Version:  - Wondershare Software)
Wondershare DemoCreator(Build 6.9.0) (HKLM\...\Wondershare DemoCreator_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)
Zoom (HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\ZoomUMX) (Version: 5.15.2 (18096) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2023-08-16] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-03-14] ()
FBReader -> C:\Program Files\WindowsApps\FBReader_2.0.3.0_x64__0ydjfefeqf4sp [2023-08-01] (FBReader.ORG Limited)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_152.1.1099.0_x64__v10z8vjag6ke6 [2024-03-15] (HP Inc.)
Microsoft Copilot -> C:\Program Files\WindowsApps\Microsoft.Windows.Ai.Copilot.Provider_1.0.3.0_neutral__8wekyb3d8bbwe [2024-03-29] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-01] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0 [2024-04-13] (Spotify AB) [Startup Task]
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-04-13] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2024-02-11] (New Work SE)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{002add35-e00a-f3ef-f484-215bb738aa23}\localserver32 -> C:\Program Files (x86)\Camo Studio\CamoStudio.exe (Reincubate Limited -> Reincubate)
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2822836515-2594661799-1331936652-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Attribute Changer\acshell.dll [2021-05-12] (Romain Petges) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2024-03-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-12] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2019-08-30] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2019-08-30] (Beepa P/L) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2024-03-11 16:47 - 2024-03-11 16:47 - 000295936 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Camo Studio\Service\CamoServiceSupport.dll
2023-10-02 12:22 - 2016-07-21 10:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2023-10-02 12:22 - 2017-09-12 10:34 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2023-11-05 05:48 - 2023-11-05 05:48 - 000010240 _____ () [File not signed] C:\Program Files\Adobe\Acrobat DC\Acrobat\locale\de_de\AcroTray.deu
2023-10-02 12:26 - 2023-07-27 14:33 - 000009216 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureBase.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000342528 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureEngineEx.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000303104 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureNLEMgr.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000434688 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\CaptureSource.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000018944 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\COMSupport.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 002674688 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\data_api.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 027441664 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\libkernaldec.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000216064 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\quazip1-qt5.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 002374656 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\WS_Image.dll
2023-10-02 12:26 - 2023-07-27 14:33 - 000101888 _____ () [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\WS_Log.DLL
2024-04-13 06:51 - 2024-04-13 06:51 - 000356864 _____ (Benjamin Höglinger) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Libarius\0dc73dbff72283235375853041284104\Libarius.ni.dll
2024-03-21 03:00 - 2006-11-02 16:18 - 000850432 _____ (Microsoft Corporation) [File not signed] C:\Windows\system32\spool\DRIVERS\x64\3\PDFILLPS5UI.DLL
2023-10-02 12:26 - 2023-07-27 14:33 - 000094720 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files\Wondershare\Wondershare DemoCreator Spark\pthreadGC2.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 001626624 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2024-02-22 09:58 - 2024-02-22 09:58 - 003160576 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2024-04-13 06:50 - 2024-04-13 06:50 - 000978432 _____ (The Apache Software Foundation) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\9abb5f12056216794776bec54561d515\log4net.ni.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-07-24 02:13 - 2021-07-24 02:12 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-08-06 01:20 - 2021-07-24 02:12 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2023-10-02 12:22 - 2017-09-12 10:36 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\paulm\AppData\Local\Temp:$DATA​ [16]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2021-06-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-04-11] (Adobe Inc. -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 11:14 - 2021-09-20 21:56 - 000000828 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Git\cmd
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\paulm\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\StartupApproved\Run: => "GogGalaxy"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5CBB5121-F99E-41E7-816E-C1CACD8923F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{7F72BB38-4595-420D-875D-CD9C617FBBF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4CFD9B71-C7AC-43B7-B3B0-2C4522352046}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CD046BC7-007B-42D0-831F-889A93DA8722}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AB774F71-2D61-4727-8B5F-2CCF8BC9BE9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A842B544-17DF-4A36-90F2-04934E6AF0D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{EF73914C-65EE-4290-AABF-59EC3C768CF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe () [File not signed]
FirewallRules: [{264492A4-92FD-4155-A316-82571EBEDA3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [{9ADDCC27-74D3-4F89-ABA9-AF04EDA6FDF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe () [File not signed]
FirewallRules: [{CEA17D5E-3106-471A-BC45-1849441D0A71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe (Supergiant Games, LLC) [File not signed]
FirewallRules: [{2DDFC459-A167-4603-A274-63DBB2939D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transistor\x64\Transistor.exe (Supergiant Games, LLC) [File not signed]
FirewallRules: [{E9529E00-32DF-4FD4-AC16-AE87DA294339}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{6D8519EF-9157-425C-ADC9-0B2E667824E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{AA16543A-312E-4D41-8C91-87D6987A8F73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{FE13B242-3812-467E-B7E2-B5187DF1BF00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe => No File
FirewallRules: [{A2F57542-2800-4EAF-A3DA-4F764D86EFA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{FD0428F4-9850-42A7-81A1-B926F9F96FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe => No File
FirewallRules: [{2A192FA9-4CEE-4BE0-A98F-2D3B3C6CEA93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{10A230D5-C0D1-40E4-A017-CA394FA5D48F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [TCP Query User{550FFCF3-3FDF-4D5A-8E52-610FEF4578DE}C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6C52BADC-03FD-4935-9F2B-E051B80A84EB}C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\code vein\codevein\binaries\win64\codevein-win64-shipping.exe => No File
FirewallRules: [{79F8DDC9-F868-4C2F-AE08-888676B8A9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outer Wilds\OuterWilds.exe () [File not signed]
FirewallRules: [{5445952C-A7B3-4C4D-9D3A-8E47BA7B3D62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outer Wilds\OuterWilds.exe () [File not signed]
FirewallRules: [{2F31F89B-0CFE-4397-9BBD-FD77959E91DD}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{F27D7863-4583-43CC-863D-EC6057B19174}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{8A5D2B06-9D88-4862-ACB3-AEF08592A8C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [{158A935A-BFAC-412B-8C0E-441E19D2AB96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cultist Simulator\cultistsimulator.exe () [File not signed]
FirewallRules: [TCP Query User{94DDD160-907D-4F20-848C-60E71D3CC9D5}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{D5266F78-6488-4FC0-AAA3-DD783B3242BD}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [{58DF3D11-D207-4FA1-B5A5-85A4CA9EC378}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe => No File
FirewallRules: [{8BEB37D4-6729-483C-9451-0500730BED98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Destiny 2\destiny2.exe => No File
FirewallRules: [TCP Query User{2EE4F1FA-5202-4C8F-85BC-B53898D1CDE3}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{1867ED0E-0841-4602-84BF-2FC5E0470171}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{D16DE47B-37BF-40AC-A6A7-3DAF22E93D1B}] => (Allow) C:\Users\paulm\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9ECF1E22-59A4-4F88-856A-B4CD6AE9A6F5}] => (Allow) C:\Users\paulm\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{00161AC3-9C07-47AA-A05E-E39C3BE3A2CD}] => (Allow) C:\Users\paulm\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{17A1D82F-3923-401E-B3BA-2DB0424AC3C9}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{E9731FC8-7D31-4F70-8400-DB5623064A30}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{654E3226-39A0-4415-8D1B-475A2A531F94}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{04ADD5EE-1E2C-4BDC-9276-B67584580A4E}C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\gog galaxy\games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{C9B82815-D8CA-40A7-89F2-061F51A23C24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Edna & Harvey The Breakout\_anniversary\edna.exe => No File
FirewallRules: [{3BCDE331-DAD7-4ED5-8FDF-E03F28BBF9D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Edna & Harvey The Breakout\_anniversary\edna.exe => No File
FirewallRules: [{52D6A670-53DA-445C-8685-7E6188EEC855}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{C1712F27-26EB-4189-BE80-E19B6E944782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Enter the Gungeon\EtG.exe () [File not signed]
FirewallRules: [{309CABE2-5276-465B-8A46-8DDD4093F3B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exe () [File not signed]
FirewallRules: [{288C363D-E0B1-4164-B52A-98B334FCD957}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa Trigger Happy Havoc\Launcher.exe () [File not signed]
FirewallRules: [{6951D87E-E401-44BF-8021-6016F063DCC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{A8BDC877-E086-4583-9F07-28082D4F741F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{BFD596E0-43EE-46B2-B373-026892BBD615}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LobotomyCorp\LobotomyCorp.exe () [File not signed]
FirewallRules: [{D5DB6019-507F-4C95-9A5D-D37B0A8C2903}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LobotomyCorp\LobotomyCorp.exe () [File not signed]
FirewallRules: [{A6D9451E-FD46-45C9-958E-6E9418CC2F38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [{73548B90-CDE6-4B7C-A353-397095832312}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe => No File
FirewallRules: [TCP Query User{FAC5452D-58EE-492C-942F-01BCC57025C9}C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe => No File
FirewallRules: [UDP Query User{498FC9B1-B8E1-4472-821D-6BB5A231AF64}C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mass effect andromeda\masseffectandromeda.exe => No File
FirewallRules: [TCP Query User{011A68BE-28FF-41EC-8FDD-EE4FB06EF1A7}C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe => No File
FirewallRules: [UDP Query User{071BBEBC-6A27-437C-BE08-6CDA6DC3AE16}C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the beast inside\thebeastinside\binaries\win64\thebeastinside-win64-shipping.exe => No File
FirewallRules: [{F2459B09-B50F-4E69-AEBB-042EB16E759C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{C3A10CA6-7F00-420F-A00C-AF02CCCBE28C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nidhogg\Nidhogg.exe (Messhof LLC) [File not signed]
FirewallRules: [{4DA13CBE-0313-46CB-83EF-81AB8E8EE881}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{4128719D-7D5B-4611-92C8-049E94DABFD5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [TCP Query User{02759236-E290-4874-92C4-BAA192A5A4E7}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe => No File
FirewallRules: [UDP Query User{A9C6ED46-0948-4C1A-93FC-258CFE72360E}C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe => No File
FirewallRules: [{638A0FF8-4AB3-40E6-A55D-42A1769B1AA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phantom Abyss\PhantomAbyss.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A16151A1-9607-4C2E-A543-FDCCD1EE3868}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Phantom Abyss\PhantomAbyss.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F081488B-8736-48CB-874D-3ABFCFE0DCCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkwood\Darkwood.exe () [File not signed]
FirewallRules: [{84885960-7C76-4DBB-8C5C-7237F028E74D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darkwood\Darkwood.exe () [File not signed]
FirewallRules: [{2B66BF4E-BED5-4183-B6B7-547BEAF5341A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{F10DC04B-1220-4BCC-B322-1E50B72D053C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ori DE\oriDE.exe () [File not signed]
FirewallRules: [{9B7B6799-0324-463B-A45B-4762DE176E4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pony Island\PonyIsland.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{FC473EE7-7747-4A71-9559-E2A6D9BD5AAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pony Island\PonyIsland.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{217834F7-7FF9-42D4-8F73-32FC5C33D36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{ED9B42F6-E42F-4770-B202-1872D25FD89D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe () [File not signed]
FirewallRules: [{3CB30662-1E19-4F64-B1C2-C04EC2040E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe () [File not signed]
FirewallRules: [{7AC7C6CC-CCB5-4FEC-B6DD-FB1660096299}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cuphead\Cuphead.exe () [File not signed]
FirewallRules: [{A5D02687-761C-470E-9D3C-0E16EBFCB22C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{05825AF7-E74C-4078-B7AA-C0684F3B6472}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sunless Skies\Sunless Skies.exe () [File not signed]
FirewallRules: [{1C1CB156-BF4B-4957-9CCB-57C79FC2B2A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{2565599E-CA60-4701-9134-683D64BB26B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crab Game\Crab Game.exe () [File not signed]
FirewallRules: [{F5760022-E73A-411E-86F8-D65BE6924BFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lily's Well\Game.exe (The NW.js Community) [File not signed]
FirewallRules: [{178B7C2B-658C-4D4C-84A2-B29A0FB27C85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lily's Well\Game.exe (The NW.js Community) [File not signed]
FirewallRules: [TCP Query User{3CA662E3-98E1-46E8-89C9-B5A57FC0AB9F}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{41C9B4E1-F636-455E-B736-7655570C67DC}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{47FD5E93-7D49-40B6-8E5D-F04DE7D4F011}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{7867B8EA-0C74-4C78-885A-7C31AF0FAF39}C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Block) C:\program files (x86)\steam\steamapps\common\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{1AE3F11C-C454-481F-94C8-57BACD322AAE}C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe => No File
FirewallRules: [UDP Query User{19BFEF8C-ACCA-49B2-9FAE-EE9891D7CBCA}C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9003\discord.exe => No File
FirewallRules: [TCP Query User{727B6A16-E808-4F3F-9E2B-0827D084112C}C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{041967A2-6CFC-47C5-8EF3-51047539DAE6}C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\paulm\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [{AB1AD9B4-4CDC-4E80-9A71-7E1FC48B3E0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{B9C1A52D-0D8E-4585-B6CA-F68A6EFAE147}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{9E3CF469-5443-40A6-BD99-EE15289C4257}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [UDP Query User{5D8AC470-32DB-4556-A27D-BCDF4C754609}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [TCP Query User{104B7C1E-345F-4BFA-B5B5-5BA4138AE5A6}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [UDP Query User{671F6468-A5F4-484D-A8A3-3C713DCFC4C6}C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.0\tidal.exe => No File
FirewallRules: [TCP Query User{56F38355-0067-4DD6-BE9E-E78E23C297A1}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [UDP Query User{8B1AABCE-AE4E-40D8-B2E8-382FA2BD0F41}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [{9726BEDD-9DBE-4503-840D-A612D2B3612B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Arena\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{9C0A054A-2CCE-4798-8B83-4EF6349BFB9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Arena\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{2D1C0A71-9132-489F-88FC-ED48D3437318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Daggerfall\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [{5967373E-8474-4923-9533-C96E385F33E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Elder Scrolls Daggerfall\DOSBox-0.74\DOSBox.exe (DOSBox Team) [File not signed]
FirewallRules: [TCP Query User{0304CB81-546C-4168-941C-CDC6232A3BDF}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [UDP Query User{8067F666-65C3-466A-8B0E-3F244059E171}C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.1\tidal.exe => No File
FirewallRules: [TCP Query User{B40799F5-6D4A-43BF-931D-BCA18D445D70}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [UDP Query User{CC2D9B0D-B7E1-414F-BDCA-800A01ACD2EB}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [TCP Query User{4AB3A05C-8CFC-461C-9D65-1B59982140B7}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [UDP Query User{09ABE797-5E50-4F49-9FE0-499756FB3E8F}C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.30.4\tidal.exe => No File
FirewallRules: [{ABAAFFA4-D4B4-4B12-99DB-A88C9F26BF86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\ioawn4t.exe (Dead Idle Games) [File not signed]
FirewallRules: [{F227217C-5847-49E7-B065-CEC7B3B885EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\ioawn4t.exe (Dead Idle Games) [File not signed]
FirewallRules: [{EAD9AD8F-E039-44BC-B88E-12DFD4D9E053}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\winsetup.exe (Chris Jones) [File not signed]
FirewallRules: [{DE08192D-2C44-4905-8510-860F9F0F944D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\If On A Winter's Night Four Travelers\winsetup.exe (Chris Jones) [File not signed]
FirewallRules: [TCP Query User{DEC4D06B-11B8-4731-9A91-F6B8AAFAC1A3}C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe => No File
FirewallRules: [UDP Query User{2EB6C223-176C-4A59-B6D0-7D8E9CE19011}C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.31.2\tidal.exe => No File
FirewallRules: [TCP Query User{CDBE2899-FF39-43C6-A3F0-D720A71A991E}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [UDP Query User{1EDECDB3-E72B-40E8-AD05-A2A7A8465255}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [TCP Query User{4BAC10AF-A9E2-486E-889B-2C6066E8F5B5}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [UDP Query User{4C76AC44-78B2-4C7F-BE74-68797DBAD1F7}C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.32.0\tidal.exe => No File
FirewallRules: [{7ECFA62E-5B86-4A47-8E45-2FC4417BBC16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{3F9EA018-D500-45B9-8681-CC6B62569FFA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{EDBEFF1E-7ECF-40D2-A5D2-999CDF17F7DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{343BC216-5558-4BCE-B3EA-CBA76B6C9CF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{A2243EA0-BBC8-48A8-9ED6-4F7F39EAC55D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Spell\The Last Spell.exe () [File not signed]
FirewallRules: [{7FA43983-A490-4E2F-8BFB-4F84AF0FB3A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Last Spell\The Last Spell.exe () [File not signed]
FirewallRules: [{E4D03E02-0B68-475E-B93B-F950E9896C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{A592BE3A-ECB0-402C-9D42-B76439AEC866}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [TCP Query User{B8D026D1-9BBF-49B2-9B94-01F7D2E0245B}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [UDP Query User{CEC66938-40ED-4BFB-BB62-4C2802CA3027}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [{3703A619-06F1-4604-9502-6E61E415599B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Manifold Garden\ManifoldGarden.exe () [File not signed]
FirewallRules: [{DA6645BE-5432-4C68-9CDB-4D31C924F4CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Manifold Garden\ManifoldGarden.exe () [File not signed]
FirewallRules: [TCP Query User{BD3841CA-395D-4BAE-AE46-2C866F8B7069}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [UDP Query User{1C939270-75F9-42B1-BB5D-7DB4D1CE925C}C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe] => (Block) C:\users\paulm\appdata\local\tidal\app-2.33.2\tidal.exe => No File
FirewallRules: [{E199AEF2-9C9A-48E6-965F-2BA6A43B7F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [{0B52872A-75CF-4717-8ED5-11FC96FBA9CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FTL Faster Than Light\FTLGame.exe () [File not signed]
FirewallRules: [TCP Query User{9BF7C049-31DF-495A-BE72-C0C13427FE42}C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [UDP Query User{C3E3E687-F9CC-4029-9BB8-996BB27F11F2}C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9006\discord.exe => No File
FirewallRules: [TCP Query User{865C0702-4D22-4162-9692-B3FE0E486850}C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe => No File
FirewallRules: [UDP Query User{83040525-88A2-416C-838C-865D26A791F7}C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.2\tidal.exe => No File
FirewallRules: [TCP Query User{8B09DA2C-4190-4DB2-815B-091F61C82C08}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [UDP Query User{B53AC5E0-419A-4385-9AA2-AE4CF63261A2}C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\xcom 2\binaries\win64\xcom2.exe => No File
FirewallRules: [{53502F14-2B63-40E1-8B2E-934A0729E680}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games) [File not signed]
FirewallRules: [{1968F963-A2A9-49D5-BD70-31AC6A379CF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bastion\Bastion.exe (Supergiant Games) [File not signed]
FirewallRules: [{5A77C17A-415D-4EB5-8446-ADCE7225E743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [{AC0430E8-A9F7-4A41-84C0-B2B280780423}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [{E3F19289-6A93-418E-89DA-B1E027403AAC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{B7C8C2AB-F673-4A69-A688-512C9C37DC56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{9B28C20F-E0C3-4BF7-9C5C-0C6633300CF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{7545DD18-8BFB-4D07-8F0B-8E23163389CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{68AC3871-1F7B-4B68-A101-964BE53E5F7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{26AA6A7F-71C1-4B1F-A313-BA5ECEA0FBEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File
FirewallRules: [{C2227807-B89F-41C6-B0FB-E830B305006F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inscryption\Inscryption.exe () [File not signed]
FirewallRules: [{1739C4B5-4EE9-4BF2-852A-2AB939027376}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Inscryption\Inscryption.exe () [File not signed]
FirewallRules: [{ED1B85FA-72E3-4458-8DC6-381BA1236782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{D937C477-5CF1-433E-941A-B87A79527D01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{D8234E5C-0509-46E4-BF86-F5A6703C99ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (ZeniMax Media Inc.) [File not signed]
FirewallRules: [{33FB8FF2-6F61-4788-82F7-5BEE2C9F2146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe (ZeniMax Media Inc.) [File not signed]
FirewallRules: [{70FF661D-3CF3-4119-A0F1-AB6667ED9A1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [File not signed]
FirewallRules: [{3A4B0E5D-0416-4412-B880-85EC204D9EBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells.exe () [File not signed]
FirewallRules: [{FC070CF6-9200-4452-B9A9-5B3F7A2D84D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [File not signed]
FirewallRules: [{26BADE71-71D4-4945-BB58-CF78B6C7B257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Cells\deadcells_gl.exe () [File not signed]
FirewallRules: [{3A1977F8-CB89-47F3-B5F7-265E3651289E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELEX\system\ELEX.exe => No File
FirewallRules: [{A5106284-F2FA-46D2-89AD-F44C3B12210C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ELEX\system\ELEX.exe => No File
FirewallRules: [{ACDE3EB5-44D4-46B4-91FF-F6D4FE165AA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nova Drift\NovaDrift.exe (Chimeric) [File not signed]
FirewallRules: [{3145FC45-DE28-4FF4-A1D0-E21ACE1488E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nova Drift\NovaDrift.exe (Chimeric) [File not signed]
FirewallRules: [{6288F6C6-76C5-4127-A1B4-C0540853653B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yakuza Like a Dragon\runtime\media\startup.exe => No File
FirewallRules: [{7BC0B32B-263E-446F-BBFC-B1A6F49CCF75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yakuza Like a Dragon\runtime\media\startup.exe => No File
FirewallRules: [{AA78EFD7-8D9F-42D9-A343-F5BF434E4265}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe () [File not signed]
FirewallRules: [{E1D35659-C393-400B-8A7D-B2AC44586BD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousSam.exe () [File not signed]
FirewallRules: [{40A65686-C13F-4ACA-B6D1-DCA6A68D2DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe () [File not signed]
FirewallRules: [{A0BD6093-3992-4597-A491-6609E3F4542D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousEditor.exe () [File not signed]
FirewallRules: [{50ECD17F-B8E3-4F00-9347-D970D71E8F59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe () [File not signed]
FirewallRules: [{1C40B2BB-84BA-4626-A09E-A66DA9CD56A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Classic The First Encounter\Bin\SeriousModeler.exe () [File not signed]
FirewallRules: [{5BCA191F-2515-4C25-A83A-B12CB701194B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - House of Ashes\HouseOfAshes.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [{F51B1B62-1F0E-4206-BCD4-AD542E495EFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Dark Pictures Anthology - House of Ashes\HouseOfAshes.exe (BANDAI NAMCO Entertainment) [File not signed]
FirewallRules: [{089E3118-7ACA-49FF-AFCA-33AAD82DAE8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{7AC40C3D-3284-4F50-A271-875E43164BAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{63279FE3-26D0-4007-97DD-51E7324CDF3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\PlayLAN.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{4EAD9F42-F4BB-49E9-9B4C-E374447B4A39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\L.A.Noire\PlayLAN.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{86722720-17F7-46CC-929F-59A2D9FA6812}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{8D1F2D91-DFE3-4774-9D05-49FC38380FFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\Launcher.exe => No File
FirewallRules: [{1C6917B5-ABE1-4DBA-A77A-A327B78AE4A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{102AA153-1A82-46BB-963E-A0AB178D282E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Riftbreaker\bin\riftbreaker_win_release.exe => No File
FirewallRules: [{AA2EF6A0-E5AA-4751-90ED-BC78FD045CC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
FirewallRules: [{3AFE8AA4-E0A3-460D-AA0C-CEC2D8356E17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pathologic\Pathologic.exe () [File not signed]
FirewallRules: [{9B359619-5827-4FC7-BEA2-C0BF9A0245E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [{A8ACA7A4-F177-4AE3-AFCF-0FEC8E6B079E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File
FirewallRules: [TCP Query User{E163FCA7-2DC3-4FE1-9EEE-F2C892AB4837}C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{36E5BD30-053B-4053-98B5-1588893272D0}C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\guilty gear strive\red\binaries\win64\ggst-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{D4DD9C1E-F396-4B61-845F-1DAD31247DC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bio Prototype\Bio Prototype.exe () [File not signed]
FirewallRules: [{5840E4FE-D3BA-4ADD-A679-7D8EE3A73A0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bio Prototype\Bio Prototype.exe () [File not signed]
FirewallRules: [{C6F0C037-4D8C-4223-87D2-1A2E225FB22D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{32D89744-5FA5-40A4-AAC8-913DCCEF707A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{4980298E-60E7-4BEF-A28B-199438ACC368}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{5AEC4A01-F968-4C1F-8598-DD0A7135BF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{4CA1CB18-79E2-44CE-BE5F-51DD3660C26A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{138F60C6-AAAD-465F-B9E3-FAF862450FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{B75742DE-012F-4871-8ECB-767692879C8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{96BEDC93-A210-47E8-992B-61B726366DEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64\Hades.exe () [File not signed]
FirewallRules: [{44F57F78-093C-4367-9EA6-AEF07A3B4102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{1ABB121C-F967-4704-867F-D70AF3AAEA5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x64Vk\Hades.exe () [File not signed]
FirewallRules: [{E03F2355-AB01-4417-8130-A296B0AACB35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{2698A658-A7AA-4EBB-BC03-BB906FC75F8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hades\x86\Hades.exe () [File not signed]
FirewallRules: [{43E4C68A-64C7-4217-8109-5866452E43C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{3246BEEE-389F-4DC1-BA62-E0A26E2ADEBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sekiro\sekiro.exe (Activision Publishing Inc -> FromSoftware, Inc.)
FirewallRules: [{27339DC9-A0F4-4CC8-9F90-04018EA672B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Train\MonsterTrain.exe () [File not signed]
FirewallRules: [{B42948DC-19AE-42A8-B0D8-A2744161DEB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monster Train\MonsterTrain.exe () [File not signed]
FirewallRules: [{E7151668-5CC4-4F32-96AE-C90A6D154436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{5627392F-A128-4877-A5B4-908D674D57E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe => No File
FirewallRules: [{7CEE62E9-8628-471C-98C1-9AC20562A3DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downfall - A Slay the Spire Fan Expansion\jre\bin\javaw.exe
FirewallRules: [{A9132E54-ABCD-47DD-9505-1381BAA71B99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Downfall - A Slay the Spire Fan Expansion\jre\bin\javaw.exe
FirewallRules: [{3F104A5C-EEE5-48F9-9D1C-A9E12EC2395E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pentiment\Pentiment.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{8AD123A8-2C34-4333-A344-68A1A4C4EA5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pentiment\Pentiment.exe (Obsidian Entertainment, Inc. -> )
FirewallRules: [{0CC64679-4A3F-481B-AF0A-5D0B7854F416}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Life and Suffering of Sir Brante\The Life and Suffering of Sir Brante.exe () [File not signed]
FirewallRules: [{9C4E6ED2-9B3B-4E50-9699-588059F674BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Life and Suffering of Sir Brante\The Life and Suffering of Sir Brante.exe () [File not signed]
FirewallRules: [{F6FC6035-3E37-4105-83F0-A3E50908AFFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe (BioWare -> BioWare)
FirewallRules: [{DD7795A9-2CB5-4042-ABC0-A3622F2DACD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe (BioWare -> BioWare)
FirewallRules: [{00039E20-4318-4055-81C1-FFB22D5DC624}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare -> BioWare)
FirewallRules: [{2FA2DB80-A6C4-4466-9A60-16549AED38EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare -> BioWare)
FirewallRules: [TCP Query User{078E83EC-26F6-45B8-8DE0-0565D77D1A78}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe (Electronic Arts -> BioWare)
FirewallRules: [UDP Query User{30A084C1-C6FD-4C42-A442-0A385B69E417}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe (Electronic Arts -> BioWare)
FirewallRules: [{0EB11E6A-8E53-4854-ABBA-92C9797F9E76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{90773DE9-06E7-4B75-9565-24A582BDFC9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Last Epoch\Last Epoch.exe () [File not signed]
FirewallRules: [{6FB9C554-2CC4-407D-8320-BB17EF4D18B4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3318CB53-495C-428A-B17C-E78199C0A952}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4A0A49E5-90BD-4936-B7EA-794DF9C2E775}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7E3D4BD0-53EC-4B57-B642-49B02BDB3B09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3407.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{C981B149-400A-4624-AC07-163AF1D0E74F}C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe] => (Block) C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe => No File
FirewallRules: [UDP Query User{4A157D86-4F45-46AD-8DD6-C1B9528C1B3F}C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe] => (Block) C:\users\paulm\appdata\local\freedomgpt\app-1.1.3\freedomgpt.exe => No File
FirewallRules: [{01C6463B-D168-4513-9C99-F1FB2BEB6812}] => (Allow) C:\Program Files\NoMachine Enterprise Client\bin\nxplayer.bin (NoMachine S.a.r.l. -> NoMachine)
FirewallRules: [{85F104F9-D095-4359-ABEA-F85330B68591}] => (Allow) C:\Program Files\NoMachine Enterprise Client\bin\nxplayer.bin (NoMachine S.a.r.l. -> NoMachine)
FirewallRules: [{2B4DD900-D13C-4E69-9170-E6BCB7C9DCA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Outer Worlds Spacer's Choice\TheOuterWorldsSpacersChoiceEdition.exe => No File
FirewallRules: [{A50BDD17-D40E-42F6-B408-DB24E9BBA98B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Outer Worlds Spacer's Choice\TheOuterWorldsSpacersChoiceEdition.exe => No File
FirewallRules: [TCP Query User{C4658C91-3C80-47D8-9018-E9A64A427828}C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{9E5005CE-FA9F-4F8E-ACCB-15C9EFF6D572}C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe] => (Block) C:\users\paulm\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{8FC2A435-B926-4D40-A539-7AED7CD4F9AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEEDY GIRL OVERDOSE\Windose.exe () [File not signed]
FirewallRules: [{FBEDFD9F-361B-4884-9CBB-244BC7E08B6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NEEDY GIRL OVERDOSE\Windose.exe () [File not signed]
FirewallRules: [TCP Query User{067F73B9-F387-48A0-BED9-018C96D4A3F0}C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe => No File
FirewallRules: [UDP Query User{E3AE9685-220D-43CE-82BF-C2B39F24DC65}C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.3\tidal.exe => No File
FirewallRules: [{611C41C6-2EB8-4EA1-B023-6FFA09A76A63}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Across the Obelisk\AcrossTheObelisk.exe () [File not signed]
FirewallRules: [{D29798B3-1A21-4206-9D15-30F4FAC10CBC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Across the Obelisk\AcrossTheObelisk.exe () [File not signed]
FirewallRules: [{838C9884-4937-45E8-8E99-D8A3C578F446}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blasphemous\Blasphemous.exe () [File not signed]
FirewallRules: [{33091920-D99D-4FD3-AC7F-068612BE810B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blasphemous\Blasphemous.exe () [File not signed]
FirewallRules: [{F70CE465-1F4D-4357-B252-A5F127717DD2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OCTOPATH TRAVELER\Octopath_Traveler.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{D5A92856-5122-4B4E-A186-D123EA1C3FC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OCTOPATH TRAVELER\Octopath_Traveler.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{6F7EBBE4-9012-4C71-B673-BAC59039436B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{3E1A314C-5E7B-41DB-9E93-E044BFC4D934}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TalesMajEyal\t-engine.exe (te4.org) [File not signed]
FirewallRules: [{3BA5B48E-D2D9-441D-983A-66839C507F3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Against the Storm\Against the Storm.exe () [File not signed]
FirewallRules: [{4F1B3B7F-BC9E-40FE-95B1-FA14BB143035}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Against the Storm\Against the Storm.exe () [File not signed]
FirewallRules: [{D3497ABC-0D54-41F9-A9CE-989B1D56874E}] => (Allow) D:\SteamLibrary\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{6F6287AD-A795-4C53-83A6-B4D9C7036AFA}] => (Allow) D:\SteamLibrary\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{87B3C9D7-3514-409A-980B-0D5CFAB90DB3}] => (Allow) D:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{A26B84FA-930F-4C53-919A-A2D073835A6F}] => (Allow) D:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{C6620A69-C710-4906-BE34-A2EA0574F874}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [TCP Query User{F5D58BBD-ACDD-4F62-AF55-D01AB4DE4722}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{A5257E08-8DE5-466E-B1CA-64BAF0737EFB}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3.exe (Larian Studios Games Ltd. -> )
FirewallRules: [TCP Query User{7239C912-E328-4F7E-A098-BD3CF49D8E8D}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{9353E957-C6DD-4EB8-A0CD-81AACBC5885E}D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) D:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [TCP Query User{9DBAC37C-A377-4329-8927-09DBD19719CA}C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe => No File
FirewallRules: [UDP Query User{01C5EF14-5C82-44E9-9CFF-946C554F5019}C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.34.5\tidal.exe => No File
FirewallRules: [TCP Query User{89253688-7F57-4550-BA22-8A568D826420}D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{031F8DF3-1C71-422A-B6A7-CA53673C8334}D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\gog\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{6DB0C2D9-32FD-4C0C-AF2E-995D7786CC16}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{DA97D99F-339E-467F-ABFC-E141CC09A299}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{13366C8C-7C02-42CE-BF39-0E76516D6250}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{D529CAAF-C031-454B-A4E2-7F8D187B4C4D}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{45571C24-6995-4C2E-A693-6BD898AACABB}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Camera Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{66DE1A0E-9568-417F-AD7D-46C5F15F572F}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{D0B5AF47-37C5-408A-883F-AA70B016B0F2}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Recorder.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{3A422DAB-37D2-4DA9-A10C-BEDD7957B947}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DomainNameChecker.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{A6C8EE14-817B-4ED6-A9E9-6837C64A1395}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{5C30440C-1208-4F62-98BC-0436748D9C79}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\LiveDemo\DemoCreator LiveDemo.exe (Wondershare Technology Group Co.,Ltd -> wondershare kx)
FirewallRules: [{B5CEFF64-1C1B-4377-9030-47E28A0CC224}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{1FCBA979-B3E4-4AA9-B5B2-6F666CE0636C}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Spark.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{CD6BEB85-E029-4B36-975D-226EFB770245}] => (Allow) C:\Program Files\Wondershare\Wondershare DemoCreator Spark\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{1E612EB4-34F6-4F76-B400-8682EDA34247}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Wsid Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{96E9E82C-B2B3-4F88-82EB-150AD089DB19}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Camera Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{84491B60-C8DC-4C33-B566-EE502C1725E7}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{2E14631E-7AF6-43D0-AC28-4292C2C1C1AD}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Recorder.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{6B899995-9285-43C7-88B7-7E1FC39344BF}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DomainNameChecker.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{38BC13D2-2538-4CD2-8354-0CE128F4A9FF}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\DemoCreator Core UX Service.exe (Wondershare Technology Group Co.,Ltd -> )
FirewallRules: [{6A53BBBE-C3A9-4809-BFFE-0B65B5C29639}] => (Allow) D:\Wondershare\Wondershare\Wondershare DemoCreator (Deutsch)\LiveDemo\DemoCreator LiveDemo.exe (Wondershare Technology Group Co.,Ltd -> wondershare kx)
FirewallRules: [{9035E80F-81C9-4D21-BA96-43C883FDF268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{F591F2BA-0003-4740-AA5F-AAD1E4A4CA6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve Corp. -> )
FirewallRules: [{7CDF4821-0C01-415F-9F92-4B9682E2E038}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{EBFF9745-49A5-4684-8C10-23B0EC0ED0C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{1E52B262-CC6B-434C-9597-0C6506C4903C}C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{270FBA6B-77BE-4D3D-869F-BC580EB7A0F2}C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.35.0\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [{F3D1D34B-C210-4C53-9E97-360AA7511A55}] => (Allow) D:\SteamLibrary\steamapps\common\Slay the Princess\SlaythePrincess.exe () [File not signed]
FirewallRules: [{ED2EC936-89A2-47F4-986B-04DB33133AFC}] => (Allow) D:\SteamLibrary\steamapps\common\Slay the Princess\SlaythePrincess.exe () [File not signed]
FirewallRules: [{0448984A-0F97-4063-A2AF-713CADE50BA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ScarletHollow\ScarletHollow.exe () [File not signed]
FirewallRules: [{2A762EE4-E7ED-4035-99B0-D24EEF78FBD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ScarletHollow\ScarletHollow.exe () [File not signed]
FirewallRules: [{3489DC9E-8431-47EC-AC9B-C0C149631C77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RoboQuest\RoboQuest.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{67394401-FBA4-4A34-B75A-ED520692C0D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RoboQuest\RoboQuest.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{6360AC58-6AE2-4C7D-9616-D66E8474E15D}C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{CEFB4B4B-12B1-4403-9950-B5871BA3674E}C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\roboquest\roboquest\binaries\win64\roboquest-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{6349A254-F041-457E-B8C5-AC627B620749}D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe => No File
FirewallRules: [UDP Query User{ACF63D3C-4E54-4282-B6C6-F8C8A55514DA}D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\ghostrunner demo\ghostrunner\binaries\win64\ghostrunner-win64-shipping.exe => No File
FirewallRules: [{3915C062-EC75-4060-9BE4-D2730292C5BC}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C230A0D2-9749-4A55-AB6E-0A831CB48A9B}] => (Allow) D:\SteamLibrary\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{4CFDCC44-5039-4978-A516-02ABE180FFCB}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{6D4827EA-8281-4F32-BC6F-7AD1061F9BEA}D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) D:\steamlibrary\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{F91EBADF-EEB2-41DB-B206-9E7C5146C8EA}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6679E165-B2CD-42D2-93D4-1C4C12731C25}] => (Allow) D:\SteamLibrary\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{FC2C7AE3-AF8D-46BD-A0EC-C623FF7A61B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dave the Diver\DaveTheDiver.exe (NEXON Korea Corporation. -> )
FirewallRules: [{8255833D-60E4-4C7E-8FA6-F6AC86753CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dave the Diver\DaveTheDiver.exe (NEXON Korea Corporation. -> )
FirewallRules: [{39E80803-77E0-4700-9659-968DCE780C19}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{8C5234E3-502D-451B-B5D8-B1E5430C3513}] => (Allow) D:\SteamLibrary\steamapps\common\Hollow Knight\hollow_knight.exe () [File not signed]
FirewallRules: [{C33C4C10-190E-4C5D-8AE0-D1811E5B0BEB}] => (Allow) D:\SteamLibrary\steamapps\common\Detroit Become Human\DetroitBecomeHuman.exe () [File not signed]
FirewallRules: [{8B303A54-248F-45EC-BA06-9450B8411726}] => (Allow) D:\SteamLibrary\steamapps\common\Detroit Become Human\DetroitBecomeHuman.exe () [File not signed]
FirewallRules: [{AAAB25A6-35CE-4525-95F0-2D731FFE502D}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{DE3A14C0-A24A-4D6B-8AAB-867E6BA5888E}] => (Allow) D:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{5660A261-1810-47D2-BDF2-650E2E743C4C}] => (Allow) D:\SteamLibrary\steamapps\common\Skul\Skul.exe () [File not signed]
FirewallRules: [{1E80B554-EED0-492D-99B6-1643828EBD86}] => (Allow) D:\SteamLibrary\steamapps\common\Skul\Skul.exe () [File not signed]
FirewallRules: [{0FEDC5E0-308A-4DB1-A3A4-3937493F3011}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1556A106-A253-47C0-B7BE-07E51DC6F05A}] => (Allow) D:\SteamLibrary\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{D10EED90-E046-49DF-B43E-968701353BF7}] => (Allow) D:\SteamLibrary\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{166E2F03-2C61-418F-A145-82CF9D20EBF1}] => (Allow) D:\SteamLibrary\steamapps\common\XCOM 2\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{B5134261-D090-4AF1-9CB0-D0BEF8C94214}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{A2D09089-87A7-4D91-BD41-C2C768CC5107}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\game\bin\win64\cs2.exe (Valve Corp. -> )
FirewallRules: [{5A695BBF-440E-4A2A-A8A2-D572ECC4A101}] => (Allow) D:\SteamLibrary\steamapps\common\EYE\EYE.exe () [File not signed]
FirewallRules: [{0F547ED1-60F1-4982-9E67-1610E9BAF35A}] => (Allow) D:\SteamLibrary\steamapps\common\EYE\EYE.exe () [File not signed]
FirewallRules: [TCP Query User{3F97B547-84B9-49B0-937F-A165F7724CA4}C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [UDP Query User{54D5C5FD-1B9C-4145-8E6A-55C1F3BBF610}C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe] => (Allow) C:\users\paulm\appdata\local\tidal\app-2.36.2\tidal.exe (TIDAL Music AS -> TIDAL Music AS)
FirewallRules: [{655A3982-BC78-48D5-9800-AA1623B61E63}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{8C15DD12-0A6B-42A3-8F93-B91BDFF4D384}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2620A287-5AE8-4DCC-A517-4F28D8A3F9BB}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{F0FF869B-30EA-4453-A29A-861385887EA8}] => (Allow) D:\SteamLibrary\steamapps\common\Hellblade\HellbladeGame\Binaries\Win64\HellbladeGame-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{B862C789-7DA9-4DB9-93CF-1E3B642BBB6E}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG  sp. z o.o -> GOG.com)
FirewallRules: [{867966C4-685B-4880-B28C-25413EAB031D}] => (Allow) D:\SteamLibrary\steamapps\common\The Witcher 3\REDprelauncher.exe (GOG  sp. z o.o -> GOG.com)
FirewallRules: [{FD4DA9EB-0F65-4426-8437-9E87BAEB1AB1}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{720EEC5B-7659-48F5-B65A-B5D41AAC9E1B}] => (Allow) D:\SteamLibrary\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{1BA40A33-4EB6-45D8-8E1F-DF89BDA2AB11}] => (Allow) D:\SteamLibrary\steamapps\common\ARMORED CORE VI FIRES OF RUBICON\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{5AC6CE6C-5637-4EC0-B3CC-0BFA0377D53B}] => (Allow) D:\SteamLibrary\steamapps\common\ARMORED CORE VI FIRES OF RUBICON\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{D5979AA1-C9FC-4D5B-8439-7D709D928C66}] => (Allow) D:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{7D9DF2D3-2936-4B4C-B0B2-8C1EFDF0A81E}] => (Allow) D:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe (DONTNOD Entertainment) [File not signed]
FirewallRules: [{D14EB02E-F54F-44B7-9AB9-84A37D5D778C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chrono Trigger\Chrono Trigger.exe (SQUARE ENIX CO., LTD. -> Square Enix)
FirewallRules: [{E975DAEC-8CE5-424B-AE0B-1C9DEF2FEFE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chrono Trigger\Chrono Trigger.exe (SQUARE ENIX CO., LTD. -> Square Enix)
FirewallRules: [{4A743622-F9E5-4F3F-85E0-4B9561AE1BC7}] => (Allow) D:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{5DA7785E-5AFF-45AA-BC56-0425204BE0F6}] => (Allow) D:\SteamLibrary\steamapps\common\ELDEN RING\Game\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [TCP Query User{ADA7C5BE-3B06-4A23-8CEE-729D909AB90F}C:\program files (x86)\updf\updf.exe] => (Block) C:\program files (x86)\updf\updf.exe (Superace Software Technology Co., Ltd. -> Superace Software Technology Co., Ltd.)
FirewallRules: [UDP Query User{3357C044-C137-44BD-BE04-C0EA4FA8D2FF}C:\program files (x86)\updf\updf.exe] => (Block) C:\program files (x86)\updf\updf.exe (Superace Software Technology Co., Ltd. -> Superace Software Technology Co., Ltd.)
FirewallRules: [{AA034544-4C98-4A8A-94F8-6ED3D6F322A2}] => (Allow) C:\Program Files (x86)\Camo Studio\CamoStudio.exe (Reincubate Limited -> Reincubate)
FirewallRules: [{9A578876-D38D-4E4A-B522-7AC5966CE206}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers 2\bin\helldivers2.exe (Arrowhead Game Studios AB -> Arrowhead Game Studios AB)
FirewallRules: [{EE33C022-79DF-400F-B3F1-6815D6C8E1CB}] => (Allow) D:\SteamLibrary\steamapps\common\Helldivers 2\bin\helldivers2.exe (Arrowhead Game Studios AB -> Arrowhead Game Studios AB)
FirewallRules: [{7460ADB0-4D2B-4973-8347-1D894B90C061}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D63B7CAD-F7FB-466F-B06C-E22766195545}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D647DDED-0AE3-46FE-9495-188E8956735A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4F15D9B-FB65-4FB3-9B83-DFD2DC101F9D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.116.3213.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{918EBAFD-F1A6-44AB-854A-41F559C8E6AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CF6A2022-E2B2-49F4-85F8-C34713738293}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A564F3CB-E546-495A-BF90-3D1A2D8E0E86}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9DEA931F-4115-470E-8392-C6624E4A7DF3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{874242E6-D148-40B2-81C6-D7054D271BD5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DA85F28C-C304-4331-A7DD-D7E2A498E55C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{DDA0A0EA-C3DD-45DA-8B22-BC9A0976CB2F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C4A68191-E894-4C0C-9AFF-B1F8CB71ECEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9A51AA4E-0F88-4F59-AC0B-9BC101BC5A66}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{505D3114-0262-4A62-B540-E94BD30485EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.235.663.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E4F461D4-D94A-4942-AB14-452725FD72DC}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{AE7DF23A-35BA-47D5-8C50-662B3341D424}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
13-04-2024 06:52:06 Geplanter Prüfpunkt
 
==================== Faulty Device Manager Devices ============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/16/2024 03:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdobeCollabSync.exe, version: 24.2.20687.0, time stamp: 0x66170966
Faulting module name: AdobeCollabSync.exe, version: 24.2.20687.0, time stamp: 0x66170966
Exception code: 0xc0000409
Fault offset: 0x0000000000494b31
Faulting process ID: 0x2208
Faulting application start time: 0x01da900584ba052f
Faulting application path: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
Faulting module path: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
Report ID: 3cb67022-1c0c-4dec-aa2b-54600cb730d8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/16/2024 12:57:34 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NG833IV)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (04/16/2024 12:53:24 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" ---> System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed"
 
WRN: Protokollierung der Assemblybindung ist AUS.
Sie können die Protokollierung der Assemblybindungsfehler aktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!E...
 
Error: (04/15/2024 08:32:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
Error: (04/15/2024 08:12:41 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-NG833IV)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (04/15/2024 08:08:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
Error: (04/15/2024 08:08:34 AM) (Source: Freemake Improver) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" ---> System.IO.FileLoadException: Die Datei oder Assembly "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed" oder eine Abhängigkeit davon wurde nicht gefunden. Die gefundene Manifestdefinition der Assembly stimmt nicht mit dem Assemblyverweis überein. (Ausnahme von HRESULT: 0x80131040)
Dateiname: "Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed"
 
WRN: Protokollierung der Assemblybindung ist AUS.
Sie können die Protokollierung der Assemblybindungsfehler aktivieren, indem Sie den Registrierungswert [HKLM\Software\Microsoft\Fusion!E...
 
Error: (04/15/2024 07:58:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\paulm\AppData\Local\CapCut\Apps\CapCut.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_a863d714867441db.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5.manifest.
 
 
System errors:
=============
Error: (04/16/2024 12:53:25 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (04/16/2024 12:53:23 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the filename and path that caused the failure.
 
Error: (04/16/2024 12:48:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Energy Server Service queencreek service terminated with the following error: 
Debugger received RIP exception.
 
Error: (04/16/2024 12:48:32 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Energy Server Service queencreek service did not shut down properly after receiving a pre-shutdown control.
 
Error: (04/15/2024 08:08:35 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT-AUTORITÄT)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931
 
Error: (04/15/2024 08:08:33 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1096) (User: NT-AUTORITÄT)
Description: The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the filename and path that caused the failure.
 
Error: (04/15/2024 08:08:01 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NG833IV)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Nicht verfügbar" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/15/2024 08:07:56 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-NG833IV)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Nicht verfügbar" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Windows Defender:
================
Date: 2024-04-16 02:07:34
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Vollständige Überprüfung
 
Date: 2024-04-15 04:40:43
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Vollständige Überprüfung
 
Date: 2024-04-15 04:18:27
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung
 
Date: 2024-04-15 04:09:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Schnellüberprüfung
 
Date: 2024-04-15 00:17:44
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Keygen
Severity: Niedrig
Category: Potenziell unerwünschte Software
Path: containerfile:_C:\Users\paulm\Documents\VST\Bazzism.rar; containerfile:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar; containerfile:_C:\Users\paulm\Documents\VST\Serum.zip; file:_C:\Users\paulm\Documents\VST\Bazzism.rar->ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R/r2r-2596.rar->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.MacOSX.Incl.Keygen-R2R/r2r-2597.r02->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.1.b3.U
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: Benutzer
Process Name: Unknown
Security intelligence Version: AV: 1.409.255.0, AS: 1.409.255.0, NIS: 1.409.255.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Event[0]:
 
Date: 2024-04-15 07:58:55
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Bei Zugriff
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden. 
Reason: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
 
Date: 2024-04-15 07:57:47
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Bei Zugriff
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden. 
Reason: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
 
Date: 2024-03-18 16:06:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.407.492.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2024-03-18 16:06:14
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.407.492.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version: 
Previous Engine Version: 1.1.24020.9
Error code: 0x80070102
Error description: Der Wartevorgang wurde abgebrochen. 
 
Date: 2023-09-28 07:02:03
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Aktuell
Error Code: 0x80501102
Error description: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". 
Security intelligence Version: 1.397.1638.0;1.397.1638.0
Engine Version: 1.1.23080.2005
 
CodeIntegrity:
===============
Date: 2024-04-16 15:53:52
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\paulm\AppData\Local\Discord\app-1.0.9041\Discord.exe) attempted to load \Device\HarddiskVolume3\ProgramData\obs-studio-hook\graphics-hook32.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P1.50 09/03/2020
Motherboard: ASRock B460 Steel Legend
Processor: Intel® Core™ i7-10700F CPU @ 2.90GHz
Percentage of memory in use: 50%
Total physical RAM: 16314.16 MB
Available physical RAM: 8049.11 MB
Total Virtual: 38842.16 MB
Available Virtual: 27183.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:953.25 GB) (Free:48.86 GB) (Model: Patriot M.2 P300) NTFS
Drive d: (New Volume) (Fixed) (Total:1863 GB) (Free:613.33 GB) (Model: CT2000P3SSD8) NTFS
Drive e: (INTENSO) (Removable) (Total:7.49 GB) (Free:7.49 GB) FAT32
 
\\?\Volume{a414ce20-f078-4499-b493-9476e13a74b3}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{65b593e2-1ac6-4719-b1b1-31014ae85ca1}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 0232E55A)
Partition 1: (Active) - (Size=7.5 GB) - (Type=FAT32)
 
==================== End of Addition.txt =======================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 16 April 2024 - 09:42 AM

No problem, thank you.

Do you recognize this file?

C:\Users\paulm\Downloads\GJoIzv_XkAE9cPl.jfif

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it to your Desktop
  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan now
  • Uncheck any detected items you would to keep then click Next
  • If a Preinstalled software was found! screen appears review it if you'd like then click OK
  • Review the list of Preinstalled software and place a check mark in those you do not wish to keep
  • Click Quarantine, then Continue
  • When completed click View Log File
  • Copy and paste the contents in your reply
  • Close the AdwCleaner window
===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\paulm\AppData\Roaming\FHM
Folder: C:\Users\paulm\.nx
File: C:\Users\paulm\AppData\Roaming\OpenOffice Updater\Updater.exe
File: C:\Users\paulm\AppData\Local\TIDAL\app-2.36.2\resources\app.asar.unpacked\resources\win\TIDALPlayer.exe
HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\...\Run: [GalaxyClient] => [X] 
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X] <==== ATTENTION 
Task: {1C480066-EF63-41C0-833C-E5F73705D88B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File) 
U4 nxdeviced; no ImagePath 
AlternateDataStreams: C:\Users\paulm\AppData\Local\Temp:$DATA​ [16]
cmd: netsh winsock reset catalog
cmd: netsh int ip reset resetlog.txt
Reg: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg
C:\Firewall.reg
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
Removeproxy:
hosts:
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
Emptytemp:
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
  • Note: The Emptytemp: command will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
===================================================

Farbar Recovery Scan Tool SearchAll

--------------------
  • Right click on FRST and select Run as administrator
  • Copy/paste the following in the Search: box
SearchAll: Serum;BazzISM;Xfer
  • Click Search Files button
  • When completed click OK and a Search.txt document will open on your desktop
  • Zip and upload the file here
===================================================

Java Out of Date

--------------------

Java is known to have ongoing security concerns. If you know you don't need it, or even if you are unsure, I would recommend uninstalling it. If it is necessary in the future you will be alerted for the need to download it.

If you would rather have the program on your system skip the above and complete the Clean Install of Java Using JavaRa instructions here.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Recognize file?
  • AdwCleaner report
  • Fixlog
  • Search.txt
  • Java removed or updated?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#7 Xyneravyn

Xyneravyn
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 April 2024 - 10:36 AM

Dear Gary, thank you for your assistance!

 

I do recognize the file, it is just some bleepty meme I downloaded from Twitter a month ago, deleted it now. Also I deleted Java and rand the FCTS fix.

 

I submitted the search file and attached you will find the ADWlog and FIXlog.

 

Concerning the search files BazzISM should be legtit because it was an official purchase ... unless I downloaded something shady before that, i don't remember have been using legtimate Bazzism for a long time and don't remember getting any crack before. Xfer Serum was the software I was trying to crack when I got infected with the Trojan, however it is unlikely that the XFer files comprise the main malware payload even if they should be contaminated.

 

When downloading the related Crack, I bleeped up bad and was tricked by one of these fake download links on such shady sites which do not lead to the intendeed file but something else. I didn't noticed and downloaded and opened a password protected ZIP from that download. Since windows defender didn't alarm me about anything at this point and I thought I had the intended file, which several people on reddit said was legit and working for them, I was pretty inconspicuous and ran the contained .exe; when nothing happened I even ran it as an administrator. *facepalm*

 

Nothing in these file names was even related to Xfer or Serum, it was just some Malware package I suppose which gets linked on several of these shady download sides. The windows defender scan also showed some of the Xfer files as light threat, but the removed severe znyonm and wacatac files where different files which turned up before and have been removed since. 

 

Just in case that context helps. 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-16-2024
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.4291)
# Cleaned:  11
# Failed:   0
 
 
***** [ Services ] *****
 
Deleted       updater
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\Outbyte
Deleted       C:\Users\paulm\AppData\Roaming\OpenOffice Updater
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|OpenOffice Updater
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|OpenOffice Updater
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Updater
Deleted       HKCU\Software\OpenOffice Updater
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKLM\Software\Wow6432Node\Outbyte
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
Deleted       BlockSite - Stay Focused & Control Your Time - {dd3d7613-0246-469d-bc65-2a3cc1668adc}
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [2317 octets] - [16/04/2024 16:58:42]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 


 
SystemRestore: On => Error -> 5%
CreateRestorePoint: Error(1=5%) -> Failed to create a restore point.
Processes closed successfully.
 
========================= Folder: C:\Users\paulm\AppData\Roaming\FHM ========================
 
2024-04-13 17:44 - 2024-04-13 17:45 - 000053305 ____A [3D1BFEA27F302EB84E0F6F6F41815114] () C:\Users\paulm\AppData\Roaming\FHM\aerofoil.php
2024-04-13 17:44 - 2024-04-13 17:45 - 000854432 ____A [DDA5CADF8726E2B79F10EEBAB4D68110] (Mozilla Corporation -> Mozilla Foundation) [File not signed] C:\Users\paulm\AppData\Roaming\FHM\mozglue.dll
2024-04-13 17:44 - 2024-04-13 17:45 - 000578384 ____A [1BA6D1CF0508775096F9E121A24E5863] (Microsoft Windows Software Compatibility Publisher -> Microsoft Corporation) C:\Users\paulm\AppData\Roaming\FHM\msvcp140.dll
2024-04-13 17:44 - 2024-04-13 17:45 - 001388742 ____A [6BF4AA9411061BDF6363839C51217974] () C:\Users\paulm\AppData\Roaming\FHM\noggin.doc
2024-04-13 17:44 - 2024-04-13 17:45 - 000109440 ____A [49C96CECDA5C6C660A107D378FDFC3D4] (Microsoft Windows Software Compatibility Publisher -> Microsoft Corporation) C:\Users\paulm\AppData\Roaming\FHM\vcruntime140.dll
2024-04-13 17:44 - 2024-04-13 17:45 - 000049560 ____A [CF0A1C4776FFE23ADA5E570FC36E39FE] (Microsoft Windows Software Compatibility Publisher -> Microsoft Corporation) C:\Users\paulm\AppData\Roaming\FHM\vcruntime140_1.dll
 
====== End of Folder: ======
 
 
========================= Folder: C:\Users\paulm\.nx ========================
 
2023-06-20 14:56 - 2023-06-20 14:56 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\cache
2023-06-20 14:54 - 2024-04-11 18:50 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\config
2023-06-20 14:54 - 2023-06-20 14:54 - 000001108 ____A [9DF9363013353BDE70CE492926428646] () C:\Users\paulm\.nx\config\hosts.crt
2023-06-20 14:54 - 2024-04-11 18:50 - 000008586 ____A [237A5341990FF86BF8416C25937FB337] () C:\Users\paulm\.nx\config\player.cfg
2023-07-05 13:32 - 2023-07-05 13:32 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-10464-25A758264C3DDFC81ABB8C477E47A67D
2023-07-05 13:32 - 2023-07-05 13:32 - 000000123 ____A [027BCA36B9A3605E361260C27E6647FB] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-10464-25A758264C3DDFC81ABB8C477E47A67D\options
2023-07-05 13:32 - 2023-07-05 13:32 - 000001142 ____A [F8D1ACBF3DA66E3E4BE03E0DB80D873E] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-10464-25A758264C3DDFC81ABB8C477E47A67D\session
2023-07-27 14:40 - 2023-07-27 14:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-10983-007025E67B8244F547E08E542975517E
2023-07-27 14:40 - 2023-07-27 14:40 - 000000123 ____A [AE082EFC97FCD490E377185265080507] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-10983-007025E67B8244F547E08E542975517E\options
2023-07-27 14:40 - 2023-07-27 17:11 - 000001223 ____A [ACE0FA0C04F0174A66D8D49D87B7A71A] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-10983-007025E67B8244F547E08E542975517E\session
2024-02-16 16:01 - 2024-02-16 16:01 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11027-AB542ECE8EFE03299C018B2EC6ED9A38
2024-02-16 16:01 - 2024-02-16 16:01 - 000000123 ____A [68A8E5AD6EAB90B99E08727296B4AB7B] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11027-AB542ECE8EFE03299C018B2EC6ED9A38\options
2024-02-16 16:01 - 2024-02-16 16:01 - 000001152 ____A [F9666582D34CB3DAD4615FE042DBC2BE] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11027-AB542ECE8EFE03299C018B2EC6ED9A38\session
2024-04-09 13:46 - 2024-04-09 13:46 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11124-11A7AC465D48CC6D95A218999021ADFB
2024-04-09 13:46 - 2024-04-09 13:46 - 000001535 ____A [80C06ED521F1A9332BB284AE545543BC] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11124-11A7AC465D48CC6D95A218999021ADFB\session
2024-01-31 16:56 - 2024-01-31 16:56 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11552-D3DE37544882B9C7ADF5B78DF9D78CBC
2024-01-31 16:56 - 2024-01-31 16:56 - 000000123 ____A [CE70E8A18EF204550A030F0EACD1266A] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11552-D3DE37544882B9C7ADF5B78DF9D78CBC\options
2024-01-31 16:56 - 2024-01-31 16:56 - 000001152 ____A [28B4C1965CD4F5D52191C7180DDABF84] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-11552-D3DE37544882B9C7ADF5B78DF9D78CBC\session
2024-02-23 13:02 - 2024-02-23 13:02 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-13711-27921BD829C09141BF9CD7060DD31F39
2024-02-23 13:02 - 2024-02-23 13:02 - 000000123 ____A [388B43A1D92B8E2EA25642FA6DA449C7] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-13711-27921BD829C09141BF9CD7060DD31F39\options
2024-02-23 13:02 - 2024-02-23 13:02 - 000001142 ____A [B47022A690C4A56B052336512BDBFD09] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-13711-27921BD829C09141BF9CD7060DD31F39\session
2023-11-23 15:13 - 2023-11-23 15:13 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-13988-2EDAE79DCDADC5BE9EDFAD5BF469B799
2023-11-23 15:13 - 2023-11-23 15:13 - 000001524 ____A [67895B98BA75FD3C02585D9A64E473C4] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-13988-2EDAE79DCDADC5BE9EDFAD5BF469B799\session
2023-07-05 12:32 - 2023-07-05 12:32 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-14005-37BD966AE6D535A229CE1AF6D2700D9D
2023-07-05 12:32 - 2023-07-05 12:32 - 000000123 ____A [F0C6D06AC045E028F12496F8EF31FE31] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-14005-37BD966AE6D535A229CE1AF6D2700D9D\options
2023-07-05 12:32 - 2023-07-05 13:31 - 000001223 ____A [7D5DCBC3C9E5F7A98B7394581EF7F391] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-14005-37BD966AE6D535A229CE1AF6D2700D9D\session
2023-06-20 15:12 - 2023-06-20 15:12 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-1628-BE2481F8C7C1A7578C35EB9EA16F98C1
2023-06-20 15:12 - 2023-06-20 15:12 - 000005683 ____A [10A43B255184766004CC86F428C04764] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-1628-BE2481F8C7C1A7578C35EB9EA16F98C1\session
2024-02-26 12:57 - 2024-02-26 12:57 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-16684-428CF76AC32BE7F3C44D5D2979345BE8
2024-02-26 12:57 - 2024-02-26 12:57 - 000001524 ____A [B2032044A75A9D012BECE0EEA65AAEA2] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-16684-428CF76AC32BE7F3C44D5D2979345BE8\session
2023-07-03 14:47 - 2023-07-03 14:47 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-18512-7FF86C45A80625FF69BDA326C8DB9BCB
2023-07-03 14:47 - 2023-07-03 14:47 - 000001534 ____A [7DECE6B031D76A2112B3FD097882F957] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-18512-7FF86C45A80625FF69BDA326C8DB9BCB\session
2023-06-20 14:56 - 2023-06-20 14:56 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-19000-71C61AC3C0171C3A977D85BBFF66A66C
2023-06-20 14:56 - 2023-06-20 14:56 - 000001536 ____A [3B817BE86549C946A1A67F53FF4ED1E4] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-19000-71C61AC3C0171C3A977D85BBFF66A66C\session
2024-02-07 13:03 - 2024-02-07 13:03 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-19572-9CB68BD97E3A018BCCCDEB1E47564E19
2024-02-07 13:03 - 2024-02-07 13:03 - 000001536 ____A [A0462B4A1E858C7040099FEC4085F709] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-19572-9CB68BD97E3A018BCCCDEB1E47564E19\session
2024-02-19 14:18 - 2024-02-19 14:18 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-22848-9C0D1511CFA9498E609A22CBE79A4D45
2024-02-19 14:18 - 2024-02-19 14:18 - 000003939 ____A [641098C7BF0E6CA1FBD7CF31BBF9FEE0] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-22848-9C0D1511CFA9498E609A22CBE79A4D45\session
2024-02-19 14:18 - 2024-02-19 14:18 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-24152-2820D0264267D37DC4A8FD2AE8C6DF14
2024-02-19 14:18 - 2024-02-19 14:18 - 000001419 ____A [A4EE9A166A5F7DECDC94C8A05877C117] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-24152-2820D0264267D37DC4A8FD2AE8C6DF14\session
2024-02-22 14:43 - 2024-02-22 14:43 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-25132-1BD1DB1C87E6088359CC3314B5E996EB
2024-02-22 14:43 - 2024-02-22 14:43 - 000001524 ____A [97B9DB5E98EF1FDA886EEDA03F4A04EC] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-25132-1BD1DB1C87E6088359CC3314B5E996EB\session
2023-07-26 13:01 - 2023-07-26 13:01 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-29533-14BEE7A46010ADF4FEA2948FF4B91D6C
2023-07-26 13:01 - 2023-07-26 13:01 - 000000123 ____A [B6440794070CC1C79EBCBC49949FE400] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-29533-14BEE7A46010ADF4FEA2948FF4B91D6C\options
2023-07-26 13:01 - 2023-07-26 21:40 - 000001212 ____A [683DEC944D48BA8170BB23BC155C2CC6] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-29533-14BEE7A46010ADF4FEA2948FF4B91D6C\session
2023-07-03 14:47 - 2023-07-03 14:47 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-30456-A1D4075519DB43EF5FDA55EC0703ED3D
2023-07-03 14:47 - 2023-07-03 14:47 - 000000123 ____A [0901D4E8AF6FAB5B99540D46F6921E6B] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-30456-A1D4075519DB43EF5FDA55EC0703ED3D\options
2023-07-03 14:47 - 2023-07-04 11:53 - 000001212 ____A [6041544F1B4C34A5E994C03E9394021A] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-30456-A1D4075519DB43EF5FDA55EC0703ED3D\session
2024-03-12 17:17 - 2024-03-12 17:17 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-3320-FCBA254C6EC22502F840139F47FBB6EC
2024-03-12 17:17 - 2024-03-12 17:17 - 000001523 ____A [E51F0465CB363A451D3E614C14638C09] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-3320-FCBA254C6EC22502F840139F47FBB6EC\session
2024-04-09 13:46 - 2024-04-09 13:46 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-34487-11A7AC465D48CC6D95A218999021ADFB
2024-04-09 13:46 - 2024-04-09 13:46 - 000000123 ____A [00742D27EE9B914890358B9D963D2D8B] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-34487-11A7AC465D48CC6D95A218999021ADFB\options
2024-04-09 13:46 - 2024-04-09 13:46 - 000001152 ____A [D2E5768743C2DDECC965E3D08F207947] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-34487-11A7AC465D48CC6D95A218999021ADFB\session
2024-02-01 17:01 - 2024-02-01 17:01 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-34811-7684A1F9C8F03CC2F89B89DB831B7E9F
2024-02-01 17:01 - 2024-02-01 17:01 - 000000123 ____A [D8595EC618B700D9FE9B3F6C58811FA7] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-34811-7684A1F9C8F03CC2F89B89DB831B7E9F\options
2024-02-01 17:01 - 2024-02-01 17:01 - 000001162 ____A [7EAE018A78EB52827B890B0DCC6638A5] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-34811-7684A1F9C8F03CC2F89B89DB831B7E9F\session
2024-01-23 16:53 - 2024-01-23 16:53 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-35058-2682541F37D6082B15A942AE607C0B9F
2024-01-23 16:53 - 2024-01-23 16:53 - 000000123 ____A [A1C9EFB849BF5481092C7529D7D769A5] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-35058-2682541F37D6082B15A942AE607C0B9F\options
2024-01-23 16:53 - 2024-01-23 16:57 - 000001212 ____A [CCD051F4F9CDA66DAEEFC5AA776F9A00] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-35058-2682541F37D6082B15A942AE607C0B9F\session
2024-04-10 12:03 - 2024-04-10 12:03 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-36778-932EEF775778A7CA0C437401A0F75A03
2024-04-10 12:03 - 2024-04-10 12:03 - 000000123 ____A [1923599DD8D2C12DD90B3B9D83D6B52D] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-36778-932EEF775778A7CA0C437401A0F75A03\options
2024-04-10 12:03 - 2024-04-10 13:42 - 000001201 ____A [5DFEE9DD63F93E406C3B09694BD93AC4] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-36778-932EEF775778A7CA0C437401A0F75A03\session
2023-06-21 13:54 - 2023-06-21 13:54 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-39002-029F7BDF0C757003A27B2451271C6B69
2023-06-21 13:54 - 2023-06-21 13:54 - 000000123 ____A [796EC3FFD63A738B24ED02AC6BC53E4E] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-39002-029F7BDF0C757003A27B2451271C6B69\options
2023-06-21 13:54 - 2023-06-21 19:50 - 000001223 ____A [8FC96AFB62C751C336726EA8A3D7D962] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-39002-029F7BDF0C757003A27B2451271C6B69\session
2023-07-27 14:40 - 2023-07-27 14:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-4160-1D220236A36B5AEF7E1661589609115D
2023-07-27 14:40 - 2023-07-27 14:40 - 000005591 ____A [5448144BD287836C0C1DC811AC8A1BD5] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-4160-1D220236A36B5AEF7E1661589609115D\session
2024-01-31 16:56 - 2024-01-31 16:56 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-44272-6180E90222D380ED4FE3BB0783BC2BE9
2024-01-31 16:56 - 2024-01-31 16:56 - 000001536 ____A [7CD3E2260C24D6732255D50B82B559BD] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-44272-6180E90222D380ED4FE3BB0783BC2BE9\session
2024-01-23 16:53 - 2024-01-23 16:53 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-4840-EF5F3C308C33706D09BC689BB6DF6246
2024-01-23 16:53 - 2024-01-23 16:53 - 000001510 ____A [17977D80C2AEBE636307F2E8955C23F2] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-4840-EF5F3C308C33706D09BC689BB6DF6246\session
2024-02-14 13:07 - 2024-02-14 13:07 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-4980-B8700F4461E17DF2F8EB43B58A448153
2024-02-14 13:07 - 2024-02-14 13:07 - 000001524 ____A [ECFF250884553B3989A573A9CC6A63D7] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-4980-B8700F4461E17DF2F8EB43B58A448153\session
2024-03-25 18:48 - 2024-03-25 18:48 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-5208-4B1106621190765C055797201FFE92BF
2024-03-25 18:48 - 2024-03-25 18:48 - 000001522 ____A [BA0C80B889E1B912A7731B1903CA8027] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-5208-4B1106621190765C055797201FFE92BF\session
2024-02-16 16:01 - 2024-02-16 16:01 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-66620-8103B1F41C131F0D3B9F4D4EF91F1428
2024-02-16 16:01 - 2024-02-16 16:01 - 000001536 ____A [807C661A7BBCC80EE6828DAD76FB7714] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-66620-8103B1F41C131F0D3B9F4D4EF91F1428\session
2023-07-27 14:40 - 2023-07-27 14:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-7448-8FF6CE97E862480BA01DABAA273C49FD
2023-07-27 14:40 - 2023-07-27 14:40 - 000001395 ____A [4ED61E347E3FB962FD8AD05F8C26AE65] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-7448-8FF6CE97E862480BA01DABAA273C49FD\session
2023-11-15 14:54 - 2023-11-15 14:54 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-7504-8A4A8AC61CE57EB428BE3CA7E17992C2
2023-11-15 14:54 - 2023-11-15 14:54 - 000001512 ____A [855AE2C350E091934155395BFC5C50B3] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-7504-8A4A8AC61CE57EB428BE3CA7E17992C2\session
2023-07-25 12:06 - 2023-07-25 12:06 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8176-C31CEF91245F1413263E2A72A5A39657
2023-07-25 12:06 - 2023-07-25 12:06 - 000001512 ____A [E8F6BB33D76B6C3A960AA51CF61220D9] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8176-C31CEF91245F1413263E2A72A5A39657\session
2024-03-25 18:48 - 2024-03-25 18:48 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8209-BC0E7C6FC579C2F1EF241BCB95D09C07
2024-03-25 18:48 - 2024-03-25 18:48 - 000000121 ____A [AE2B0E7B226E0A3D57C82869A439AD41] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8209-BC0E7C6FC579C2F1EF241BCB95D09C07\options
2024-03-25 18:48 - 2024-03-26 05:51 - 000001200 ____A [B11C8C7509B9A8CE9AF827C2225CF808] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8209-BC0E7C6FC579C2F1EF241BCB95D09C07\session
2023-11-22 14:09 - 2023-11-22 14:09 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8239-9532811EF7C633F03409CC3C1A18623C
2023-11-22 14:09 - 2023-11-22 14:09 - 000000121 ____A [80CA6D19D5279407358CE9ED10697D21] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8239-9532811EF7C633F03409CC3C1A18623C\options
2023-11-22 14:09 - 2023-11-22 14:09 - 000001142 ____A [816CDEEAC1AB80810BE33C9E5AA0A337] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-8239-9532811EF7C633F03409CC3C1A18623C\session
2023-11-13 12:54 - 2023-11-13 12:54 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-856-7851AD06D97C8D1A3BCB2F2C6621D2A0
2023-11-13 12:54 - 2023-11-13 12:54 - 000001512 ____A [D15CB84DF63307BDE8C94BC03A3714A3] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-856-7851AD06D97C8D1A3BCB2F2C6621D2A0\session
2023-11-20 14:57 - 2023-11-20 14:57 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-9144-8476002B97C026299BB354CA8A21BC6C
2023-11-20 14:57 - 2023-11-20 14:57 - 000001510 ____A [E5423098F7C78FC6DC7861BFDA370F26] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-9144-8476002B97C026299BB354CA8A21BC6C\session
2023-06-20 15:12 - 2023-06-20 15:12 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\M-DESKTOP-NG833IV-9424-B32413F6661C8A63DDE10754FA40DC2B
2023-06-20 15:12 - 2023-06-20 15:12 - 000005690 ____A [2BC9591D8FEDB3FF4184694065CED7E7] () C:\Users\paulm\.nx\M-DESKTOP-NG833IV-9424-B32413F6661C8A63DDE10754FA40DC2B\session
2023-06-20 15:03 - 2024-04-11 16:04 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice
2024-02-14 13:12 - 2024-02-14 13:12 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36023-CB9859FBD2BADA5E5B81AEA8D4A9FF54
2024-02-14 13:12 - 2024-02-14 13:12 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36023-CB9859FBD2BADA5E5B81AEA8D4A9FF54\disk
2024-02-14 13:12 - 2024-02-14 13:12 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36023-CB9859FBD2BADA5E5B81AEA8D4A9FF54\printer
2024-02-26 14:27 - 2024-02-26 14:27 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36037-599FD3657BE2C328A0AB3C808728D8AB
2024-02-26 14:27 - 2024-02-26 14:27 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36037-599FD3657BE2C328A0AB3C808728D8AB\disk
2024-02-26 14:27 - 2024-02-26 14:27 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36037-599FD3657BE2C328A0AB3C808728D8AB\printer
2024-02-26 12:59 - 2024-02-26 12:59 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36048-F5173551C8C268DF3E92E4A1B87C27D9
2024-02-26 12:59 - 2024-02-26 12:59 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36048-F5173551C8C268DF3E92E4A1B87C27D9\disk
2024-02-26 12:59 - 2024-02-26 12:59 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\nxdevice\P-36048-F5173551C8C268DF3E92E4A1B87C27D9\printer
2024-01-31 16:56 - 2024-02-01 08:18 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-102976-B7D61670233C8FEF3A5BEFA0BDC48F56
2024-01-31 16:56 - 2024-02-01 08:18 - 000002350 ____A [85F1469B16FA82882303379318BA8197] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-102976-B7D61670233C8FEF3A5BEFA0BDC48F56\session
2024-02-01 17:17 - 2024-02-03 03:23 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-103660-AE7E225A6C7E09C654E71D18492B999A
2024-02-01 17:17 - 2024-02-03 03:23 - 000001902 ____A [D9B7082407E1E48C80B1F2C6542C5901] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-103660-AE7E225A6C7E09C654E71D18492B999A\session
2024-01-23 16:53 - 2024-01-23 16:53 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-10384-B3C704C29AC8D602572A5C7ED2834E69
2024-01-23 16:53 - 2024-01-23 16:53 - 000012580 ____A [31C6E768751B708074B065CE099559A9] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-10384-B3C704C29AC8D602572A5C7ED2834E69\connection
2024-01-23 16:53 - 2024-01-23 16:53 - 000000402 ____A [643AE4FFD5AD1FDB6E6D58619DF0F8AD] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-10384-B3C704C29AC8D602572A5C7ED2834E69\options
2024-01-23 16:53 - 2024-01-23 16:57 - 000007944 ____A [BF3AC3A1618B1C8A546845C0E9EB4DE5] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-10384-B3C704C29AC8D602572A5C7ED2834E69\session
2024-04-09 13:46 - 2024-04-10 03:35 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-11096-0908311C7CA9D70C0F11217D1724E2B9
2024-04-09 13:46 - 2024-04-10 03:35 - 000002053 ____A [A6656129944DCC5A246DDA28B4D91CAD] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-11096-0908311C7CA9D70C0F11217D1724E2B9\session
2024-02-23 13:02 - 2024-02-23 21:02 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-11160-8B415DD26E3FB2055734582A3F5AF8BF
2024-02-23 13:02 - 2024-02-23 21:02 - 000002602 ____A [8BBB7CACA6E7ABFC06F621159E61060E] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-11160-8B415DD26E3FB2055734582A3F5AF8BF\session
2024-02-26 14:27 - 2024-02-26 14:27 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-12044-E5FA47679DC945EBA35F95EED802D66D
2024-02-26 14:27 - 2024-02-26 14:27 - 000013630 ____A [9224863F5C4E98DD19BE915C02FE79C3] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-12044-E5FA47679DC945EBA35F95EED802D66D\connection
2024-02-26 14:27 - 2024-02-26 14:27 - 000000402 ____A [763DCD2030383D35FC2FB8D695115BAE] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-12044-E5FA47679DC945EBA35F95EED802D66D\options
2024-02-26 14:27 - 2024-02-26 17:03 - 000008908 ____A [8F7E6D5C8108567F7BE2B38143145AF2] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-12044-E5FA47679DC945EBA35F95EED802D66D\session
2023-07-27 14:57 - 2023-07-27 17:11 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-12120-73CA4E7889DAD587BEDD991F2BE1BE22
2023-07-27 14:57 - 2023-07-27 17:11 - 000002614 ____A [48896BB2FC50D55B5CC8DC6722409FA2] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-12120-73CA4E7889DAD587BEDD991F2BE1BE22\session
2023-06-21 13:54 - 2023-06-21 19:50 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-13468-A809A0432E6CD975EE72DC31549CF52B
2023-06-21 13:54 - 2023-06-21 19:50 - 000003379 ____A [67903082EDD7CFDF9ED9558D1D353067] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-13468-A809A0432E6CD975EE72DC31549CF52B\session
2024-03-25 18:48 - 2024-03-26 05:51 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-13472-225C3AC5349D1E6548036BD938AB02E7
2024-03-25 18:48 - 2024-03-26 05:51 - 000002888 ____A [7CA4810B6B9066FDDDCF0A895E63C001] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-13472-225C3AC5349D1E6548036BD938AB02E7\session
2023-07-05 13:32 - 2023-07-05 20:21 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-14256-5FE619D9BE245EF6A4D9E89A7461C665
2023-07-05 13:32 - 2023-07-05 20:21 - 000002469 ____A [E225D896ADF5136F6090AE2A0CE4381B] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-14256-5FE619D9BE245EF6A4D9E89A7461C665\session
2024-04-10 12:03 - 2024-04-10 13:42 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-19532-B8C7DD42D1CB006E2ED7C06AFCA05B8A
2024-04-10 12:03 - 2024-04-10 13:42 - 000002594 ____A [7212C8103A19003618FA955361A9FA86] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-19532-B8C7DD42D1CB006E2ED7C06AFCA05B8A\session
2023-07-05 12:32 - 2023-07-05 13:31 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-19624-CBC604A8A80B0EFF4F95DBCB39E1E205
2023-07-05 12:32 - 2023-07-05 13:31 - 000002303 ____A [A1EEDA3A5F7FB909908C4FD890AD70DF] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-19624-CBC604A8A80B0EFF4F95DBCB39E1E205\session
2023-07-26 18:48 - 2023-07-26 21:40 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-19904-C5FE80EEB28B304195AACC39FD4D0C06
2023-07-26 18:48 - 2023-07-26 21:40 - 000001865 ____A [D898E0AD0416FB4135C7B78811702B41] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-19904-C5FE80EEB28B304195AACC39FD4D0C06\session
2024-02-26 12:59 - 2024-02-26 12:59 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-20676-9AD6C1F2E9DB3D653E235FCB687BB09F
2024-02-26 12:59 - 2024-02-26 12:59 - 000013421 ____A [1CA61116C58C8073198BC3C6727C3B3B] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-20676-9AD6C1F2E9DB3D653E235FCB687BB09F\connection
2024-02-26 12:59 - 2024-02-26 12:59 - 000000402 ____A [2B1241F4B37A3CD5090A75B8D824999D] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-20676-9AD6C1F2E9DB3D653E235FCB687BB09F\options
2024-02-26 12:59 - 2024-02-26 14:27 - 000008233 ____A [25F086FE675E774B86FB9BA6958FC537] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-20676-9AD6C1F2E9DB3D653E235FCB687BB09F\session
2024-04-10 12:06 - 2024-04-10 12:06 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-22492-B4A94CC21862DFE2A017555124253A4C
2024-04-10 12:06 - 2024-04-10 12:06 - 000012436 ____A [BE96058FD3D3429CB717C09EE966B405] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-22492-B4A94CC21862DFE2A017555124253A4C\connection
2024-04-10 12:06 - 2024-04-10 12:06 - 000000402 ____A [A9BB46268A426C9985FE6B97846253CC] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-22492-B4A94CC21862DFE2A017555124253A4C\options
2024-04-10 12:06 - 2024-04-10 13:42 - 000008424 ____A [732C7C68B0C02BA938716F59E518662D] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-22492-B4A94CC21862DFE2A017555124253A4C\session
2023-07-03 14:47 - 2023-07-04 11:53 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-22916-21D5D08286450F32112B437D213F9A49
2023-07-03 14:47 - 2023-07-04 11:53 - 000003000 ____A [CC3F348DFFEE64E15F4861A6983D2BE0] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-22916-21D5D08286450F32112B437D213F9A49\session
2023-11-22 14:09 - 2023-11-23 04:06 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-2604-6B3FE18D037D39207E2319E9C95A5CA5
2023-11-22 14:09 - 2023-11-23 04:06 - 000002301 ____A [739DB9D553AAAC4B6A350F52EFB8B78B] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-2604-6B3FE18D037D39207E2319E9C95A5CA5\session
2024-02-23 13:03 - 2024-02-23 21:02 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-27184-15A679D784C7BE26A0A05FA60F297392
2024-02-23 13:03 - 2024-02-23 13:03 - 000008378 ____A [0696061DBB9E47DE6912D1AC6BEB7185] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-27184-15A679D784C7BE26A0A05FA60F297392\connection
2024-02-23 13:03 - 2024-02-23 21:02 - 000003944 ____A [ABA0E5F2EBA3CD80C845A80AF100B808] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-27184-15A679D784C7BE26A0A05FA60F297392\session
2024-02-16 16:01 - 2024-02-17 00:55 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-3332-BA95EEBF1DAD0ACB3C683DE3BE5AE255
2024-02-16 16:01 - 2024-02-17 00:55 - 000002033 ____A [8131C9A42A5508C2D52D8FB7F335DB4F] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-3332-BA95EEBF1DAD0ACB3C683DE3BE5AE255\session
2024-01-23 16:53 - 2024-01-23 16:57 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-5168-67697A831998E8A1B4A9270C294D63A0
2024-01-23 16:53 - 2024-01-23 16:57 - 000002097 ____A [5F09406FC83D52A1FE752EA408B5215E] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-5168-67697A831998E8A1B4A9270C294D63A0\session
2024-02-14 13:12 - 2024-02-14 13:12 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-8840-D5199072D87322F615736BC226A50509
2024-02-14 13:12 - 2024-02-14 13:12 - 000012561 ____A [9B30B4B1511E2674C7E701D691B84748] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-8840-D5199072D87322F615736BC226A50509\connection
2024-02-14 13:12 - 2024-02-14 13:12 - 000000402 ____A [B08C0794152341F28A9E489A90FF3667] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-8840-D5199072D87322F615736BC226A50509\options
2024-02-14 13:12 - 2024-02-14 19:59 - 000008739 ____A [AF42504D1DD3C007756C10797339A035] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-8840-D5199072D87322F615736BC226A50509\session
2023-07-27 15:13 - 2023-07-27 15:13 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\R-DESKTOP-NG833IV-9916-6180E90222D380ED4FE3BB0783BC2BE9
2023-07-27 15:13 - 2023-07-27 15:13 - 000012716 ____A [1EA84471D22FC04908C711F2D0B445E3] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-9916-6180E90222D380ED4FE3BB0783BC2BE9\connection
2023-07-27 15:13 - 2023-07-27 15:13 - 000000402 ____A [6AF3F731D75B629A6BA92902D799A32E] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-9916-6180E90222D380ED4FE3BB0783BC2BE9\options
2023-07-27 15:13 - 2023-07-27 17:11 - 000007661 ____A [7E754A6F21BA9B55F6D075632498509B] () C:\Users\paulm\.nx\R-DESKTOP-NG833IV-9916-6180E90222D380ED4FE3BB0783BC2BE9\session
2023-06-20 14:54 - 2023-06-20 14:56 - 000000000 ____D [00000000000000000000000000000000] C:\Users\paulm\.nx\temp
2023-06-20 14:54 - 2024-04-11 18:50 - 000000004 ____A [2542B79651FAB56D0EBFFF75A0FDF7BE] () C:\Users\paulm\.nx\temp\client.db
2023-06-20 14:56 - 2023-06-20 14:56 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\paulm\.nx\temp\instance.lock
2023-06-20 14:56 - 2024-04-09 13:46 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\paulm\.nx\temp\update.lock
 
====== End of Folder: ======
 
 
========================= File: C:\Users\paulm\AppData\Roaming\OpenOffice Updater\Updater.exe ========================
 
"C:\Users\paulm\AppData\Roaming\OpenOffice Updater\Updater.exe" => not found
====== End of File: ======
 
 
========================= File: C:\Users\paulm\AppData\Local\TIDAL\app-2.36.2\resources\app.asar.unpacked\resources\win\TIDALPlayer.exe ========================
 
C:\Users\paulm\AppData\Local\TIDAL\app-2.36.2\resources\app.asar.unpacked\resources\win\TIDALPlayer.exe
File is digitally signed
MD5: C7F20B9AF7FFB4854A258E80E495970A
Creation and modification date: 2024-01-16 17:41 - 2024-01-16 17:41
Size: 001286472
Attributes: ----A
Company Name: TIDAL Music AS -> TIDAL Music AS
Internal Name: 
Original Name: 
Product: TIDAL
Description: 
File Version: 3.1.4.0
Product Version: 3.1.4.0
Copyright: Copyright © 2017 TIDAL Music AS
 
====== End of File: ======
 
"HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz148 => removed successfully
cpuz148 => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C480066-EF63-41C0-833C-E5F73705D88B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C480066-EF63-41C0-833C-E5F73705D88B}" => removed successfully
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
HKLM\System\CurrentControlSet\Services\nxdeviced => removed successfully
nxdeviced => service removed successfully
C:\Users\paulm\AppData\Local\Temp => ":$DATA​" ADS removed successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset resetlog.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\Firewall.reg =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
C:\Firewall.reg => moved successfully
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.3636
 
Image Version: 10.0.19045.4291
 
No component store corruption detected.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 2359296 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 556185595 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1244720476 B
Windows/system/drivers => 10534236 B
Edge => 0 B
Brave => 423261290 B
Firefox => 1924568149 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 54027997 B
systemprofile32 => 54027997 B
LocalService => 54027997 B
NetworkService => 56252469 B
paulm => 69307231 B
 
RecycleBin => 485624 B
EmptyTemp: => 4.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:08:32 ====


#8 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 16 April 2024 - 12:33 PM

Thank you for the information.
 

Date: 2024-04-15 00:17:44
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0
Name: PUA:Win32/Keygen
Severity: Niedrig
Category: Potenziell unerwünschte Software
Path: containerfile:_C:\Users\paulm\Documents\VST\Bazzism.rar; containerfile:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar; containerfile:_C:\Users\paulm\Documents\VST\Serum.zip; file:_C:\Users\paulm\Documents\VST\Bazzism.rar->ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\r2r-8520.rar->R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\ISM.BazzISM.v2.5.3.Incl.Keygen-R2R\R2R\ISM_KeyGen.exe; file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R/r2r-2596.rar->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.0.MacOSX.Incl.Keygen-R2R/r2r-2597.r02->R2R\Nerve_KeyGen.exe->(nsis-6-keygen.exe)->(UPX); file:_C:\Users\paulm\Documents\VST\Serum.zip->Xfer.Records.Serum.v1.0.1.b3-WiN.OSX/Xfer.Records.Serum.v1.0.1.b3.U
Detection Origin: Lokaler Computer
Detection Type: Konkret
Detection Source: Benutzer
Process Name: Unknown
Security intelligence Version: AV: 1.409.255.0, AS: 1.409.255.0, NIS: 1.409.255.0
Engine Version: AM: 1.1.24030.4, NIS: 1.1.24030.4
Event[0]:

This indicates BazzISM is a cracked version and associated with Serum. We need to uninstall it.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free Portable

--------------------
  • Download Revo Uninstaller Free Portable and save it to your Desktop
  • Right click on the folder and select Extract All..., then click Extract
  • Double click on the RevoUninstaller-Portable folder
  • Right click on RevoUPort and select Run as administrator
  • Click OK on the License Agreement
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
ISM BazzISM
  • If the program's uninstaller appears work through the steps to remove the program(s)
  • Be sure the Advanced option is selected then click Scan
  • For each window that may appear identifying leftover items click Select All, Delete, then confirm the deletion
  • Once done click Finish
  • Reboot your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Program uninstalled?

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#9 Xyneravyn

Xyneravyn
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 April 2024 - 12:46 PM

Okay, I deleted the ZIP files from documents and uninstalled ISM Bazzis through Revo deleting all leftover files. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 16 April 2024 - 03:28 PM

Thanks.

Please repeat the SearchAll: step.


Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#11 Xyneravyn

Xyneravyn
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 April 2024 - 06:16 PM

Submitted the file. The preset folders should be safe as it was different content I purchased or got from a friend and not related to the Serum downloads. Some of it is Steam and clearly not related but refering to some game textures. The browser extension stuff looks a bit sus to me. Don't know about the rest.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 17 April 2024 - 08:15 AM

We are only going to remove Serum related entries. I will leave the Preset entries. The browser extenstions are related to Phantom and we will not remove them. You can do that manually if you wish.

Please do this.

===================================================

Farbar Recovery Scan Tool Fix

--------------------
  • Right click on the FRST64 icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied
  • There is no need to paste the information anywhere, FRST64 will do it for you
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\Users\paulm\Desktop\Psybient\Playlist\drum n base-dubstep\23 - Serum - Lumberjack.flac
C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Steinberg_VSTPlugins_Serum_x64_exe
C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Xfer Records_Serum_unins000_exe
C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Steinberg_VSTPlugins_Serum_exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2822836515-2594661799-1331936652-1001|\Device\HarddiskVolume3\Program Files\Xfer Records\Serum\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b0c1f660_0|""
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths|url1
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths|url7
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\SuggestedFolders\Music\Suggestions\{46565ece-9ce7-4dea-81a2-de7b5025df56}\0|path
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Documents\VST\Serum\Xfer.Records.Serum.v1.0.1.b3-WiN.OSX\Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R\Install_Xfer_Serum.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Steinberg\VSTPlugins\Serum_x64.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Documents\VST\Serum\Xfer.Records.Serum.v1.0.1.b3-WiN.OSX\Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R\R2R\Nerve_KeyGen.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Desktop\SERUM\Setup.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Desktop\SERUM\Xfer.Records.Serum.v1.357-TCD.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\WinRAR\ArcHistory|0
DeleteKey: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\NanoHost\Serum_x64
End::
  • Click Fix
  • When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.
  • Fixlog

Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#13 Xyneravyn

Xyneravyn
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 17 April 2024 - 09:18 AM

Thank you Gary, here you go:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.04.2024
Ran by paulm (17-04-2024 16:15:58) Run:2
Running from C:\Users\paulm\Downloads
Loaded Profiles: paulm
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\Users\paulm\Desktop\Psybient\Playlist\drum n base-dubstep\23 - Serum - Lumberjack.flac
C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Steinberg_VSTPlugins_Serum_x64_exe
C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Xfer Records_Serum_unins000_exe
C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Steinberg_VSTPlugins_Serum_exe
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2822836515-2594661799-1331936652-1001|\Device\HarddiskVolume3\Program Files\Xfer Records\Serum\unins000.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b0c1f660_0|""
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths|url1
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths|url7
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\SuggestedFolders\Music\Suggestions\{46565ece-9ce7-4dea-81a2-de7b5025df56}\0|path
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Documents\VST\Serum\Xfer.Records.Serum.v1.0.1.b3-WiN.OSX\Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R\Install_Xfer_Serum.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\Steinberg\VSTPlugins\Serum_x64.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Documents\VST\Serum\Xfer.Records.Serum.v1.0.1.b3-WiN.OSX\Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R\R2R\Nerve_KeyGen.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Desktop\SERUM\Setup.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\paulm\Desktop\SERUM\Xfer.Records.Serum.v1.357-TCD.exe
DeleteValue: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\WinRAR\ArcHistory|0
DeleteKey: HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\NanoHost\Serum_x64
End::
*****************
 
SystemRestore: On => Error -> 4%
CreateRestorePoint: Error(1=4%) -> Failed to create a restore point.
Processes closed successfully.
C:\Users\paulm\Desktop\Psybient\Playlist\drum n base-dubstep\23 - Serum - Lumberjack.flac => moved successfully
"C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Steinberg_VSTPlugins_Serum_x64_exe" => not found
"C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_Xfer Records_Serum_unins000_exe" => not found
"C:\Users\paulm\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}_Steinberg_VSTPlugins_Serum_exe" => not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2822836515-2594661799-1331936652-1001 => Error = 0x00000000000008AC
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b0c1f660_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths\\url1" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths\\url7" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\SuggestedFolders\Music\Suggestions\{46565ece-9ce7-4dea-81a2-de7b5025df56}\0\\path" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\paulm\Documents\VST\Serum\Xfer.Records.Serum.v1.0.1.b3-WiN.OSX\Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R\Install_Xfer_Serum.exe" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\Steinberg\VSTPlugins\Serum_x64.exe" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\paulm\Documents\VST\Serum\Xfer.Records.Serum.v1.0.1.b3-WiN.OSX\Xfer.Records.Serum.v1.0.0.Incl.Keygen.READ.NFO-R2R\R2R\Nerve_KeyGen.exe" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\paulm\Desktop\SERUM\Setup.exe" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\paulm\Desktop\SERUM\Xfer.Records.Serum.v1.357-TCD.exe" => removed successfully
"HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\WinRAR\ArcHistory\\0" => removed successfully
HKEY_USERS\S-1-5-21-2822836515-2594661799-1331936652-1001\SOFTWARE\NanoHost\Serum_x64 => removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 16:15:59 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware


  •  Avatar image
  • Malware Response Instructor
  • 57,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:30 PM

Posted 17 April 2024 - 09:55 AM

Great.

I think we have removed it sufficiently. Are you having any issues presently?
Gary 

Lord, to whom shall we go? You have the words of eternal life. We have come to believe and to know that you are the Holy One of God.

John 6:68-69

#15 Xyneravyn

Xyneravyn
  • Topic Starter

  •  Avatar image
  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 17 April 2024 - 10:47 AM

Okay, I am not experiencing issues right now, but I am still worried that future Passwords I enter into this PC might not be safe. Like I said, the Xfer files were only the low-threatlevel tip of the iceberg. But it might be Windows Defender had busted most if not all of the severe threat files already. My friends have across the board recommended me to just format my PC to make sure, but they are not experts. Would you say that I am beyond doubt safe now and that no Malware that could log my Keys and personal info remains on my device?






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users