Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023 Ran by madog (12-10-2023 17:28:27) Running from C:\Users\madog\Downloads Microsoft Windows 11 Home Version 21H2 22000.1696 (X64) (2021-11-26 22:37:36) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-2330798512-3083080254-602287269-500 - Administrator - Enabled) => C:\Users\Administrator adminmadogrul (S-1-5-21-2330798512-3083080254-602287269-1010 - Administrator - Enabled) => C:\Users\adminmadogrul DefaultAccount (S-1-5-21-2330798512-3083080254-602287269-503 - Limited - Disabled) Gast (S-1-5-21-2330798512-3083080254-602287269-501 - Limited - Disabled) igwal (S-1-5-21-2330798512-3083080254-602287269-1008 - Limited - Disabled) madog (S-1-5-21-2330798512-3083080254-602287269-1001 - Administrator - Enabled) => C:\Users\madog WDAGUtilityAccount (S-1-5-21-2330798512-3083080254-602287269-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis Drivers (HKLM\...\{1510245A-8237-48F5-8AAB-07FB8FF6A54A}) (Version: 27.0.39939 - Acronis) Hidden Acronis True Image for Crucial (HKLM-x32\...\{D000AAD8-31C2-40D0-A106-25D8FF6359CB}) (Version: 27.0.39939 - Acronis) Hidden Acronis True Image for Crucial (HKLM-x32\...\{D000AAD8-31C2-40D0-A106-25D8FF6359CB}Visible) (Version: 27.0.39939 - Acronis) Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 23.006.20320 - Adobe Systems Incorporated) Adobe After Effects 2023 (HKLM-x32\...\AEFT_23_6) (Version: 23.6 - Adobe Inc.) Adobe Audition 2023 (HKLM-x32\...\AUDT_23_6_1) (Version: 23.6.1 - Adobe Inc.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.) Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_9) (Version: 27.9 - Adobe Inc.) Adobe Lightroom (HKLM-x32\...\LRCC_6_5) (Version: 6.5 - Adobe Inc.) Adobe Lightroom Classic (HKLM-x32\...\LTRM_12_5) (Version: 12.5 - Adobe Inc.) Adobe Media Encoder 2023 (HKLM-x32\...\AME_23_6) (Version: 23.6 - Adobe Inc.) Adobe Photoshop 2024 (HKLM-x32\...\PHSP_25_0) (Version: 25.0.0.37 - Adobe Inc.) Adobe Premiere Pro 2023 (HKLM-x32\...\PPRO_23_6) (Version: 23.6 - Adobe Inc.) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601052}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden aescripts + aeplugins components (HKLM-x32\...\{58C0BFF8-3511-4EF6-A2B9-D7E85220F3C4}) (Version: 1.0.0.0 - aescripts + aeplugins) AfterShoot 2.5.849 (HKLM\...\40f0b56c-44d6-566b-ba2e-71d8852ed9c4) (Version: 2.5.849 - AfterShoot Inc.) Amazon Photos (HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Amazon Photos) (Version: 8.9.0 - Amazon.com, Inc.) Apple Application Support (64-Bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.4.1.0 - ASUSTek COMPUTER INC.) Hidden ASUS Aac_NBDT HAL (HKLM-x32\...\{62194eb5-96ca-4ebc-bb26-5433c914ac9b}) (Version: 2.4.1.0 - ASUSTek COMPUTER INC.) Hidden ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.22.0 - ASUSTek COMPUTER INC.) Hidden ASUS AIOFan HAL (HKLM-x32\...\{aee82291-0c7c-4f4c-904f-d2f51748eb12}) (Version: 1.1.22.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.29.0 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Display Component (HKLM-x32\...\{c5669622-d369-4e19-ae7b-d6b33d469f2d}) (Version: 1.1.29.0 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Extension Card HAL (HKLM\...\{237E1CAC-1708-4940-AC34-DF15C079AB70}) (Version: 1.1.0.7 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM-x32\...\{8afe9244-6621-4acd-8119-6a983ac203de}) (Version: 1.1.0.7 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.3.21.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Headset Component (HKLM-x32\...\{d9f0b2e5-d90e-4a4e-b48b-71ec72276b78}) (Version: 1.3.21.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM\...\{4EBEAC95-76BC-46A8-8644-6E2F1C87CF70}) (Version: 1.1.7.0 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM-x32\...\{7ad44d88-6f3d-4f3e-bfe0-9434dc5a1967}) (Version: 1.1.7.0 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.9.0 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM-x32\...\{1eb761c4-2177-4d27-9299-5befbbd97df1}) (Version: 1.0.9.0 - ASUSTeK COMPUTER INC.) Hidden ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.04 - ASUSTek COMPUTER INC.) Hidden ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA VGA Component (HKLM-x32\...\{2357cd84-6c2b-4174-87c7-4f9f9db8746b}) (Version: 0.0.3.1 - ASUSTek COMPUTER INC. ) Hidden ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.1.45.0 - ASUSTek COMPUTER INC.) Hidden ASUS Keyboard HAL (HKLM-x32\...\{06ae42a2-6f44-4afa-89a1-4dcc67486773}) (Version: 1.1.45.0 - ASUSTek COMPUTER INC.) Hidden ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden ASUS MB Peripheral Products (HKLM-x32\...\{193a2068-8738-4276-ab1b-9133f9403487}) (Version: 1.0.35 - ASUSTeK Computer Inc.) Hidden ASUS Mouse HAL (HKLM\...\{B8F984F2-7887-4DD2-8D96-F9A4BC5A4AC5}) (Version: 1.1.0.42 - ASUSTek COMPUTER INC.) Hidden ASUS Mouse HAL (HKLM-x32\...\{9b707cef-7f70-4fe9-bd9c-363110a6f538}) (Version: 1.1.0.42 - ASUSTek COMPUTER INC.) Hidden ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.2.5 - ASUSTek COMPUTER INC.) Hidden ASUS MousePad HAL (HKLM-x32\...\{938b2a3e-f708-467b-bce7-8e6075bbf66d}) (Version: 1.0.2.5 - ASUSTek COMPUTER INC.) Hidden AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.07.84 - ASUSTeK Computer Inc.) AURA DRAM Component (HKLM\...\{9AFE5429-866B-457D-A864-80BCF7672EE8}) (Version: 1.1.07 - ASUS) Hidden AURA DRAM Component (HKLM-x32\...\{5b6f6255-822a-4273-b533-c6273ca7e45e}) (Version: 1.1.07 - ASUS) Hidden AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.8 - ASUS) AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.8 - ASUS) AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.34 - ASUSTeK Computer Inc.) Hidden AURA Service (HKLM-x32\...\{62b10058-b4e9-4243-a2a1-858274de9675}) (Version: 3.04.34 - ASUSTeK Computer Inc.) Aurora v1 (HKLM-x32\...\{9444602B-C5D8-4EF5-9D5B-E76D06B53C71}_is1) (Version: v1 - Anton Pupkov) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version: - Blizzard Entertainment) Call of Duty Vanguard (HKLM-x32\...\Call of Duty Vanguard) (Version: - Blizzard Entertainment) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.1.4 - Canon Inc.) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.4.0 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.) Canon MX470 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX470_series) (Version: 1.02 - Canon Inc.) CurseForge (HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.201.1.4725 - Overwolf app) Discord (HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\Discord) (Version: 1.0.9011 - Discord Inc.) Discord (HKU\S-1-5-21-2330798512-3083080254-602287269-1010\...\Discord) (Version: 1.0.9011 - Discord Inc.) Duet Display (HKLM\...\{64B0E75B-7ACA-4858-8C9A-95A91B6ECFE3}) (Version: 2.5.6.2 - Kairos) Hidden Duet Display (HKLM\...\Duet Display 2.5.6.2) (Version: 2.5.6.2 - Kairos) ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden ENE_ESD_ASM_HAL (HKLM\...\{3934CCB9-0204-4763-993F-6189B5F95EDF}) (Version: 1.0.9.5 - ENE TECHNOLOGY INC.) Hidden ENE_ESD_ASM_HAL (HKLM-x32\...\{b877119b-682b-444a-92a5-9ea4a54cfdc3}) (Version: 1.0.9.5 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden Epic Games Launcher (HKLM-x32\...\{E0419FB0-0C46-4F07-9D5B-2FD78A8C45ED}) (Version: 1.3.0.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.) Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.3.95.627 - Digital Wave Ltd) FreeFileSync (HKLM-x32\...\FreeFileSync_is1) (Version: 13.0 - FreeFileSync.org) GGPoker (HKLM-x32\...\{AF01A7F7-CFDF-44C8-A0BB-366F286608F5}) (Version: 1.0.0.137 - NSUS Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 117.0.5938.149 - Google LLC) HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.30.326 - SurfRight B.V.) iCloud Outlook (HKLM\...\{F054257C-600A-4918-B730-F6829E491781}) (Version: 13.0.0.201 - Apple Inc.) ImagenAI 23.15.4 (HKLM\...\3a7b72c3-feff-552b-ab36-a4bfabbea3cf) (Version: 23.15.4 - Imagen) Imaging Edge Desktop (HKLM\...\{F98D3A5D-0270-493C-A8A3-9098D0C8FC30}) (Version: 1.1.00.05260 - Sony Corporation) Imaging Edge Desktop (Remote/Viewer/Edit) (HKLM\...\{EB33F0D7-6822-4FD6-9685-B6E50425817E}) (Version: 3.3.02.03110 - Sony Corporation) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Kingston AURA DRAM Component (HKLM\...\{965CDF5F-901C-476F-B3A8-7396701B1129}) (Version: 1.1.5 - KINGSTON COMPONENTS INC.) Hidden Kingston AURA DRAM Component (HKLM-x32\...\{9372ad14-df78-4cf2-86fe-e7a8c1c42107}) (Version: 1.1.5 - KINGSTON COMPONENTS INC.) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LibreCAD (HKLM-x32\...\LibreCAD) (Version: 2.2.0-rc3-24-g4602ec6a - LibreCAD Team) Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.8.459147 - Logitech) Logitech Kameraeinstellungen (HKLM-x32\...\LogiUCDPP) (Version: 2.12.8.0 - Logitech Europe S.A.) Luminar AI (HKLM\...\Luminar AI) (Version: 1.5.1.8660 - Skylum) Magic Bullet Suite (HKLM\...\Magic Bullet Suite v14.0.4) (Version: - Red Giant LLC) Magic Bullet Suite (HKLM\...\Magic Bullet Suite v15.1.0) (Version: - Maxon Computer GmbH) Magic Bullet Suite (HKLM\...\Magic Bullet Suite v2023.0.0) (Version: - Maxon Computer GmbH) Malwarebytes version 4.6.2.281 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.2.281 - Malwarebytes) Maxon Cinema 4D 2023 (HKLM\...\Maxon Cinema 4D 2023) (Version: 2023 - Maxon) Maxon Cinema 4D 24 (HKLM\...\Maxon Cinema 4D S24) (Version: S24 - Maxon) Maxon Cinema 4D 25 (HKLM\...\Maxon Cinema 4D R25) (Version: R25 - Maxon) Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.16827.20130 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{CB344172-1257-447E-8D6B-6E9DE15DA449}) (Version: 4.74.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM\...\{3C31CBA1-A0D9-4B95-A807-AD2313D12F47}) (Version: 40.68.31219 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.17 (x64) (HKLM-x32\...\{20d5df4e-006c-4d6d-a0dc-490d009b9786}) (Version: 5.0.17.31219 - Microsoft Corporation) MSI Afterburner 4.6.4 (HKLM-x32\...\Afterburner) (Version: 4.6.4 - MSI Co., LTD) MSI Kombustor 4.1.15.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D) Nefarius Virtual Gamepad Emulation Bus Driver (HKLM\...\{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation) NVIDIA Grafiktreiber 537.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.42 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20056 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.16827.20130 - Microsoft Corporation) Hidden OpenVPN Connect (HKLM\...\{F670A6F8-CE69-4899-9C6B-BBBAE882623F}) (Version: 3.3.3 - OpenVPN Technologies) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.233.2.2 - Overwolf Ltd.) Paradox Launcher v2 (HKLM\...\{66DA3501-823A-4F07-A20D-C64495A59DC8}) (Version: 2.1.0 - Paradox Interactive) Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.8.4 - Patriot Memory) Hidden Patriot Viper DRAM RGB (HKLM-x32\...\{71fce76d-64e1-445d-872c-6870aa23db64}) (Version: 1.0.8.4 - Patriot Memory) Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory) Pentablet Version 3.2.2.211028 (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 3.2.2.211028 - XP-PEN Technology) PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden Pixellu SmartAlbums (HKLM\...\{2FD19F6C-38D6-422D-8837-3F1414BA6A80}_is1) (Version: 2023.6.2 - Pixellu) PowerShell 7.3.7.0-x64 (HKLM-x32\...\{29251170-d654-4841-8506-d43bd4ed225b}) (Version: 7.3.7.0 - Microsoft Corporation) PowerShell 7-x64 (HKLM\...\{14844184-695A-4B90-82CC-01F55AD80778}) (Version: 7.3.7.0 - Microsoft Corporation) Hidden Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Saal Design Software AT (HKLM-x32\...\SaalDesignSoftwareAT) (Version: 4.1 - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Streamlabs Desktop 1.11.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.11.1 - General Workings, Inc.) StudioApp version 2.018 (HKLM-x32\...\{750C97D8-3621-41FB-965A-10EC5633E0EA}_is1) (Version: 2.018 - Studio) TeamViewer (HKLM\...\TeamViewer) (Version: 15.45.4 - TeamViewer) Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD) UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden Windows-Treiberpaket - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya) Windows-Treiberpaket - Phase One A/S (WinUSB) USBDevice (12/14/2018 1.15.0.0) (HKLM\...\9398055CF8BEEF1D6FCF147047450F15A1C7AF2A) (Version: 12/14/2018 1.15.0.0 - Phase One A/S) WinRAR 6.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH) ZXP Installer (HKLM-x32\...\{0dc5a3af-6ad3-4b11-bd18-6f36c2a30ab7}) (Version: 1.7.0.0 - aescripts + aeplugins) Hidden ZXP Installer (HKLM-x32\...\{9A371BCA-C0DD-4E50-AF86-3BE5270F9BAC}) (Version: 1.7.0.0 - aescripts + aeplugins) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-12-13] (Adobe Systems Incorporated) Adobe Acrobat -> E:\Program Files\Adobe\Acrobat DC [2023-09-13] () Adobe Acrobat DC -> E:\Program Files\Adobe\Acrobat DC [2023-09-13] () Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-06-11] (Adobe Systems Incorporated) Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2023-08-05] (AMZN Mobile LLC.) [Startup Task] Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-09-21] (Microsoft Corporation) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.62.8.0_x64__6rarf9sa4v8jt [2023-09-24] (Disney) Fresco -> C:\Program Files\WindowsApps\Adobe.Fresco_5.0.0.1331_x64__pc75e8sa7ep4e [2023-09-19] (Adobe Inc.) HEVC-Videoerweiterungen -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-11] (Microsoft Corporation) iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa [2023-07-18] (Apple Inc.) [Startup Task] Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-10-12] (INTEL CORP) [Startup Task] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa [2023-09-18] (Apple Inc.) [Startup Task] Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-03-31] (Microsoft Corporation) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10829.535.0_x64__8wekyb3d8bbwe [2023-09-27] (Microsoft Corporation) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.3.7.0_x64__8wekyb3d8bbwe [2023-09-13] (Microsoft Studios) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-25] (NVIDIA Corp.) Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.913.400_x64__8wekyb3d8bbwe [2023-09-18] (Microsoft Corporation) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-27] (Spotify AB) [Startup Task] TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-10-07] (Bytedance Pte. Ltd.) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2339.13.0_x64__cv1g1gvanyjgm [2023-10-12] (WhatsApp Inc.) [Startup Task] Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2023.328.1138.998_neutral__8wekyb3d8bbwe [2023-03-28] (Microsoft Corporation) WinRAR -> E:\Program Files\WinRAR [2023-03-28] (win.rar GmbH) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2330798512-3083080254-602287269-1001_Classes\CLSID\{04271989-C4D2-C4AB-ED18-06DE8AAA9F5C} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-2330798512-3083080254-602287269-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6ECA53FA2CA6} -> [Creative Cloud Files] => C:\Users\madog\Creative Cloud Files [2021-11-21 01:55] CustomCLSID: HKU\S-1-5-21-2330798512-3083080254-602287269-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-2330798512-3083080254-602287269-1001_Classes\CLSID\{444c3d34-4024-4c6f-a9da-b47eed58ceb6}\localserver32 -> C:\Program Files\Skylum\Luminar AI\Luminar AI.exe (Skylum Software USA, Inc. -> Skylum) CustomCLSID: HKU\S-1-5-21-2330798512-3083080254-602287269-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => No File CustomCLSID: HKU\S-1-5-21-2330798512-3083080254-602287269-1001_Classes\CLSID\{a3d7e084-b0df-4d14-8e0a-27a572a6332c}\localserver32 -> E:\Program Files\Sony\Imaging Edge Desktop\ied.exe (Sony Corporation -> Sony) CustomCLSID: HKU\S-1-5-21-2330798512-3083080254-602287269-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_27_0_39939.dll [2023-05-09] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_27_0_39939.dll [2023-05-09] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_27_0_39939.dll [2023-05-09] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64_27_0_39939.dll [2023-05-09] (Acronis International GmbH -> ) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-29] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-29] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-29] (Adobe Inc. -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-29] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-07] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-28] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-30] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_97c24e8dfa98e686\nvshext.dll [2023-09-14] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-29] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2023-09-07] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-28] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2023-08-29 20:39 - 2023-08-29 20:39 - 000799744 _____ () [File not signed] C:\Users\madog\AppData\Local\Amazon Drive\sqlite3.dll 2021-12-03 15:36 - 2021-12-03 15:36 - 000232960 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTCore.dll 2021-12-03 15:36 - 2021-12-03 15:36 - 000057344 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTFC.dll 2021-12-03 15:36 - 2021-12-03 15:36 - 000668672 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTHAL.dll 2021-12-03 15:36 - 2021-12-03 15:36 - 000074240 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTMUI.dll 2021-12-03 15:36 - 2021-12-03 15:36 - 000371712 _____ () [File not signed] E:\Program Files (x86)\MSI Afterburner\RTUI.dll 2021-10-05 10:44 - 2021-10-05 10:44 - 000022016 _____ (Adobe Systems Inc.) [File not signed] E:\Program Files\Adobe\Acrobat DC\Acrobat\locale\de_de\Acrobat Elements\ContextMenuShim64.deu 2020-05-26 18:08 - 2020-05-26 18:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll 2021-11-21 22:05 - 2023-10-12 17:19 - 000042280 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\4.00.45\PEbiosinterface32.dll 2021-12-11 12:03 - 2013-08-02 09:42 - 000008704 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_DEU.DLL 2021-12-11 12:03 - 2013-08-02 09:42 - 000307200 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll 2021-12-11 12:03 - 2013-09-11 16:50 - 000360448 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL 2023-08-29 20:39 - 2023-08-29 20:39 - 000125952 _____ (Robert Vazan) [File not signed] C:\Users\madog\AppData\Local\Amazon Drive\crc32c.dll 2021-11-21 14:31 - 2019-12-30 23:01 - 000036352 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qdds.dll 2021-11-21 14:31 - 2019-12-30 23:00 - 000022016 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qgif.dll 2021-11-21 14:31 - 2019-12-30 23:01 - 000029184 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qicns.dll 2021-11-21 14:31 - 2019-12-30 23:00 - 000022528 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qico.dll 2021-11-21 14:31 - 2019-12-30 23:00 - 000206848 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qjpeg.dll 2021-11-21 14:31 - 2019-12-30 23:12 - 000016896 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qsvg.dll 2021-11-21 14:31 - 2019-12-30 23:01 - 000016384 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qtga.dll 2021-11-21 14:31 - 2019-12-30 23:02 - 000310272 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qtiff.dll 2021-11-21 14:31 - 2019-12-30 23:02 - 000015360 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qwbmp.dll 2021-11-21 14:31 - 2019-12-30 23:03 - 000287232 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\imageformats\qwebp.dll 2021-11-21 14:31 - 2019-12-30 23:00 - 000966144 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\platforms\qwindows.dll 2021-11-21 14:31 - 2019-12-31 14:35 - 004686848 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\Qt5Core.dll 2021-11-21 14:31 - 2019-12-30 22:33 - 005035008 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\Qt5Gui.dll 2021-11-21 14:31 - 2019-12-30 22:24 - 000674816 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\Qt5Network.dll 2021-11-21 14:31 - 2019-12-30 23:12 - 000251392 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\Qt5Svg.dll 2021-11-21 14:31 - 2019-12-30 22:49 - 004518912 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\Qt5Widgets.dll 2021-11-21 14:31 - 2019-12-30 22:24 - 000151040 _____ (The Qt Company Ltd) [File not signed] E:\Program Files\Pentablet\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2023-10-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-10-06] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\sharepoint.com -> hxxps://nbgtech365-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts 2023-04-06 17:36 - 2023-04-06 17:46 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files\PowerShell\7\ HKU\S-1-5-21-2330798512-3083080254-602287269-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\madog\Pictures\LOGO_Wallpaper.jpg HKU\S-1-5-21-2330798512-3083080254-602287269-1010\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2330798512-3083080254-602287269-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "Imaging Edge Desktop.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess" HKLM\...\StartupApproved\Run32: => "StudioApp.exe" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "Discord" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "Luminar AI.lnk" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "{D1D7E4BB-7468-4DA2-974F-B8572CA46F93} - OProcSessId.dat" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "{C3483390-EE60-4CA5-9D6C-B249CE5ABA62} - OProcSessId.dat" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "{8C259B9D-B166-4AC2-AE4E-3BF6A00DB55E} - OProcSessId.dat" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "{2A01ECA1-74EE-4C1E-AD3C-FDB753F93759} - OProcSessId.dat" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "wctCF74.tmp" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "msedge_installer.log" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\StartupFolder: => "74358441-9947-4cd0-bdb8-8f53caea285e.tmp" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\Run: => "Duet Display" HKU\S-1-5-21-2330798512-3083080254-602287269-1001\...\StartupApproved\Run: => "LEAJ" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{EB45D336-878D-4B11-A3A6-0305A3378041}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CC100F82-CBCE-4DAD-A361-FB751024AA10}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{9B70AE25-4D99-4769-8FB2-16DC33906957}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{D0803FA2-710B-4E3D-B9B2-EF80C3E83E22}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [UDP Query User{9871BB3F-8E6F-43AB-BDCF-0B10A50A4034}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [TCP Query User{938482AF-50E2-4D56-BD72-E19E674705B4}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [{6533390B-624A-493E-B899-054B6166F1EB}] => (Allow) E:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E7785CB6-F9B4-4B35-9F9A-C804A0EC1486}] => (Allow) E:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{82EA63AE-0D55-43CF-8F6A-18608E0F6B09}] => (Allow) E:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{559CA7D8-F960-405A-A3AC-A39401B09478}] => (Allow) E:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{DF487AD3-F61F-4679-8D8A-C9373BBB7AD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{ADDF4BC2-040B-4A1B-B82A-C6376A8A7BC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{EE7A0A4D-C697-40AB-82ED-26A8BA16D642}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Driver Booster for Steam\DriverBooster.exe (IObit CO., LTD -> IObit) FirewallRules: [{82E6BFDD-6D5F-4CBE-AFE2-0C403AF68DFE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Driver Booster for Steam\DriverBooster.exe (IObit CO., LTD -> IObit) FirewallRules: [TCP Query User{6BD047DE-84A6-42A2-8515-7395E761A0E7}E:\program files\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\program files\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) FirewallRules: [UDP Query User{ECEFC849-575F-400F-B30C-C4F1D1F909B2}E:\program files\call of duty modern warfare\modernwarfare.exe] => (Allow) E:\program files\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision) FirewallRules: [{E62706B9-AADD-42E3-A623-6D46A57D016A}] => (Allow) E:\Program Files\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{ED82B226-D51B-4D52-919D-D07B39B99C6C}] => (Allow) E:\Program Files\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{C0041600-ADBD-4727-8480-444EEE46FD99}] => (Allow) E:\Program Files\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{813B4BD2-2A70-404F-803D-85ADC1DE5398}] => (Allow) E:\Program Files\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{21BC571D-0DED-49B4-A18A-82E5A7CBE1B3}] => (Allow) E:\Program Files\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{30179923-D074-4ECC-BBC8-C3920D3B347F}] => (Allow) E:\Program Files\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{8D996EE8-425D-4262-8456-F483B6EEA882}] => (Allow) E:\Program Files\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [{83DBB3C3-3A3B-4CF0-BA62-2E52DA81EF8A}] => (Allow) E:\Program Files\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment) FirewallRules: [TCP Query User{C03EE518-B9D0-480C-9452-20C78B3A2CA9}E:\program files\call of duty vanguard\vanguard.exe] => (Allow) E:\program files\call of duty vanguard\vanguard.exe (Activision Publishing Inc -> Activision) FirewallRules: [UDP Query User{413BE71E-CCDB-49FF-A44A-9457A078D4FE}E:\program files\call of duty vanguard\vanguard.exe] => (Allow) E:\program files\call of duty vanguard\vanguard.exe (Activision Publishing Inc -> Activision) FirewallRules: [{546CC009-C730-4F29-824F-D9F1375254C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{57E66E83-BC18-4579-9DB8-61062856B3E9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3389B5E2-D20A-4601-AF03-FEC37D9BA878}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [{1758068F-AB7B-4CB8-A565-EC5389EFDFFD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File FirewallRules: [TCP Query User{209CA125-05FE-4023-AFEE-E6C504BAC939}C:\users\madog\documents\nbminer\nbminer.exe] => (Allow) C:\users\madog\documents\nbminer\nbminer.exe => No File FirewallRules: [UDP Query User{A98F4651-A978-49FF-A5D5-F6BD7B1C36BC}C:\users\madog\documents\nbminer\nbminer.exe] => (Allow) C:\users\madog\documents\nbminer\nbminer.exe => No File FirewallRules: [TCP Query User{5E445F21-7026-434C-B719-2BBDF54E7066}C:\users\madog\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\madog\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File FirewallRules: [UDP Query User{791952FB-F103-493C-99F7-F9A8772ACC12}C:\users\madog\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\madog\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe => No File FirewallRules: [{BA84805D-C200-4DA9-A74B-42C39FAFE3BD}] => (Allow) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe => No File FirewallRules: [{2990FE09-2306-4360-90A6-66C82AF2CFBF}] => (Allow) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe => No File FirewallRules: [{EAA0C5B2-43F0-4B06-B909-679847B32F35}] => (Allow) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe => No File FirewallRules: [{306B14D4-A2D3-4D6B-9692-88CFAA3873F2}] => (Allow) E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe => No File FirewallRules: [TCP Query User{3A70999E-8304-4FCD-BB20-11D69C4FDF38}C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe FirewallRules: [UDP Query User{0C79B66E-7449-469E-A387-3F90D492FBE1}C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe FirewallRules: [TCP Query User{C3A99B21-BA25-4BA0-AA57-5451B67E9325}E:\program files\phase one\capture one 20.0.2\captureone.exe] => (Allow) E:\program files\phase one\capture one 20.0.2\captureone.exe => No File FirewallRules: [UDP Query User{F305EFA7-824B-4064-9F7D-B19D6B393BF0}E:\program files\phase one\capture one 20.0.2\captureone.exe] => (Allow) E:\program files\phase one\capture one 20.0.2\captureone.exe => No File FirewallRules: [TCP Query User{53AF848B-6BEF-4554-B1BD-52B269B58135}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [UDP Query User{502C72DC-8A3B-4D60-859F-9A0A9730A800}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.) FirewallRules: [TCP Query User{2D44981A-5CA5-4327-BAB0-0DB87B3D095E}C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe FirewallRules: [UDP Query User{CD79FFD6-53DF-42BD-B0C5-793B683B08C8}C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe FirewallRules: [{BC27E244-C6D3-493C-84D6-C6C387940601}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{81CADA79-7A94-452D-BAB1-CFC8DA237D9E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [TCP Query User{C4AF8440-1521-464D-A81F-43A78DAAF659}C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [UDP Query User{E4F8E992-8DE2-41B3-97DC-7737A1280CAD}C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\madog\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe FirewallRules: [TCP Query User{3FC20D37-74D6-4933-A1EB-05CF27CA5907}E:\program files\videolan\vlc\vlc.exe] => (Allow) E:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{D80AD00B-7B1C-47EA-AB02-D08017D02757}E:\program files\videolan\vlc\vlc.exe] => (Allow) E:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{C532F514-DA4C-49DE-AC34-98415D264018}] => (Block) E:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{01B4931C-9233-4B8D-873D-8697F6C9189B}] => (Block) E:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{6634DE39-2495-49F8-B5F8-655F165E9E5B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{A1610FCF-F0E9-4C03-B04D-24172ACAA798}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F1DC3C5B-927C-4B9F-A2C8-49F3261FE688}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{ADDCB22E-7DA8-42D5-A148-D00B5B08BEA7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{DC569F74-C16C-45D6-97B6-0BE76482CC95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{CEE24863-28DC-431F-82EA-E74C0669E702}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{A34E1946-C4D6-4D82-9AC8-F69A03C4A14E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [{BE3AA061-51C8-444A-BE69-368A0DB761D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation) FirewallRules: [TCP Query User{B9B1F3EB-3EEE-4A24-8EF4-408C96B28166}C:\program files\aftershoot\aftershoot.exe] => (Allow) C:\program files\aftershoot\aftershoot.exe (AfterShoot Inc.) [File not signed] FirewallRules: [UDP Query User{E8E9E71A-6E0F-48E9-8582-19E0C48FA5B7}C:\program files\aftershoot\aftershoot.exe] => (Allow) C:\program files\aftershoot\aftershoot.exe (AfterShoot Inc.) [File not signed] FirewallRules: [{239A4839-431E-425D-84EB-D3E15523EC34}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [File not signed] FirewallRules: [{DFE6ADF9-B0DA-4F8C-9E11-891EE39CD18B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Poly Bridge 2\Poly Bridge 2.exe () [File not signed] FirewallRules: [{2C10FB16-F81E-40CD-90A9-8E17D89C3816}] => (Allow) E:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc. -> Duet, Inc.) FirewallRules: [{20D38482-581F-44B6-BF16-47250C98C1DA}] => (Allow) E:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc. -> Duet, Inc.) FirewallRules: [{F929F328-4B23-4186-8610-D803BB8944A2}] => (Allow) E:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc. -> Duet, Inc.) FirewallRules: [{F43A051C-CBC5-4605-879D-4703755DAFA2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2DC799E8-38CB-4AB9-8842-DDF87941160C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E1143A67-CDF2-4CD5-891C-9D83AC50CA19}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{77D78F95-D020-40FE-8130-DF0E08E2042C}C:\program files\aftershoot\aftershoot.exe] => (Allow) C:\program files\aftershoot\aftershoot.exe (AfterShoot Inc.) [File not signed] FirewallRules: [UDP Query User{AFFF4851-77BA-4CF3-AF5F-05A1CEB1D230}C:\program files\aftershoot\aftershoot.exe] => (Allow) C:\program files\aftershoot\aftershoot.exe (AfterShoot Inc.) [File not signed] FirewallRules: [{94D03115-FA36-4903-A5ED-8C27FEFFD2B7}] => (Allow) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [{84294835-624B-4493-8DA0-560824B97AB9}] => (Allow) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [{1423CC98-693C-42EB-B902-C6968B385974}] => (Allow) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [{C7F81476-9F5F-4644-9207-4FE7DB29D2A4}] => (Allow) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [TCP Query User{05EED9F0-3D0E-4CE7-99DE-744036DA2C1D}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [UDP Query User{9F62934B-70D7-4BF1-824C-BE4BDCC8A6F9}C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe] => (Allow) C:\program files\common files\adobe\adobe desktop common\hex\creative cloud ui helper.exe (Adobe Inc. -> Adobe Inc.) FirewallRules: [{2823EFFC-B65F-4F4F-B1F6-0F7DD5ADC024}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{A126BE8E-63EC-46C6-A602-1ABC35E6F581}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> ) FirewallRules: [{0B530C24-9136-4FCA-95B0-BC3C7D138A6E}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> ) FirewallRules: [{E0EC7C6E-546C-401F-A68F-B76E82146442}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> ) FirewallRules: [{A4D33E5E-5BA3-4C32-97D4-8671F678C1DB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> ) FirewallRules: [{40D0F169-02CB-41DD-AF82-6C57CDBD8C64}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> ) FirewallRules: [{4A0B0A4B-ED74-4B1E-BA14-3B77C0D7F45D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> ) FirewallRules: [{03A13454-31F5-4880-97C3-975ECEB63EFA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> ) FirewallRules: [{9401F0C4-F0D6-4147-B213-B8E444B23D2B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> ) FirewallRules: [{728619B7-8315-4A82-B0BB-0937F85E7F58}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> ) FirewallRules: [{8BE70049-91A1-422F-AB0A-EE47AC422197}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{2A27EE73-2AA5-4281-B0B5-2C366117EF50}] => (Allow) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{4D45A060-E47C-4B36-AE76-9AF8B147B066}] => (Allow) C:\Program Files (x86)\Acronis\Agent\aakore.exe (Acronis International GmbH -> Acronis International GmbH) FirewallRules: [{A78C028D-D6B2-4948-89A9-24929FC45D32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File FirewallRules: [TCP Query User{8C2D2111-4206-4A36-9BFC-BB765D4D2249}C:\users\madog\appdata\roaming\ggpcom\ggnet.exe] => (Allow) C:\users\madog\appdata\roaming\ggpcom\ggnet.exe (NSUS Ltd. -> ) FirewallRules: [UDP Query User{1F1248AA-8B12-41BD-A222-6D9EAF1112C3}C:\users\madog\appdata\roaming\ggpcom\ggnet.exe] => (Allow) C:\users\madog\appdata\roaming\ggpcom\ggnet.exe (NSUS Ltd. -> ) FirewallRules: [{EDC584F9-BC4F-4C38-87BB-EA12523792F2}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{14814EA1-2380-4298-9CDC-4CB5327AD477}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7014962F-EA65-4C98-ADCE-2E285347A33D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{0E9FD3CC-2A4E-4EAF-BB00-8AD9D9E10DE4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{9DF8CF9F-3907-44EE-8432-4D9AD0490CBB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{0AB3C64D-740B-4E98-B2D1-8D9CF3DA3E70}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{101AF8D5-4F35-4465-89A4-668D56633F6F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{2C2A341A-0477-42D3-BA2F-56B0E30BEBAB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{95910D19-E3ED-4253-95D3-B0E73464BD6D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{A7997432-2EA9-4966-8D1E-ED3FED7D5FCD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{928C3507-05CF-46D4-B059-EBDC06F2E121}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{80BE9823-F650-41A8-B234-BF7B676242E2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.10001.1009.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{1F57AB3D-A6F5-4B14-85C3-284F4B62D603}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C9924856-5871-4865-951B-74BB4C268DB2}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F874B04C-1D13-4D80-9062-5A3097929D54}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{88693F09-38EC-4F19-8A28-E244B6E43E7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{C696056C-41B7-42EC-B428-66491210FC4C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6D7CA847-E943-4B64-B6AC-FFF86F7ABCE3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{779D9244-E659-4891-8931-997377E8A8B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{5BF6F983-A2AF-4262-BD7B-358F4544F150}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F477D53B-F3E4-4E2A-86BD-105DD136F32B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{CF345BF8-17FA-4B2D-A862-29AB0867F72F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{D873F43F-F251-45EC-8D90-3309C219D680}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{708892D4-4B63-4D11-8D9A-243CF2215A66}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{27082772-9240-4B8D-A8D6-A69ACFD87C38}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CC24625C-2AEA-473B-93B0-2978BD9EAAC9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{DD6DB051-2D4F-4363-B447-FC07F8C94413}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{ABE99EF7-A729-4256-A804-E38E3DA9A216}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{18DAD504-2D0D-43F8-9A97-D5B7FBBB04BF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{4887D5A1-90DF-4EAC-9448-41BED9AE0844}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{CA5A7039-1A5B-4517-88D8-E0FC88FA9AAE}] => (Allow) E:\Program Files\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File FirewallRules: [{1F57540F-E7A8-414B-8BC8-252737D58535}] => (Allow) E:\Program Files\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File FirewallRules: [{7DBD60AA-2E81-4EC7-B80D-195A1C030223}] => (Block) E:\Program Files\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File FirewallRules: [{76E68045-4C9E-4BE3-A10C-A6D83959AF3E}] => (Block) E:\Program Files\Overwolf\0.233.1.2\OverwolfBrowser.exe => No File FirewallRules: [{ACEF1B41-C6C0-4CC2-92CE-8EB824E9C3FE}] => (Allow) E:\Program Files\Overwolf\0.199.0.15\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{C2A3C5D7-1BC9-4FAA-8970-FEDC3AE09262}] => (Allow) E:\Program Files\Overwolf\0.199.0.15\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{543178BF-608A-4B37-8896-992CFB6F9FAB}] => (Block) E:\Program Files\Overwolf\0.199.0.15\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{E586EE60-E80D-4CB1-A946-B66E9FE70220}] => (Block) E:\Program Files\Overwolf\0.199.0.15\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{92A2F3F2-4650-4FA2-9B2D-20940EB0A64A}] => (Allow) E:\Program Files\Overwolf\0.233.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{76A6B6F7-076A-4D4A-B32F-B564EE34CDA7}] => (Allow) E:\Program Files\Overwolf\0.233.2.2\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============ Name: TAP-Windows Adapter V9 for OpenVPN Connect Description: TAP-Windows Adapter V9 for OpenVPN Connect Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 for OpenVPN Connect Service: tap_ovpnconnect Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (10/12/2023 05:27:11 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\msiexec.exe /V; Beschreibung = Bonjour wird entfernt; Fehler = 0x80070422). Error: (10/12/2023 05:25:50 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\msiexec.exe /V; Beschreibung = Removed Bonjour; Fehler = 0x80070422). Error: (10/12/2023 05:25:24 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Das Programm FRSTEnglish.exe Version 6.10.2023.0 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b18 Startzeit: 01d9fd200a0b008f Beendigungszeit: 4294967295 Anwendungspfad: C:\Users\madog\Downloads\FRSTEnglish.exe Bericht-ID: d0fd4dc4-12af-4c4e-a068-04f14e53b74c Vollständiger Name des fehlerhaften Pakets: Relative Anwendungs-ID des fehlerhaften Pakets: Absturztyp: Top level window is idle Error: (10/12/2023 05:20:29 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-VQN4R79) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (10/07/2023 07:21:22 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22000.2355_none_828ef538fef166f8\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422). Error: (10/07/2023 07:01:34 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-VQN4R79) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (10/07/2023 05:22:47 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (10/07/2023 05:22:47 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] System errors: ============= Error: (10/12/2023 05:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DigitalWave.Update.Service" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (10/12/2023 05:19:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (45000 ms) wurde beim Verbindungsversuch mit dem Dienst DigitalWave.Update.Service erreicht. Error: (10/12/2023 05:19:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "cplspcon" wurde mit folgendem Fehler beendet: Unbekannter Fehler Error: (10/07/2023 11:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VQN4R79) Description: Der Server "{1EF75F33-893B-4E8F-9655-C3D602BA4897}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/07/2023 11:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VQN4R79) Description: Der Server "{1EF75F33-893B-4E8F-9655-C3D602BA4897}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/07/2023 11:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VQN4R79) Description: Der Server "{1EF75F33-893B-4E8F-9655-C3D602BA4897}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/07/2023 11:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VQN4R79) Description: Der Server "{1EF75F33-893B-4E8F-9655-C3D602BA4897}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (10/07/2023 11:15:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VQN4R79) Description: Der Server "{1EF75F33-893B-4E8F-9655-C3D602BA4897}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Windows Defender: ================ Date: 2021-12-01 22:35:41 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/DefenderControl!MSR&threatid=2147754900&enterprise=0 Name: HackTool:Win32/DefenderControl!MSR Schweregrad: Hoch Kategorie: Tool Pfad: file:_C:\Users\madog\Downloads\d20Control\dControl\dControl\dControl\dfControl.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-VQN4R79\madog Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.353.1908.0, AS: 1.353.1908.0, NIS: 1.353.1908.0 Modulversion: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-12-01 22:34:35 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/DefenderControl!MSR&threatid=2147754900&enterprise=0 Name: HackTool:Win32/DefenderControl!MSR Schweregrad: Hoch Kategorie: Tool Pfad: file:_C:\Users\madog\AppData\Local\Temp\Rar$EXb7324.12809\dControl\dfControl.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-VQN4R79\madog Prozessname: E:\Program Files\WinRAR\WinRAR.exe Sicherheitsversion: AV: 1.353.1908.0, AS: 1.353.1908.0, NIS: 1.353.1908.0 Modulversion: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-12-01 22:34:11 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/DefenderControl!MSR&threatid=2147754900&enterprise=0 Name: HackTool:Win32/DefenderControl!MSR Schweregrad: Hoch Kategorie: Tool Pfad: file:_C:\Users\madog\AppData\Local\Temp\Rar$EXb7324.4881\dControl\dfControl.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DESKTOP-VQN4R79\madog Prozessname: E:\Program Files\WinRAR\WinRAR.exe Sicherheitsversion: AV: 1.353.1908.0, AS: 1.353.1908.0, NIS: 1.353.1908.0 Modulversion: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-30 22:39:48 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml Schweregrad: Schwerwiegend Kategorie: Trojaner Pfad: containerfile:_C:\Users\madog\Downloads\267496_Sux5qLRxj0.zip; file:_C:\Users\madog\Downloads\267496_Sux5qLRxj0.zip->267496_Sux5qLRxj0.exe; webfile:_C:\Users\madog\Downloads\267496_Sux5qLRxj0.zip|https://www.engineowning.to/DownloadMaster/dl.php|pid:20076,ProcessStart:132827819855430873 Erkennungsursprung: Internet Erkennungstype: FastPath Erkennungsquelle: Downloads und Anlagen Benutzer: DESKTOP-VQN4R79\madog Prozessname: Unknown Sicherheitsversion: AV: 1.353.1825.0, AS: 1.353.1825.0, NIS: 1.353.1825.0 Modulversion: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-28 21:26:12 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/Persistence.A!ml&threatid=2147737394&enterprise=0 Name: Behavior:Win32/Persistence.A!ml Schweregrad: Schwerwiegend Kategorie: Verdächtiges Verhalten Pfad: file:_C:\Users\madog\OneDrive\Dokumente\Warzone Cheat\267496_ctwPlnsVF.exe; process:_pid:11572,ProcessStart:132826047235403515 Erkennungsursprung: Lokaler Computer Erkennungstype: FastPath Erkennungsquelle: System Benutzer: NT-AUTORITÄT\SYSTEM Prozessname: C:\Users\madog\OneDrive\Dokumente\Warzone Cheat\267496_ctwPlnsVF.exe Sicherheitsversion: AV: 1.353.1733.0, AS: 1.353.1733.0, NIS: 1.353.1733.0 Modulversion: AM: 1.1.18700.4, NIS: 1.1.18700.4  CodeIntegrity: =============== Date: 2023-10-12 17:26:26 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 0616 04/27/2018 Motherboard: ASUSTeK COMPUTER INC. PRIME Z370-A Processor: Intel(R) Core(TM) i7-8700K CPU @ 3.70GHz Percentage of memory in use: 19% Total physical RAM: 49076.38 MB Available physical RAM: 39705.86 MB Total Virtual: 56244.38 MB Available Virtual: 45500.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.23 GB) (Free:1194.69 GB) (Model: CT2000P3SSD8) NTFS Drive d: (Multimedia) (Fixed) (Total:931.07 GB) (Free:121.22 GB) (Model: SAMSUNG HD103UJ) NTFS Drive e: (Programme) (Fixed) (Total:931.51 GB) (Free:627.97 GB) (Model: WDC WD10JUCX-63WPNY0) NTFS Drive f: (Mediathek) (Fixed) (Total:2794.52 GB) (Free:537.5 GB) (Model: WDC WD30EZRZ-00Z5HB0) NTFS \\?\Volume{88699234-1f09-46d5-b774-f1e34dea9833}\ () (Fixed) (Total:0.57 GB) (Free:0.09 GB) NTFS \\?\Volume{3d489c65-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS \\?\Volume{cda07003-0aa7-4226-bd4e-fa24c0b3cf8a}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 1863 GB) (Disk ID: DED17AEC) Partition: GPT. ========================================================== Disk: 1 (Size: 2794.5 GB) (Disk ID: 9E5339EF) Partition: GPT. ========================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: FC0ACD7E) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 3D489C65) Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=449 MB) - (Type=27) ==================== End of Addition.txt =======================