Win32/Wacapew.C!ml

Como dice el titulo, uno de los cuantos ads que baje como estupido y como era un archivo chico de por si lo inicie y pum malware, me cerro la cuenta de steam y resulta que me vendieron un items en el market, no pude verificar si alguien se habia logeado de algun otro lado pero creeria que no porque nunca recibi una notificacion en mi cuenta de steam, tengo autentificacion atravez de mi aplicacion, ANTES de esto corri malwarebytes en modo seguro y me detecto unos malwares en chrome y edge, me asegure de desactivar sincronizacion en google porque seguian apareciendo, corriendolo 3 veces despues de esto no aparecieron más, desinstale malwarebytes pensando que con eso era suficiente y a las 6am veo que me vendieron unos items, instale AdwCleaner y me detecto unas cosas extras en modo seguro, les dejo el Log, ya habre desinstalado completamente este Malware? Y otra pregunta los logs de Malwarebytes siguen en el sistema a pesar de haberlo desinstalado? Asi lo comparto tambien

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-05-2024
# Duration: 00:00:11
# OS:       Windows 10 (Build 19045.5011)
# Scanned:  32107
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Users\Franco\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.ReviverSoft        HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reviversoft.com
PUP.Optional.ReviverSoft        HKLM\Software\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}
PUP.Optional.ReviverSoft        HKLM\Software\Wow6432Node\\Classes\TypeLib\{A520B992-6390-4231-9C89-F06B3587AB80}

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy             Tab for a Cause - gibkoahgjfhphbmeiphbcnhehbfdlcgo

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1697 octets] - [28/12/2022 20:11:54]
AdwCleaner[C00].txt - [1731 octets] - [28/12/2022 20:12:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Que otro programa deberia correr por si las dudas? Hitman? No se, habre perdido 2 dolares algo asi no es mucho ya que no hacen reembolso de estas cosas, pero hay items de muchisimo más valor, pero igual; tambien les dejo el scan del archivo en virustotal https://i.imgur.com/OBBN1dC.png Me dice que no puedo enviar archivos multimedia asi que les dejo el link de imgur

Hize un test con rogue killer en modo seguro con network y salieron 5 más que si parecen que fue la forma de como accedieron a mi PC, las ventas de mi cuenta de steam y la ultima compra para quedarse al dinero fueron instantaneas, fue como que corrieron un script ya estaba usando la PC en ese mismo momento

Program            : RogueKiller Anti-Malware
Version            : 15.19.1.0
x64                : Yes
Program Date       : Oct 28 2024
Location           : D:\DTemp\RogueKiller_portable64.exe
Premium            : No
Company            : Adlice Software
Website            : https://www.adlice.com/
Contact            : https://adlice.com/contact/
Website            : https://adlice.com/download/roguekiller/
Operating System   : Windows 10 (10.0.19045) 64-bit
64-bit OS          : Yes
Startup            : 2
WindowsPE          : No
User               : Franco
User is Admin      : Yes
Date               : 2024/11/05 11:03:05
Type               : Removal
Aborted            : No
Scan Mode          : Standard
Duration           : 1592
Found items        : 6
Total scanned      : 109949
removed_count      : 5
Signatures Version : 20241105_075315
Truesight Driver   : No
Updates Count      : 27
truesight_error    : 1

************************* Warnings *************************

************************* Removal *************************
[PUM.Proxy (Potentially Malicious)] HKEY_USERS\S-1-5-21-3068610548-648472602-614667811-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer --  -> Deleted
  [+] scan_what       : reg_values
  [+] vendors         : PUM.Proxy
  [+] Name            : HKEY_USERS\S-1-5-21-3068610548-648472602-614667811-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer
  [+] Type            : Registry
  [+] file_vtscore    : 0
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 4
  [+] id              : 0
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Replaced (2)
  [+] scan_what       : reg_values
  [+] vendors         : PUM.Policies
  [+] Name            : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin
  [+] Type            : Registry
  [+] file_vtscore    : 0
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 4
  [+] id              : 1
  [+] status          : 3
  [+] status_str      : Replaced (2)
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUP.OnlineIO (Potentially Malicious)] AdvinstAnalytics -- %localappdata%\AdvinstAnalytics -> Deleted
  [+] scan_what       : files
  [+] vendors         : PUP.OnlineIO
  [+] Name            : AdvinstAnalytics
  [+] value           : %localappdata%\AdvinstAnalytics
  [+] Type            : File/Folder
  [+] file_vtscore    : 0
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 2
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[Adw.Xunlei (Potentially Malicious)] Thunder Network -- %programdata%\Thunder Network -> Deleted
  [+] scan_what       : files
  [+] vendors         : Adw.Xunlei
  [+] Name            : Thunder Network
  [+] value           : %programdata%\Thunder Network
  [+] Type            : File/Folder
  [+] file_vtscore    : 0
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 3
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1

[PUP.InstallCore (Potentially Malicious)] DsNET Corp -- %programfiles(x86)%\DsNET Corp -> Deleted
  [+] scan_what       : files
  [+] vendors         : PUP.InstallCore
  [+] Name            : DsNET Corp
  [+] value           : %programfiles(x86)%\DsNET Corp
  [+] Type            : File/Folder
  [+] file_vtscore    : 0
  [+] file_vttotal    : 0
  [+] is_malicious    : Yes
  [+] detection_level : 3
  [+] id              : 4
  [+] status          : 3
  [+] status_str      : Deleted
  [+] removed         : Yes
  [+] status_choice   : 2
  [+] malpe_score     : -1


Pueden confirmarme si ya estare libre del malware que da acceso a mi pc?

Puede ser que alguno de esos archivos infectados que borro RogueKiller hayan tenido algo que ver con Microsoft Edge, veo que uno dice Microsoft? ya que despues de borrar esos archivos todas mis cuentas en ese navegador fueron borradas, con eso no tengo problema, logeo de vuelta, solo me estoy asegurando que sea por lo que borro RogueKiller y bueno tendria sentido despues de reiniciar la pc del modo seguro a normal y que haya pasado eso.

dejo adjunto FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2024
Ran by Franco (administrator) on DESKTOP-591ALQ9 (Gigabyte Technology Co., Ltd. GA-880GM-USB3) (05-11-2024 11:50:57)
Running from C:\Users\Franco\Desktop\FRSTEnglish.exe
Loaded Profiles: Franco
Platform: Microsoft Windows 10 Pro Version 22H2 19045.5011 (X64) Language: Spanish (Spain, International Sort) -> English (United States)
Default browser: Edge
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mobsync.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\userinit.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6607584 2022-03-07] (Adobe Inc. -> Adobe Systems Inc.) [File not signed]
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [4131552 2024-09-24] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [599056 2021-10-28] (Razer USA Ltd. -> Razer Inc.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752216 2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [AutoStartGo] => C:\Program Files (x86)\Delivery Hero SE\Go\Go.exe [78336 2024-10-24] (Delivery Hero SE) [File not signed]
HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4406632 2024-09-17] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [123172904 2024-10-21] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Run: [Honeygain] => C:\Users\Franco\AppData\Roaming\Honeygain\Honeygain.exe [929944 2022-02-02] (OOO "XMAC" -> ) <==== ATTENTION
HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Run: [MicrosoftEdgeAutoLaunch_CD59F96E9A75DD4AC719E078EC587A0B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3856424 2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Run: [Discord] => C:\Users\Franco\AppData\Local\Discord\Update.exe [1515904 2024-10-03] (Discord Inc. -> GitHub)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: c:\windows\system32\AdobePDF.dll [203936 2022-03-02] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\130.0.6723.92\Installer\chrmstp.exe [2024-10-31] (Google LLC -> Google LLC)
Startup: C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2022-01-27]
ShortcutTarget: ShareX.lnk -> C:\Program Files (x86)\Steam\steamapps\common\ShareX\ShareX_Launcher.exe (ShareX Team) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {B2AC29FF-75A2-4599-B5AB-F3DE36AF709B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5845320 2024-10-09] (Microsoft Windows -> Microsoft Corporation)
Task: {D6B9E4D9-5DA2-4DA3-A62D-73684428A29B} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\PrecisionX_x64.exe  (No File)
Task: {BCA6E264-116C-4CF8-9AE8-0CE8FEC104B8} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem131.0.6776.0{B43AF2A6-26CB-48D9-BA52-C200E74D4BD2} => C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe [5507168 2024-10-14] (Google LLC -> Google LLC)
Task: {EA43DFC3-9988-41EC-92E4-5A3AD3A49415} - System32\Tasks\HyperXRamApp => C:\Users\Franco\AppData\Local\Packages\33C30B79.HyperXNGenuity_0a78dr3hq0pvt\LocalState\\HyperXMemoryPlug-in.exe  (No File)
Task: {AD26A342-22F0-4718-B001-6CE879F5FD56} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2118144 2024-07-01] () [File not signed]
Task: {F5B8CF02-1082-45C2-ACAE-1927FFD3299F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {75DFFF8E-4DDC-4D1B-9663-19A35B497487} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {1ECD5D96-4257-4B7A-BF30-1B15230C6EB0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {198C4509-9413-4D75-ADCD-7ED559BF8755} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {EED4E976-2A77-436F-A2FD-48C0EDC4059B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {80DA9585-A73C-4578-BF7D-39589FB7FA6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-02-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{687a8dcb-a69f-4661-935e-68e6e4dd64c8}: [DhcpNameServer] 186.130.128.250 186.130.129.250

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default [2024-11-05]
Edge DownloadDir: Default -> D:\DTemp
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxps://www.google.com.ar/"
Edge NewTab: Default ->  Active:"chrome-extension://hmiiajmhelfgiaoboffbjpjdckbmnddg/newtab.html"
Edge Extension: (Dark Skin For Crunchyroll) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\agjiicokbioponboibkfhfgmhcacafph [2024-07-18]
Edge Extension: (The FFZ Add-On Pack) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aiimboljphncldaakcnapfolgnjonlea [2024-07-18]
Edge Extension: (Zoom for Microsoft Edge) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\akclpjahoedloodjomjhnlmmblikemjj [2024-07-18]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-09-27]
Edge Extension: (Night Mode) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkiiljdcpccihhoigelmohcfkehdnjej [2024-07-18]
Edge Extension: ('Improve YouTube!' 🎧 (for YouTube & Videos)) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2024-10-25]
Edge Extension: (Sad Panda) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2024-07-18]
Edge Extension: (Shorts to Normal player) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmhmepchidgajcngdkpdchbdboheihgi [2024-07-18]
Edge Extension: (Copy All Urls) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2024-07-18]
Edge Extension: (Augmented Steam) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dnhpnfgdlenaccegplpojghhmaamnnfp [2024-09-17]
Edge Extension: (MetaMask) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2024-07-22]
Edge Extension: (Keepa - Amazon Price Tracker) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejefaeioamebhekmfaclajddbpnnobje [2024-11-04]
Edge Extension: (FrankerFaceZ) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2024-10-30]
Edge Extension: (Steamcito: Steam con impuestos Argentina 2024) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcjljapncagfmfhdkccgnbkgdpbcefcj [2024-10-15]
Edge Extension: (Return YouTube Dislike) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2024-10-18]
Edge Extension: (appchan x) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gfibffekgcmgabbfaibbbcapgnfobnoi [2024-07-18]
Edge Extension: (Google Docs Offline) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-13]
Edge Extension: (Tab for a Cause) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hmiiajmhelfgiaoboffbjpjdckbmnddg [2024-07-18]
Edge Extension: (BetterTTV) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb [2024-10-28]
Edge Extension: (MyJDownloader Browser Extension) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ieapabanbplofifeaapjocpaogdhncdd [2024-07-18]
Edge Extension: (Tampermonkey) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iikmkjmpaadaobahmlepeloendndfphd [2024-07-18]
Edge Extension: (Imagus) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2024-10-15]
Edge Extension: (Chrome Remote Desktop) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2024-07-18]
Edge Extension: (MEGA) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jemjknhgpjaacbghpdhgchbgccbpkkgf [2024-11-01] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json] <==== ATTENTION
Edge Extension: (Hide Labels and End Cards on Youtube) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jinenhpepbpkepablpjjchejlabbpken [2024-07-18]
Edge Extension: (Edge relevant text changes) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Video DownloadHelper) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmkaglaafmhbcpleggkmaliipiilhldn [2024-10-16]
Edge Extension: (Twitter Video Downloader | Fast and Free) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nbkknbagklenkcienihfapbfpjemnfoi [2024-07-18]
Edge Extension: (Urban VPN Proxy) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nimlmejbmnecnaghgmbahmbaddhjbecg [2024-08-29]
Edge Extension: (ShareX) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nlkoigbdolhchiicbonbihbphgamnaoc [2024-07-18]
Edge Extension: (uBlock Origin) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-09-27]
Edge Extension: (4chan X) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2024-07-18]
Edge Extension: (Flag Cookies) - C:\Users\Franco\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phcaemipbgodliopfijmcmlbdhpkbndb [2024-07-18]
Edge HKU\S-1-5-21-3068610548-648472602-614667811-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx [2023-09-08]

FireFox:
========
FF DefaultProfile: p484cqek.default
FF ProfilePath: C:\Users\Franco\AppData\Roaming\Mozilla\Firefox\Profiles\p484cqek.default [2022-11-04]
FF ProfilePath: C:\Users\Franco\AppData\Roaming\Mozilla\Firefox\Profiles\vh1998xv.default-release-1683621232822 [2024-05-18]
FF Extension: (Tab Stash) - C:\Users\Franco\AppData\Roaming\Mozilla\Firefox\Profiles\vh1998xv.default-release-1683621232822\Extensions\[email protected] [2023-05-09]
FF Extension: (Greasemonkey) - C:\Users\Franco\AppData\Roaming\Mozilla\Firefox\Profiles\vh1998xv.default-release-1683621232822\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2023-05-09]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Franco\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Franco\AppData\Roaming\IDM\idmmzcc5 [2023-09-08] [Legacy] [not signed]
FF HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.431.2 -> C:\Program Files\Java\jre1.8.0_431\bin\dtplugin\npDeployJava1.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.431.2 -> C:\Program Files\Java\jre1.8.0_431\bin\plugin2\npjp2.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default [2024-11-05]
CHR DownloadDir: C:\Users\Franco\Downloads
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com.ar/"
CHR NewTab: Default ->  Active:"chrome-extension://gibkoahgjfhphbmeiphbcnhehbfdlcgo/newtab.html"
CHR Extension: (Dark Skin For Crunchyroll) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjiicokbioponboibkfhfgmhcacafph [2022-01-26]
CHR Extension: (The FFZ Add-On Pack) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimboljphncldaakcnapfolgnjonlea [2022-01-26]
CHR Extension: (BetterTTV) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2024-10-30]
CHR Extension: (Dark Theme for Google Chrome) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\annfbnbieaamhaimclajlajpijgkdblo [2024-01-24]
CHR Extension: (MEGA) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2024-11-04] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json] <==== ATTENTION
CHR Extension: (Night Mode) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiiljdcpccihhoigelmohcfkehdnjej [2022-06-07]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-10-11]
CHR Extension: ('Improve YouTube!' 🎧 (for YouTube & Videos)) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnomihfieiccainjcjblhegjgglakjdd [2024-10-25]
CHR Extension: (Sad Panda) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2022-01-26]
CHR Extension: (uBlock Origin) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-10-04]
CHR Extension: (Shorts to Normal player) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhmepchidgajcngdkpdchbdboheihgi [2023-10-17]
CHR Extension: (Tampermonkey) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2024-11-01]
CHR Extension: (Copy All Urls) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\djdmadneanknadilpjiknlnanaolmbfk [2022-01-26]
CHR Extension: (Augmented Steam) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhpnfgdlenaccegplpojghhmaamnnfp [2024-09-22]
CHR Extension: (Session Buddy) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2024-06-14]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-10-25]
CHR Extension: (Urban VPN Proxy) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppiocemhmnlbhjplcgkofciiegomcon [2024-08-30]
CHR Extension: (FrankerFaceZ) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2024-11-01]
CHR Extension: (MyJDownloader Browser Extension) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2022-01-26]
CHR Extension: (Steamcito: Steam con impuestos Argentina 2024) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjljapncagfmfhdkccgnbkgdpbcefcj [2024-10-25]
CHR Extension: (Return YouTube Dislike) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebbhagfogifgggkldgodflihgfeippi [2024-10-25]
CHR Extension: (appchan x) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfibffekgcmgabbfaibbbcapgnfobnoi [2022-01-26]
CHR Extension: (Google Docs Offline) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-10-11]
CHR Extension: (Tab for a Cause) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibkoahgjfhphbmeiphbcnhehbfdlcgo [2024-11-05]
CHR Extension: (Imagus) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2024-10-25]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-06]
CHR Extension: (Hide Labels and End Cards on Youtube) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jinenhpepbpkepablpjjchejlabbpken [2022-05-21]
CHR Extension: (Zoom for Google Chrome) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2024-07-07]
CHR Extension: (Video DownloadHelper) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2024-10-30]
CHR Extension: (Twitter Video Downloader | Fast and Free) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkknbagklenkcienihfapbfpjemnfoi [2023-09-20]
CHR Extension: (IDM Integration Module) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2024-09-22]
CHR Extension: (MetaMask) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-11-04]
CHR Extension: (ShareX) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlkoigbdolhchiicbonbihbphgamnaoc [2024-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-01-26]
CHR Extension: (4chan X) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohnjgmpcibpbafdlkimncjhflgedgpam [2023-03-01]
CHR Extension: (Flag Cookies) - C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Default\Extensions\phcaemipbgodliopfijmcmlbdhpkbndb [2024-02-05]
CHR Profile: C:\Users\Franco\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-01-30]
CHR Profile: C:\Users\Franco\AppData\Local\Google\Chrome\User Data\System Profile [2022-01-30]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-09-08]
CHR HKU\S-1-5-21-3068610548-648472602-614667811-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-09-08]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2023-09-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2568840 2024-06-08] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18681128 2024-06-08] (BattlEye Innovations e.K. -> )
S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\130.0.6723.14\remoting_host.exe [73832 2024-09-23] (Google LLC -> Google LLC)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-12-28] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [964336 2024-05-17] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-02-10] (Epic Games Inc. -> Epic Games, Inc.)
S2 LetsViewService; C:\Program Files (x86)\LetsView\LetsView\usbmmidd_v2\..\WXCastService.exe [411000 ] (Apowersoft Ltd -> )
S2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [12309432 2023-06-19] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ea7f458f0e49497d\Display.NvContainer\NVDisplay.Container.exe [1275000 2024-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
S2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [447080 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
S2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2019-07-24] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530488 2024-09-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [13651112 2024-09-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 xldr_GrandFantasia_GL; C:\Program Files\Common Files\Wellbia.com\xldr_GrandFantasia_GL.exe [9426728 2024-09-03] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 etdrv; C:\Windows\etdrv.sys [25640 2024-05-26] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2024-05-26] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [52528 2024-05-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2024-05-26] (GIGA-BYTE TECHNOLOGY CO., LTD -> )
S2 IDMWFP; C:\Windows\System32\drivers\idmwfp.sys [171512 2023-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Tonec Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51224 2016-02-04] (Razer USA Ltd. -> Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [47640 2016-02-04] (Razer USA Ltd. -> Razer Inc)
S3 SteamStreamingMicrophone; C:\Windows\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> )
S3 SteamStreamingSpeakers; C:\Windows\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> )
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [28690232 2024-09-24] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2024-05-12] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 xhunter1; C:\Windows\xhunter1.sys [194448 2024-10-08] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-11-05 11:50 - 2024-11-05 11:51 - 000029366 _____ C:\Users\Franco\Desktop\FRST.txt
2024-11-05 11:47 - 2024-11-05 11:51 - 000000000 ____D C:\FRST
2024-11-05 11:18 - 2024-11-05 11:17 - 002398720 _____ (Farbar) C:\Users\Franco\Desktop\FRSTEnglish.exe
2024-11-05 08:06 - 2024-11-05 08:06 - 000004238 _____ C:\Users\Franco\Desktop\roguekiller110524-8AM.txt
2024-11-04 10:56 - 2024-11-04 10:57 - 001483108 _____ C:\Windows\Minidump\110424-9609-01.dmp
2024-11-04 10:56 - 2024-11-04 10:56 - 812870666 _____ C:\Windows\MEMORY.DMP
2024-11-04 08:41 - 2024-11-04 11:43 - 000001870 _____ C:\Users\Franco\Desktop\Rkill.txt
2024-11-04 06:35 - 2024-11-04 07:59 - 000000000 ____D C:\hbcfbdf
2024-11-04 06:35 - 2024-11-04 06:35 - 000000000 ___HD C:\temp
2024-11-02 00:12 - 2024-11-02 00:12 - 000000000 ____D C:\Users\Franco\AppData\LocalLow\ProjectMoon
2024-11-01 00:54 - 2024-11-01 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delivery Hero SE
2024-11-01 00:54 - 2024-11-01 00:54 - 000000000 ____D C:\Program Files (x86)\Delivery Hero SE
2024-10-22 21:46 - 2024-10-22 21:45 - 016280199 _____ C:\Users\Franco\Downloads\WhatsApp Video 2024-10-22 at 21.45.46_457efce8.mp4
2024-10-22 21:46 - 2024-10-22 21:35 - 009307495 _____ C:\Users\Franco\Downloads\WhatsApp Video 2024-10-22 at 21.34.56_6c5120f3.mp4
2024-10-19 01:15 - 2024-10-19 01:15 - 000000000 ____D C:\Users\Franco\AppData\LocalLow\beepbopdubi
2024-10-18 04:35 - 2024-10-18 04:35 - 000000000 ____D C:\Users\Franco\AppData\Local\nwjs
2024-10-17 07:57 - 2024-10-17 08:44 - 000000000 ____D C:\Users\Franco\AppData\Local\King of Vikings
2024-10-17 07:47 - 2024-10-17 07:47 - 000000000 ____D C:\Users\Franco\AppData\Roaming\Sun
2024-10-17 07:46 - 2024-10-17 07:47 - 000000000 ____D C:\Program Files\Java
2024-10-17 07:46 - 2024-10-17 07:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2024-10-17 07:46 - 2024-09-30 08:34 - 000213120 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2024-10-16 18:57 - 2024-11-05 10:59 - 000000000 ____D C:\Users\Franco\AppData\Local\Discord
2024-10-16 18:50 - 2024-10-16 18:50 - 000000000 ____D C:\Users\Franco\AppData\Local\NVIDIA
2024-10-16 09:05 - 2024-10-16 09:05 - 000108202 _____ C:\Users\Franco\Desktop\DxDiag.txt
2024-10-16 09:02 - 2024-10-16 09:02 - 000000000 ____D C:\Users\Franco\AppData\Roaming\NVIDIA
2024-10-15 20:29 - 2024-10-15 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO® 64
2024-10-15 19:18 - 2024-11-05 09:57 - 000000000 ____D C:\ProgramData\NVIDIA
2024-10-15 19:18 - 2024-10-15 21:20 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2024-10-15 19:18 - 2024-10-15 19:18 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2024-10-15 19:18 - 2024-10-15 19:18 - 000000000 ____D C:\Users\Franco\AppData\LocalLow\NVIDIA
2024-10-15 19:18 - 2024-10-15 19:18 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2024-10-15 19:14 - 2024-11-02 02:09 - 000000000 ____D C:\Users\Franco\AppData\Local\D3DSCache
2024-10-15 19:14 - 2024-10-15 19:14 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2024-10-15 19:14 - 2024-09-28 15:32 - 000125048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2024-10-15 19:13 - 2024-09-28 18:03 - 002060648 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2024-10-15 19:13 - 2024-09-28 18:03 - 002060648 _____ C:\Windows\system32\vulkaninfo.exe
2024-10-15 19:13 - 2024-09-28 18:03 - 001600360 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-10-15 19:13 - 2024-09-28 18:03 - 001600360 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2024-10-15 19:13 - 2024-09-28 18:03 - 001452392 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2024-10-15 19:13 - 2024-09-28 18:03 - 001452392 _____ C:\Windows\system32\vulkan-1.dll
2024-10-15 19:13 - 2024-09-28 18:03 - 001301864 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2024-10-15 19:13 - 2024-09-28 18:03 - 001301864 _____ C:\Windows\SysWOW64\vulkan-1.dll
2024-10-15 19:13 - 2024-09-28 18:03 - 000477816 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2024-10-15 19:13 - 2024-09-28 18:03 - 000374920 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2024-10-15 19:13 - 2024-09-28 18:00 - 001114232 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2024-10-15 19:13 - 2024-09-28 18:00 - 000670240 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2024-10-15 19:13 - 2024-09-28 18:00 - 000505488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2024-10-15 19:13 - 2024-09-28 17:59 - 025450104 _____ C:\Windows\system32\nvidia-pcc.exe
2024-10-15 19:13 - 2024-09-28 17:59 - 002184824 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2024-10-15 19:13 - 2024-09-28 17:59 - 001634952 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2024-10-15 19:13 - 2024-09-28 17:59 - 001554568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2024-10-15 19:13 - 2024-09-28 17:59 - 001209480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2024-10-15 19:13 - 2024-09-28 17:59 - 001041528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2024-10-15 19:13 - 2024-09-28 17:59 - 000863352 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2024-10-15 19:13 - 2024-09-28 17:59 - 000801416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2024-10-15 19:13 - 2024-09-28 17:59 - 000461944 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2024-10-15 19:13 - 2024-09-28 17:58 - 017737352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2024-10-15 19:13 - 2024-09-28 17:58 - 016811128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2024-10-15 19:13 - 2024-09-28 17:58 - 006952568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2024-10-15 19:13 - 2024-09-28 17:58 - 005909624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2024-10-15 19:13 - 2024-09-28 17:58 - 005435528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2024-10-15 19:13 - 2024-09-28 17:58 - 003807880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2024-10-15 19:13 - 2024-09-28 17:58 - 000853640 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2024-10-15 19:13 - 2024-09-28 17:57 - 007157504 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2024-10-15 19:13 - 2024-09-28 17:57 - 006234672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2024-10-15 19:13 - 2024-09-26 21:17 - 000132691 _____ C:\Windows\system32\nvinfo.pb
2024-10-15 18:51 - 2024-10-15 18:51 - 000000000 ____D C:\Windows\pss
2024-10-15 18:35 - 2024-10-15 18:35 - 000000000 ____D C:\Windows\system32\lxss
2024-10-15 18:35 - 2024-10-15 18:35 - 000000000 ____D C:\Windows\LastGood
2024-10-15 15:38 - 2024-10-15 15:38 - 000000000 ____D C:\Windows\LastGood.Tmp
2024-10-09 10:38 - 2024-10-09 10:38 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-11-05 11:50 - 2022-12-30 22:36 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2024-11-05 11:50 - 2022-01-26 14:12 - 000008192 ___SH C:\DumpStack.log.tmp
2024-11-05 11:50 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI
2024-11-05 11:49 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-11-05 11:49 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2024-11-05 11:39 - 2024-06-06 21:18 - 000000000 ____D C:\Users\Franco\AppData\Roaming\discord
2024-11-05 11:39 - 2022-01-27 11:46 - 000000000 ____D C:\Users\Franco\Documents\ShareX
2024-11-05 11:39 - 2022-01-26 14:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-11-05 11:33 - 2022-03-29 15:16 - 000000000 ____D C:\Users\Franco\AppData\Roaming\Spike
2024-11-05 11:10 - 2022-01-26 14:12 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-11-05 11:02 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-11-05 10:40 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-11-05 10:40 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2024-11-05 10:35 - 2022-01-26 15:19 - 000000000 ____D C:\Program Files (x86)\Steam
2024-11-05 10:00 - 2022-01-26 15:44 - 000000000 ____D C:\Users\Franco\AppData\Roaming\Microsoft\Skype for Desktop
2024-11-05 08:04 - 2022-01-26 16:12 - 000000000 ____D C:\Windows\SystemTemp
2024-11-05 06:43 - 2022-04-18 05:41 - 000000000 ____D C:\Users\Franco\AppData\Local\CrashDumps
2024-11-05 06:40 - 2023-12-05 17:03 - 000000000 ____D C:\Users\Franco\AppData\Roaming\IObit
2024-11-05 06:40 - 2023-12-05 17:03 - 000000000 ____D C:\ProgramData\IObit
2024-11-05 06:13 - 2022-01-26 15:21 - 000000000 ____D C:\Users\Franco\AppData\Local\Steam
2024-11-04 23:56 - 2022-02-08 03:44 - 000000000 ____D C:\Users\Franco\AppData\Roaming\RenPy
2024-11-04 15:17 - 2022-01-27 01:43 - 000000000 ____D C:\Users\Franco\dwhelper
2024-11-04 11:46 - 2024-03-09 00:25 - 000000000 ____D C:\Users\Franco\AppData\Roaming\HandBrake
2024-11-04 10:57 - 2022-08-24 20:06 - 000000000 ____D C:\Windows\Minidump
2024-11-04 10:55 - 2024-05-01 15:16 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2024-11-04 08:01 - 2024-05-01 04:18 - 000000000 ____D C:\Program Files\Riot Vanguard
2024-11-04 08:01 - 2022-01-26 14:51 - 000000000 ____D C:\Users\Franco
2024-11-04 07:59 - 2024-03-02 07:17 - 000000000 ____D C:\Users\Franco\AppData\Roaming\riot-client-ux
2024-11-04 07:59 - 2022-11-04 22:55 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-11-04 06:45 - 2023-09-20 02:46 - 000000000 ____D C:\ProgramData\Riot Games
2024-11-04 06:45 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\registration
2024-11-04 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\NDF
2024-11-04 01:44 - 2023-09-30 21:20 - 000000016 _____ C:\ProgramData\mntemp
2024-11-04 01:44 - 2022-12-28 22:47 - 000000133 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2024-11-02 23:47 - 2023-11-19 05:04 - 000000000 ____D C:\Users\Franco\AppData\Roaming\ctbrec
2024-11-02 15:14 - 2023-01-16 10:11 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-11-02 15:14 - 2022-01-26 14:15 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-11-02 14:17 - 2022-10-26 16:42 - 000124456 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2024-11-02 14:17 - 2022-10-26 16:42 - 000075304 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2024-11-02 14:17 - 2022-02-25 02:50 - 002872896 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2024-11-02 14:17 - 2022-02-25 02:50 - 000775720 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2024-11-02 14:17 - 2022-02-25 02:50 - 000243240 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2024-11-02 14:17 - 2022-02-25 02:50 - 000243240 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2024-11-02 14:17 - 2022-02-25 02:50 - 000153152 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2024-11-02 06:34 - 2022-10-05 02:44 - 000000000 ____D C:\Users\Franco\AppData\Local\Battle.net
2024-11-02 02:38 - 2022-10-05 02:47 - 000000000 ____D C:\Program Files (x86)\Overwatch
2024-11-02 02:07 - 2022-10-05 02:44 - 000000000 ____D C:\Program Files (x86)\Battle.net
2024-11-02 00:38 - 2023-01-31 03:49 - 000000000 ____D C:\Users\Franco\AppData\LocalLow\Unity
2024-11-01 19:07 - 2022-01-26 14:15 - 000003636 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-01 19:07 - 2022-01-26 14:15 - 000003512 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-01 00:54 - 2023-05-30 16:49 - 000001113 _____ C:\Users\Public\Desktop\Go.lnk
2024-11-01 00:54 - 2022-01-26 15:31 - 000000000 ____D C:\ProgramData\Package Cache
2024-10-31 17:57 - 2022-01-26 15:15 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-10-31 17:57 - 2022-01-26 15:15 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-10-30 22:01 - 2022-01-26 14:15 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-10-30 11:07 - 2022-01-26 14:54 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3068610548-648472602-614667811-1001
2024-10-30 11:07 - 2022-01-26 14:53 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3068610548-648472602-614667811-1001
2024-10-30 11:07 - 2022-01-26 14:51 - 000002382 _____ C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-10-30 03:57 - 2024-05-20 00:37 - 000000000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RCDate.ini
2024-10-30 03:57 - 2024-05-01 15:25 - 000000000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\RCDate.ini
2024-10-30 03:57 - 2023-10-01 16:16 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2024-10-30 03:57 - 2023-02-21 01:32 - 000001270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2024-10-30 03:57 - 2022-06-11 15:12 - 000002647 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newgrounds Player.lnk
2024-10-30 03:57 - 2022-04-27 23:01 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-10-30 03:57 - 2022-03-29 15:42 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2024-10-30 03:57 - 2022-01-27 13:00 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-10-29 03:02 - 2024-05-25 18:30 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FanControl.lnk
2024-10-29 03:02 - 2022-02-01 17:54 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2024-10-29 03:02 - 2022-02-01 17:54 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2024-10-28 07:23 - 2022-03-29 15:42 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2024-10-26 07:12 - 2022-01-28 01:39 - 000000000 ____D C:\Users\Franco\AppData\Roaming\Telegram Desktop
2024-10-25 20:08 - 2022-01-26 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2024-10-24 23:08 - 2022-01-26 15:16 - 000002248 _____ C:\Users\Franco\Desktop\Discord.lnk
2024-10-23 08:07 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\LiveKernelReports
2024-10-21 22:12 - 2023-05-03 03:15 - 000000000 ____D C:\ProgramData\Piriform
2024-10-20 01:33 - 2024-08-03 14:43 - 000000000 ____D C:\Users\Franco\Desktop\cslol-manager
2024-10-18 16:50 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\appcompat
2024-10-18 04:46 - 2023-02-24 19:22 - 000000000 ____D C:\Users\Franco\AppData\Local\User Data
2024-10-16 18:58 - 2022-01-26 15:16 - 000000000 ____D C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2024-10-16 18:58 - 2022-01-26 15:16 - 000000000 ____D C:\Users\Franco\AppData\Local\SquirrelTemp
2024-10-16 18:49 - 2024-06-18 08:25 - 000000000 ____D C:\Users\Franco\AppData\Roaming\BetterDiscord Installer
2024-10-15 22:04 - 2024-09-12 22:48 - 041943896 _____ C:\Windows\392667600.dat
2024-10-15 20:29 - 2022-02-07 17:38 - 000000000 ____D C:\Program Files\HWiNFO64
2024-10-15 19:18 - 2022-01-26 14:51 - 000000000 ____D C:\Users\Franco\AppData\Local\Packages
2024-10-15 18:22 - 2022-01-26 15:26 - 000000000 ____D C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-10-13 18:17 - 2023-05-19 00:17 - 000000000 ____D C:\Users\Franco\AppData\Roaming\Replay Video Capture 11
2024-10-11 02:15 - 2023-10-04 18:56 - 000000000 ____D C:\Program Files\RUXIM
2024-10-09 18:12 - 2022-02-01 17:26 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-10-09 18:06 - 2023-04-15 17:04 - 000475454 _____ C:\Windows\system32\perfh011.dat
2024-10-09 18:06 - 2023-04-15 17:04 - 000129082 _____ C:\Windows\system32\perfc011.dat
2024-10-09 18:06 - 2022-01-26 14:55 - 002378598 _____ C:\Windows\system32\PerfStringBackup.INI
2024-10-09 18:06 - 2019-12-07 11:55 - 000771422 _____ C:\Windows\system32\perfh00A.dat
2024-10-09 18:06 - 2019-12-07 11:55 - 000148938 _____ C:\Windows\system32\perfc00A.dat
2024-10-09 18:02 - 2022-01-26 14:12 - 000345840 _____ C:\Windows\system32\FNTCACHE.DAT
2024-10-09 18:01 - 2019-12-07 11:56 - 000000000 ____D C:\Windows\system32\OpenSSH
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\es-MX
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-10-09 18:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2024-10-09 10:55 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2024-10-09 10:49 - 2022-01-26 14:17 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-10-09 10:37 - 2022-01-26 15:37 - 000000000 ____D C:\Windows\system32\MRT
2024-10-09 10:32 - 2022-01-26 15:37 - 201324920 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-10-08 12:04 - 2024-09-02 11:27 - 000194448 _____ (Wellbia.com Co., Ltd.) C:\Windows\xhunter1.sys

==================== Files in the root of some directories ========

2022-04-04 16:00 - 2022-04-04 16:00 - 000001875 _____ () C:\Users\Franco\AppData\Roaming\Microsoft\72c00a6e-c5c4-4eef-87db-677a36ea6443.tmp
2022-05-29 02:21 - 2022-05-29 02:21 - 000002374 _____ () C:\Users\Franco\AppData\Roaming\Microsoft\748301f9-015f-4009-bc66-97274349df3a.tmp
2022-02-02 01:14 - 2022-02-02 01:14 - 000000000 _____ () C:\Users\Franco\AppData\Local\oobelibMkey.log
2024-08-17 20:41 - 2024-08-17 20:41 - 000007602 _____ () C:\Users\Franco\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



safeboot: Network => The system is configured to boot to Safe Mode <==== ATTENTION
==================== End of FRST.txt ========================

y el addition.txt que es muy largo asi que lo divido

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-11-2024
Ran by Franco (05-11-2024 11:52:21)
Running from C:\Users\Franco\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.5011 (X64) (2022-01-26 17:47:35)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrador (S-1-5-21-3068610548-648472602-614667811-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3068610548-648472602-614667811-503 - Limited - Disabled)
Franco (S-1-5-21-3068610548-648472602-614667811-1001 - Administrator - Enabled) => C:\Users\Franco
Invitado (S-1-5-21-3068610548-648472602-614667811-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3068610548-648472602-614667811-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\uTorrent) (Version: 3.5.5.46206 - BitTorrent Inc.)
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 22.001.20085 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
AIDA64 Engineer v7.20 (HKLM-x32\...\AIDA64 Engineer_is1) (Version: 7.20 - FinalWire Ltd.)
Bandicam MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandicam.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cheat Engine 7.5 (HKLM\...\Cheat Engine_is1) (Version:  - Cheat Engine)
Chrome Remote Desktop Host (HKLM-x32\...\{8AFC94B1-F13C-46D8-A406-E410D3BECF8F}) (Version: 130.0.6723.14 - Google LLC)
Comprobación de estado de PC Windows (HKLM\...\{8B474A92-CE3A-4F46-B6F1-6DFA1390F826}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU)
Discord (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Discord) (Version: 1.0.9166 - Discord Inc.)
DownloadHelper CoApp (HKLM-x32\...\DownloadHelper CoApp) (Version: 2.0.19.0 - ACLAP)
Epic Games Launcher (HKLM-x32\...\{727933F2-AE0A-48AE-B9D0-CA01F276DFD2}) (Version: 1.3.65.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{4757C19B-4CE3-418C-91D2-E15E938091FB}) (Version: 2.0.39.0 - Epic Games, Inc.)
FanControl (HKLM-x32\...\{141A88F8-31AC-49EA-B428-2BE8C19DED83}_is1) (Version: 191 - Remi Mercier Software Inc)
FastStone Image Viewer 7.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.5 - FastStone Soft)
Freenet version 0.7.5 build 1494 (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\{3196C62F-9C7B-4392-88B4-05C037D05518}_is1) (Version: 0.7.5 build 1494 - freenetproject.org)
Go 2.71.0 (HKLM-x32\...\{9afcdccb-2579-49c8-ac80-546dfaaed748}) (Version: 2.71.0 - Delivery Hero SE)
Go_Full_Installer_2.71.0 (HKLM-x32\...\{4288A22A-1373-40D3-BDF7-DCB6B0B4171C}) (Version: 2.71.0 - runneradmin) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 130.0.6723.92 - Google LLC)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 1.7.3 (HKLM-x32\...\HandBrake) (Version: 1.7.3 - )
Honeygain (HKLM-x32\...\{7CF45594-1D4C-422E-ADF6-3A1E99FE8A45}) (Version: 0.11.2.0 - Honeygain) <==== ATTENTION
HWiNFO® 64 (HKLM\...\HWiNFO® 64_is1) (Version: 8.12 - Martin Malik, REALiX s.r.o.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.41.20 - Tonec Inc.)
Java 8 Update 431 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180431F0}) (Version: 8.0.4310.10 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Mega Codec Pack 18.4.9 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.4.9 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
LetsView V1.3.5.6 (HKLM-x32\...\{6AA74BE4-9506-4D81-A07C-A40F883C2EA7}_is1) (Version: 1.3.5.6 - LetsView LIMITED)
Microsoft .NET Host - 6.0.27 (x64) (HKLM\...\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.5 (x64) (HKLM\...\{8FB40332-CD49-4E77-A40D-E2D09368632D}) (Version: 64.20.13583 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.27 (x64) (HKLM\...\{7447A794-FA2E-42BE-BA9A-5FCBD54C5DF3}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.5 (x64) (HKLM\...\{25F6351D-21A3-4E92-964E-01E864A21AB1}) (Version: 64.20.13583 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.27 (x64) (HKLM\...\{79043ED0-7ED1-4227-A5E5-04C5594D21F7}) (Version: 48.108.8828 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.5 (x64) (HKLM\...\{26037618-FB6D-47BC-9F99-4C4323C4CEC6}) (Version: 64.20.13583 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 130.0.2849.68 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2021 - en-us (HKLM\...\ProPlus2021Volume - en-us) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2021 - es-es (HKLM\...\ProPlus2021Volume - es-es) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\OneDriveSetup.exe) (Version: 24.196.0929.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM\...\{E634F316-BEB6-4FB3-A612-F7102F576165}) (Version: 48.108.8836 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.27 (x64) (HKLM-x32\...\{d87ae0f4-64a6-4b94-859a-530b9c313c27}) (Version: 6.0.27.33320 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.5 (x64) (HKLM\...\{CE4D0B17-4E11-41F9-8C3B-73F61DFE0797}) (Version: 64.20.13589 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.5 (x64) (HKLM-x32\...\{f1becfe0-3a94-4d8f-ba39-c5853803edda}) (Version: 8.0.5.33617 - Microsoft Corporation)
Mu (HKLM-x32\...\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}) (Version: 0.68.0000 - Webzen)
Newgrounds Player (HKLM-x32\...\{B9735123-2823-49F8-8264-372895D39702}) (Version: 1.0.0 - Newgrounds)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.7 - Notepad++ Team)
NVIDIA Graphics Driver 565.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 565.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.4.2.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.2.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 29.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\DGC-PlanetSide 2) (Version: 1.0.3.198 - Daybreak Game Company)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.41 - Razer Inc.)
Recorder Devices for ShareX 0.12.10 (HKLM\...\Recorder Devices for ShareX_is1) (Version: 0.12.10 - )
Replay Video Capture 11 (HKLM-x32\...\Replay Video Capture 11) (Version: 11.5.2.0 - Applian LLC)
Riot Client  (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\Riot Game Riot_Client.) (Version:  - Riot Games, Inc)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
Skype version 8.131 (HKLM-x32\...\Skype_is1) (Version: 8.131 - Skype Technologies S.A.)
Spike 4.1.0 (HKLM\...\51c4cd5b-f712-509e-95cd-a35a12dc3d1a) (Version: 4.1.0 - Chatflow LTD)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synthesia (HKLM-x32\...\Synthesia) (Version: 10.9.5903 - Synthesia LLC)
Telegram Desktop (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 5.6.3 - Telegram FZ-LLC)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VibeMate (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\vibemate-pc) (Version: 1.9.8 - Hytto Ltd.)
WebView2 Runtime de Microsoft Edge (HKLM-x32\...\Microsoft EdgeWebView) (Version: 130.0.2849.56 - Microsoft Corporation)
WinRAR 6.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.10.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom Video Communications, Inc.)

Chrome apps:
============
Chrome Remote Desktop (HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\2988c32ebb6e527a759ea8e31f0bcdc5) (Version: 1.0 - Google\Chrome)

Packages:
=========

Copilot -> C:\Program Files\WindowsApps\Microsoft.Copilot_1.1.8.0_neutral__8wekyb3d8bbwe [2024-11-04] (Microsoft Corporation)
HyperX NGENUITY -> C:\Program Files\WindowsApps\33C30B79.HyperXNGenuity_5.27.4.0_x64__0a78dr3hq0pvt [2024-11-04] (HP Inc.) [Startup Task]
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.23.0_neutral__8xx8rvfyw5nnt [2024-11-04] (Instagram)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-11-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-11-04] (Microsoft Corporation) [MS Ad]
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.4401.0_x64__8wekyb3d8bbwe [2024-11-04] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe [2024-11-02] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-11-04] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2024-11-04] (Microsoft Corporation)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.1.0.0_x64__8wekyb3d8bbwe [2024-11-04] (Microsoft Corporation)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2443.7.0_x64__cv1g1gvanyjgm [2024-11-04] (WhatsApp Inc.) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3068610548-648472602-614667811-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3068610548-648472602-614667811-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3068610548-648472602-614667811-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3068610548-648472602-614667811-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3068610548-648472602-614667811-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3068610548-648472602-614667811-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3068610548-648472602-614667811-1001_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [File not signed]
ShellIconOverlayIdentifiers: [			IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2021-03-03] (Tonec Inc. -> Tonec FZE)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\contextMenu\NppShell.dll [2024-09-17] (Notepad++ -> Bjarke I. Pedersen [email protected])
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers2: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ea7f458f0e49497d\nvshext.dll [2024-09-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} =>  -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-01-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => c:\windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => c:\windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => c:\windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => c:\windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => c:\windows\system32\bdmjpeg64.dll [75248 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => c:\windows\system32\bdmpegv64.dll [75272 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => c:\windows\system32\bdmpega64.acm [75784 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.mjpg] => C:\Windows\SysWOW64\bdmjpeg.dll [71152 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [vidc.mpeg] => C:\Windows\SysWOW64\bdmpegv.dll [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [msacm.bdmpeg] => C:\Windows\SysWOW64\bdmpega.acm [71176 2017-01-26] (Bandicam Company -> )
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Franco\Desktop\Chrome Remote Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\Franco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb

==================== Loaded Modules (Whitelisted) =============

2022-07-27 08:09 - 2022-07-15 11:00 - 000094720 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [2594]
AlternateDataStreams: C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc:169D67954B [2594]
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [2594]
AlternateDataStreams: C:\ProgramData\TEMP:4FB9487F [394]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\RCDate.ini:1C726B22CB [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\RCDate.ini:1C78495C48 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk:1069064143 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk:9185529B88 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FanControl.lnk:A8137C2013 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Newgrounds Player.lnk:61530B8D4C [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RCDate.ini:D929617DE9 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RCDate.ini:E09BDC68EB [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spike.lnk:3526BA2BCE [2594]
AlternateDataStreams: C:\Users\Franco\Datos de programa:dc2fbb8b303cabdec52ed28927f75974 [394]
AlternateDataStreams: C:\Users\Franco\Datos de programa:dca6b603b18d16678b2a42fb7aad4e78 [394]
AlternateDataStreams: C:\Users\Franco\AppData\Roaming:dc2fbb8b303cabdec52ed28927f75974 [394]
AlternateDataStreams: C:\Users\Franco\AppData\Roaming:dca6b603b18d16678b2a42fb7aad4e78 [394]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_431\bin\ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_431\bin\jp2ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-02-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 06:14 - 2023-02-12 21:02 - 000001333 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;c:\windows\system32\wbem;c:\program files (x86)\razer chroma sdk\bin;c:\program files\razer chroma sdk\bin;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\windows\system32\openssh\;c:\users\franco\appdata\local\microsoft\windowsapps;c:\users\franco\appdata\local\programs\python\python311\scripts\;c:\users\franco\appdata\local\programs\python\python311\;c:\program files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-3068610548-648472602-614667811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Franco\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\12769437905328999428\133734312868916510.jpg
DNS Servers: 186.130.128.250 - 186.130.129.250
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_CD59F96E9A75DD4AC719E078EC587A0B"
HKU\S-1-5-21-3068610548-648472602-614667811-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D9C69E0A-4117-445B-A894-3F041A47E655}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3A83DE69-447B-453F-BBD5-2D07C341A42B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{47176FC3-3F2A-4DD9-B505-A7A31AE56F60}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4328E3E8-9DD5-4388-B126-8402B50FAE75}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{71819A0D-C7AE-447E-A126-07BCC82C04F3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{AADBA78E-629D-47C3-ACF0-C04B768914FF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EE4668B6-E3A1-4DD7-9599-BD321626EEEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B2BE7AE3-8721-4B22-8354-747C7935F22D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8B704C6A-9DAC-4F24-8386-CFD05E5DD6CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{A7A8531C-0B87-49FC-AD39-CCB0B694364A}C:\users\franco\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\franco\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [UDP Query User{8C13C2C7-95AC-47D7-88D1-78D46746B21B}C:\users\franco\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\franco\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{CF671E9D-8E82-44C2-99D9-7E561D9D5BBD}] => (Block) C:\users\franco\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{9D7D8BF5-8392-4420-B2EF-E6FC226E4703}] => (Block) C:\users\franco\appdata\local\jdownloader 2.0\jdownloader2.exe (Appwork GmbH -> AppWork GmbH)
FirewallRules: [{3B616CF0-E9D7-44E4-8C98-15300A743FD9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{2156895E-ACA0-4A3E-A8A5-8D05B5CA5BE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{06D283A8-6F8B-4251-8C33-210202728BA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShareX\ShareX_Launcher.exe (ShareX Team) [File not signed]
FirewallRules: [{24D1FFB9-56FC-4698-986C-C2FE9D7879E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShareX\ShareX_Launcher.exe (ShareX Team) [File not signed]
FirewallRules: [{E7FF29C3-8BA1-4956-8F01-9AD7E20D2C5C}] => (Allow) C:\Users\Franco\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{91C58FDE-08D9-4CD9-8634-DB51F6812239}] => (Allow) C:\Users\Franco\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{E312CE61-1575-4D12-8008-71F1E312DF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ULTRAKILL\ULTRAKILL.exe () [File not signed]
FirewallRules: [{BD35714F-1AD9-4B5F-ACC1-5FBC4DD5E65D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ULTRAKILL\ULTRAKILL.exe () [File not signed]
FirewallRules: [TCP Query User{5AC37192-A487-4315-A2C6-9F5879299828}C:\program files\spike\spike.exe] => (Allow) C:\program files\spike\spike.exe (SPIKENOW LTD -> Chatflow LTD)
FirewallRules: [UDP Query User{C9366415-E9EF-4B3E-96E8-CE523A56D2BC}C:\program files\spike\spike.exe] => (Allow) C:\program files\spike\spike.exe (SPIKENOW LTD -> Chatflow LTD)
FirewallRules: [{22DDDCAD-D76D-49BE-AA5A-72CA55D7482A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [{EB808EB5-FB72-4035-85CE-2429F498F374}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe (Daybreak Game Company LLC -> Daybreak Game Company)
FirewallRules: [TCP Query User{18EFBB55-EF92-4DCA-87C3-28534BC6AE6D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [UDP Query User{9B0F9624-20CE-450C-8070-C54130FE1A95}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [{05B8A10F-7A42-4A48-934C-7DB4BD533B2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [{3890AEFD-D33C-48FA-A92C-5EBF16DD1D04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe () [File not signed]
FirewallRules: [{5A19F5E8-2C54-4AB0-B156-88C24E94033A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RATUZ\Ratuz.exe () [File not signed]
FirewallRules: [{2C2A5DAE-B14C-4EEC-9019-5FCB2446490C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RATUZ\Ratuz.exe () [File not signed]
FirewallRules: [{FF3667C5-BD2A-4B58-AB70-AAB5FCF4DB19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{F56B28C5-CC09-419E-9F3D-2C7C5D6A4349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StateOfDecay2\StateOfDecay2\Binaries\Win64\StateOfDecay2-Win64-Shipping.exe (Undead Labs, LLC) [File not signed]
FirewallRules: [{E5A03EEC-BF2E-475E-80A7-E44885FA29EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL Brain Damaged\POSTAL Brain Damaged.exe () [File not signed]
FirewallRules: [{2D7484BB-8F78-4950-9D4C-905BD6B3323F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL Brain Damaged\POSTAL Brain Damaged.exe () [File not signed]
FirewallRules: [{61497A49-1601-4E28-95E8-3A2D390F1CA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cloud Meadow\Cloud Meadow.exe () [File not signed]
FirewallRules: [{4CDAF29A-0EC5-4DE4-8198-5AA53756D17B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cloud Meadow\Cloud Meadow.exe () [File not signed]
FirewallRules: [{5E1A00DD-1F47-4581-BAE0-FBDEAD4DB79C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky Starlets\Spooky Starlets.exe () [File not signed]
FirewallRules: [{919861C0-92D6-49B8-80C0-5F70CDE37177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spooky Starlets\Spooky Starlets.exe () [File not signed]
FirewallRules: [{5D24BC70-DFD1-4C4A-9598-1309F5C6B974}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pieces of my Heart\Pieces of my Heart.exe () [File not signed]
FirewallRules: [{BC4FB6D6-59F4-474F-A81D-8C3988D66CE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pieces of my Heart\Pieces of my Heart.exe () [File not signed]
FirewallRules: [{64C4F324-A90C-4ACE-9446-6462B8DEADF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nightmare of Decay\NightmareOfDecay.exe () [File not signed]
FirewallRules: [{C1B0FCC6-7495-4EF0-B3C2-F2C376972FB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nightmare of Decay\NightmareOfDecay.exe () [File not signed]
FirewallRules: [{C7824696-EB16-4557-82AA-D2BDE41D6197}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{952A8CA2-C765-4304-93BA-ECF9E07E93A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve Corp. -> )
FirewallRules: [{DAFD4B40-9576-4390-9805-0B0773C4ED37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{DD64AE6D-2A6F-4F84-8976-FF9CA0521DBF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout76\Fallout76.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{F08E25BA-F1EA-4EB7-8957-4D5DEACF518F}] => (Allow) C:\Users\Franco\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6140FCE2-FD1D-4F01-A1B8-469696A79B33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{D8B09590-E675-4F28-9ACA-D3B19F3A66FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{CD72C552-BB08-416A-9307-C787A4F28122}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeathlyStillnessGame\DeathlyStillnessGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{0BADEBFE-0654-470F-A132-A52BB5CFB23A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeathlyStillnessGame\DeathlyStillnessGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{69447D25-CB8E-4DCB-8F20-50F66251ED28}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{A9106F92-E418-48E8-A747-47E927AD99DD}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{2D695546-2A44-4CF6-B236-4631205D3911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endoparasitic\Endoparasitic.exe (Godot Engine) [File not signed]
FirewallRules: [{D8ADA93A-B30A-4F2F-80FF-8080D67C3895}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endoparasitic\Endoparasitic.exe (Godot Engine) [File not signed]
FirewallRules: [{BA35A303-97A4-40AC-8259-254498F27EF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreshWomen\FreshWomen.exe () [File not signed]
FirewallRules: [{DB239EF2-00C4-4B84-96A2-0DB02F721D93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FreshWomen\FreshWomen.exe () [File not signed]
FirewallRules: [{FCA324CE-C500-4540-B091-BEC9260FCEFE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{081002B2-B7DC-434D-AE15-4586EB3A3BEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risk of Rain 2\Risk of Rain 2.exe () [File not signed]
FirewallRules: [{72F1B2F7-8B26-4C5C-ABE9-A5477E4E7CB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess & Conquest\Game.exe () [File not signed]
FirewallRules: [{E35A33E1-6649-4B8C-8ED8-407348546DBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess & Conquest\Game.exe () [File not signed]
FirewallRules: [TCP Query User{00C7271A-D976-47FE-B6C5-C2CE950C9A3E}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [UDP Query User{A69C5E19-14FC-4C22-9181-D065328F3FC0}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe (Daybreak Game Company LLC -> Daybreak Game Company, LLC)
FirewallRules: [{1961CAA2-D2F7-4917-8106-B198B6B683B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [{795A8C75-EA2E-4A01-8C40-37283219CC67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [{4F04977D-34EA-4FC0-80D4-63FA09B6AA52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murder House\Murder House.exe () [File not signed]
FirewallRules: [{B9E5FC87-FAE6-4CFB-A6CC-94BE068A6833}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Murder House\Murder House.exe () [File not signed]
FirewallRules: [{2C9A6420-051C-4126-A44F-7BF9E377A1E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Lung\Iron Lung.exe () [File not signed]
FirewallRules: [{7952B523-591B-49BA-BD1A-B4A4439CC969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Iron Lung\Iron Lung.exe () [File not signed]
FirewallRules: [{8D3F5B16-832A-48ED-8329-6ED59D544E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAITH\FAITH.exe (Airdorf Games LLC & New Blood Interactive) [File not signed]
FirewallRules: [{514B42AB-6540-43A9-96A4-F506B8D7B382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAITH\FAITH.exe (Airdorf Games LLC & New Blood Interactive) [File not signed]
FirewallRules: [TCP Query User{7491B6CC-D21E-4CA7-9192-5F13F10F3928}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{91B02D8E-391A-4572-A7FE-2B45EA00CAAF}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2AA23B4F-C683-462A-BA77-44CF61F8844A}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{7D4C3AD2-7816-4A3D-9476-7BB05FD89C35}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{A3380F8D-5C38-417E-B97A-0DB5C2965469}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Third Crisis\ThirdCrisis.exe () [File not signed]
FirewallRules: [{6165D3D3-A14A-42C7-910F-1C9C2CD75956}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Third Crisis\ThirdCrisis.exe () [File not signed]
FirewallRules: [{2CA2FE49-B48F-45BB-80D1-2D2BE2F9050F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe () [File not signed]
FirewallRules: [{E03222F4-8161-40C4-A6D4-E9C56F55D8BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe () [File not signed]
FirewallRules: [TCP Query User{D6F7CF77-D09F-4DBC-9A8E-FFDB2EA33437}C:\users\franco\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\franco\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [UDP Query User{0085295F-4AA5-4AD2-97D2-90B96F16260F}C:\users\franco\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\franco\appdata\roaming\telegram desktop\telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
FirewallRules: [{460E985D-5EA1-4178-9D10-1EFDA1BB85B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [{0960270B-4DC3-4C09-A041-26DA1E850EEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe (Tripwire Interactive, LLC.) [File not signed]
FirewallRules: [TCP Query User{B9264BAB-DBF1-43DD-BF4B-4B5327182777}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{3C49C988-1E5C-482E-9B3F-625FA1F30617}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{87B8A4EE-E6A3-4551-914A-0AA29EFAA7F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MeatMadness\windows\meat_madness_redux.exe (Godot Engine) [File not signed]
FirewallRules: [{F7F99E67-1BD5-4ABB-A5F5-71DAD0AF35D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MeatMadness\windows\meat_madness_redux.exe (Godot Engine) [File not signed]
FirewallRules: [{13C3C672-7582-4068-92E3-D31222C7CA85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fear & Hunger\Game.exe (KADOKAWA) [File not signed]
FirewallRules: [{6AA215BC-1482-445A-A1FF-AC7E74625956}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fear & Hunger\Game.exe (KADOKAWA) [File not signed]
FirewallRules: [{91559E13-2530-448A-9814-804625DC1606}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Master\Tavern Master.exe () [File not signed]
FirewallRules: [{43B75ACC-F402-44CD-B253-170A5F37B3E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Master\Tavern Master.exe () [File not signed]
FirewallRules: [{70FB2318-835A-40CC-BB97-38D30DA5ECFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Booty Farm\Booty Farm.exe () [File not signed]
FirewallRules: [{0EA0FB26-B17E-431D-AB69-1C50A8A9F77E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Booty Farm\Booty Farm.exe () [File not signed]
FirewallRules: [{DD9DEAB0-5276-46EF-A9E1-5FE0C45DC0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ISEKAI QUEST\ISEKAI QUEST.exe () [File not signed]
FirewallRules: [{7DDAB1BA-A17D-4FDD-A072-BF7E277528D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ISEKAI QUEST\ISEKAI QUEST.exe () [File not signed]
FirewallRules: [{FA317339-937E-4460-872C-2221850A37C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop 2 - Double Date\HuniePop 2 - Double Date.exe () [File not signed]
FirewallRules: [{8B59FAE1-B0A5-49C1-9A96-A4F7B86F0FDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop 2 - Double Date\HuniePop 2 - Double Date.exe () [File not signed]
FirewallRules: [{59A27107-4F7B-4E2D-945E-5A33B732755B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ISEKAI FRONT LINE\ISEKAI FRONTLINE.exe () [File not signed]
FirewallRules: [{85181974-54DE-4F9A-8FC1-334315C53F37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ISEKAI FRONT LINE\ISEKAI FRONTLINE.exe () [File not signed]
FirewallRules: [{79960AF4-AE42-42DE-B4DE-3452CA7D3A9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Ultra Deluxe\The Stanley Parable Ultra Deluxe.exe () [File not signed]
FirewallRules: [{1E18D4E6-4965-47E1-B4A3-6F4264FBA53E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable Ultra Deluxe\The Stanley Parable Ultra Deluxe.exe () [File not signed]
FirewallRules: [{A8F0BAEA-80CD-40A0-B248-3FA373145C6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imperial Gatekeeper\Game.exe (SilverSecond) [File not signed]
FirewallRules: [{C59F220D-F74A-46E3-A516-F34E3D2DC1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Imperial Gatekeeper\Game.exe (SilverSecond) [File not signed]
FirewallRules: [{12F62E91-997B-424E-824D-AA393D5D70DF}] => (Allow) C:\Users\Franco\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{38CC7AB1-7C73-4926-899B-E6680A4FC9F7}] => (Allow) C:\Users\Franco\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{45A9D0F8-8620-4833-915E-10B7DBC4E318}] => (Allow) C:\Users\Franco\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1D556EC7-A3F1-4ABA-9688-8F36B16B099E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terrible Laboratory\Game.exe () [File not signed]
FirewallRules: [{3E9A7FA4-765F-4A86-A75E-515CFB9B2262}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terrible Laboratory\Game.exe () [File not signed]
FirewallRules: [{1595437D-7AC4-4AE9-8D78-934F5257F887}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demons Roots\Game.exe (KADOKAWA) [File not signed]
FirewallRules: [{CC556D7D-60D0-45F1-8F75-8C45EEC6B1ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Demons Roots\Game.exe (KADOKAWA) [File not signed]
FirewallRules: [{B9D51993-8738-42BF-923C-CA71C6C386C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan ~A Survival RPG~\Game.exe () [File not signed]
FirewallRules: [{B071A73C-BE58-42E5-8FB3-3C046FB0A29B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Leviathan ~A Survival RPG~\Game.exe () [File not signed]
FirewallRules: [{D5D22C6A-F24E-4FFC-9CF9-E0BC866BEB58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lust Theory\LustTheoryS1.exe () [File not signed]
FirewallRules: [{1DB42ABF-FE1D-4E9E-AB26-224A79B68027}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lust Theory\LustTheoryS1.exe () [File not signed]
FirewallRules: [{18517DDB-7164-4704-BAAB-DFAB4C7BD03B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VillageRhapsody\village.exe (GitHub, Inc.) [File not signed]
FirewallRules: [{D5173C44-DF63-4B75-AE25-D3421ADFBCA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VillageRhapsody\village.exe (GitHub, Inc.) [File not signed]
FirewallRules: [{E183849F-ECBF-411C-A108-913093726954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Summer Memories\Game.exe (Kagura Games LLC -> KADOKAWA)
FirewallRules: [{CBEAF910-20A9-47BC-9DE6-B9B535B06AA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Summer Memories\Game.exe (Kagura Games LLC -> KADOKAWA)
FirewallRules: [{527BE060-45FB-483C-9E42-7B83CB353388}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Succumate\Game.exe (Kagura Games LLC -> KADOKAWA)
FirewallRules: [{D8972619-9C4F-4142-BCA1-795A74A8EFDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Succumate\Game.exe (Kagura Games LLC -> KADOKAWA)
FirewallRules: [{C72ECB55-780F-4D12-867B-D2A6D03125B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Love & Enchants\LoveAndEnchants.exe () [File not signed]
FirewallRules: [{6D8F853E-31A3-440E-A163-98E7D00D91FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Love & Enchants\LoveAndEnchants.exe () [File not signed]
FirewallRules: [{DDA45F80-CB7F-4896-8F83-B086E2E98363}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Punch Club\Punch Club.exe () [File not signed]
FirewallRules: [{DD45C0CE-F709-4207-9206-F3B313273F2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Punch Club\Punch Club.exe () [File not signed]
FirewallRules: [{7E29378B-5AB3-4C5C-8062-6EBD2FCAA13F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{E77690A0-0653-4EEB-B5C6-9416808BF3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{C9FD7C99-43A3-4070-A04D-F232A4D39102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Booty Calls\BootyCalls.exe () [File not signed]
FirewallRules: [{47D61537-D8E8-448F-BD35-DAA2B9782605}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Booty Calls\BootyCalls.exe () [File not signed]
FirewallRules: [{41149166-4B7F-43C3-B816-6778E2A74C5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lust Island🌴[18+]\Lust_Island.exe () [File not signed]
FirewallRules: [{F0F6AF40-FBA4-463F-8BD8-7D8515B84BF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lust Island🌴[18+]\Lust_Island.exe () [File not signed]
FirewallRules: [{7BB7B7B8-54F6-4E7E-9D53-0EA1A8D88F01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Once a Porn a Time\Once a Porn a Time.exe () [File not signed]
FirewallRules: [{38E695F8-8438-4371-ACB9-F1651E71BBC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Once a Porn a Time\Once a Porn a Time.exe () [File not signed]
FirewallRules: [{B752A982-9779-42B9-AD5B-0610F36DE083}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magical Waifus Academy\Magical Waifus Academy.exe (Wataponno) [File not signed]
FirewallRules: [{49941C41-0E53-4F70-B749-2AA2D8AC9F00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magical Waifus Academy\Magical Waifus Academy.exe (Wataponno) [File not signed]
FirewallRules: [{09D6EE5A-F42C-4208-AC86-FF94220AB5D2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TaboosCracks\TaboosCracks.exe () [File not signed]
FirewallRules: [{F45BD2B9-37EE-4E65-A368-A7CE215D18AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TaboosCracks\TaboosCracks.exe () [File not signed]
FirewallRules: [{5E7F3C8B-3B4E-46B0-9F55-3DADA191FCA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Milf City\Milf City.exe () [File not signed]
FirewallRules: [{FCB7E43A-DE13-490A-A178-11DD236AB30A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Milf City\Milf City.exe () [File not signed]
FirewallRules: [{5200ADBA-5DB4-467E-9B78-EFCE3ABD6C70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero By Chance\HeroByChance.exe () [File not signed]
FirewallRules: [{7A4B5F77-F608-4CAB-8A96-2DA77829AB02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hero By Chance\HeroByChance.exe () [File not signed]
FirewallRules: [{7F2682F5-7000-418A-9F0D-01A8D8CF1177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucy Got Problems\LGP.exe () [File not signed]
FirewallRules: [{85BE8333-2A0B-4D1D-A476-3D4C225A3E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucy Got Problems\LGP.exe () [File not signed]
FirewallRules: [{7E0481D0-B571-468D-8E8D-1AE1DD1056EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chasing Tails -A Promise in the Snow-\ChasingTails.exe () [File not signed]
FirewallRules: [{8F493568-F73E-422C-8F17-CE1091A4E9C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Chasing Tails -A Promise in the Snow-\ChasingTails.exe () [File not signed]
FirewallRules: [{BFD1C10E-D749-4F4E-9A77-D70855E6D315}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Survival of Sarah Rose\TheSurvivalofSarahRose.exe () [File not signed]
FirewallRules: [{4331412B-C8CA-4446-B2E7-B7372FD4AFB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Survival of Sarah Rose\TheSurvivalofSarahRose.exe () [File not signed]
FirewallRules: [{721DA60B-65CF-402B-B8A4-FC9FF6371B9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Love n War Warlord by Chance\WarlordByChance.exe () [File not signed]
FirewallRules: [{D37FB2E0-DDCD-408A-B4DF-687210B5CE5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Love n War Warlord by Chance\WarlordByChance.exe () [File not signed]
FirewallRules: [{E64248A4-7FAA-4E78-A1FD-0C6F34077B44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Love n War Hero by Chance II\HeroByChanceII.exe () [File not signed]
FirewallRules: [{0FD4F9EB-129C-49AD-B1B5-0724DE6D59DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Love n War Hero by Chance II\HeroByChanceII.exe () [File not signed]
FirewallRules: [TCP Query User{E7AE3939-5E40-46F2-959A-C0248004EF7B}D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe] => (Allow) D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe (0xb00bface) [File not signed]
FirewallRules: [UDP Query User{DE3C3A9F-14C7-4D95-94D4-2D6F082183A1}D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe] => (Allow) D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe (0xb00bface) [File not signed]
FirewallRules: [{B7B75104-F8F8-408F-80E4-E48BC3ADE4A4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FFB39F84-5559-4FD8-9D1E-31A0150DCDB9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{091FBB9B-4507-404D-9A28-DE5C20AE1D60}C:\users\franco\appdata\local\vibemate-pc\app-1.9.8\vibemate.exe] => (Allow) C:\users\franco\appdata\local\vibemate-pc\app-1.9.8\vibemate.exe (Shenzhen Love Sense Technology Co., Ltd. -> Hytto Ltd.) [File not signed]
FirewallRules: [UDP Query User{C2697C1B-2FAB-4635-86CB-2F42F5622383}C:\users\franco\appdata\local\vibemate-pc\app-1.9.8\vibemate.exe] => (Allow) C:\users\franco\appdata\local\vibemate-pc\app-1.9.8\vibemate.exe (Shenzhen Love Sense Technology Co., Ltd. -> Hytto Ltd.) [File not signed]
FirewallRules: [{B9E4A6BD-FCD4-48F1-9705-95B40DE632C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Frontier 2\DeadFrontier2.exe (CREAKY CORPSE LIMITED -> )
FirewallRules: [{6F8F3879-894E-4459-AE8B-A439FF10106E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead Frontier 2\DeadFrontier2.exe (CREAKY CORPSE LIMITED -> )
FirewallRules: [{BCDC2F68-4947-4336-8FFF-64B10355F940}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96AAF6E7-9779-4960-B2CF-D6A2E358A32B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{99CF55C3-2EEB-4341-8E66-90834FF683AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CAA466C-F15A-41DC-9A74-E651B2F55542}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EF65851A-BFA8-4F5F-B2F9-B8100F371CC4}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [{4D5C3544-D842-4D95-819E-9121472D2D76}] => (Allow) C:\Program Files (x86)\LetsView\LetsView\LetsView.exe (Apowersoft Ltd -> LetsView)
FirewallRules: [TCP Query User{67D6AAD5-9A3E-4680-A3A8-42B8030125A9}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D7B8AF49-DC1A-4C88-8F99-7BC860A90424}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{D37E5AE7-E58D-40EF-96C6-1A49BA38C0D3}C:\program files (x86)\delivery hero se\go\cefsharp.browsersubprocess.exe] => (Allow) C:\program files (x86)\delivery hero se\go\cefsharp.browsersubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [UDP Query User{C496B3C6-DB6D-4738-A779-2BE40BE78FBD}C:\program files (x86)\delivery hero se\go\cefsharp.browsersubprocess.exe] => (Allow) C:\program files (x86)\delivery hero se\go\cefsharp.browsersubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{D8A74A12-922A-407B-AF30-01B6933AF8B4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Content Warning\Content Warning.exe () [File not signed]
FirewallRules: [{C079ACE5-E16A-4DEF-91FF-6B22DE5237E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Content Warning\Content Warning.exe () [File not signed]
FirewallRules: [TCP Query User{5AED96BD-E526-4661-97DE-6E23D3958247}D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe] => (Allow) D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe (0xb00bface) [File not signed]
FirewallRules: [UDP Query User{85C49953-FDBF-4E6D-99DA-DD442A8167AA}D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe] => (Allow) D:\dtemp\ctbrec\lib\browser\ctbrec-minimal-browser.exe (0xb00bface) [File not signed]
FirewallRules: [{427C5485-1323-42FD-821D-1793C9A77B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rabbit and Steel Demo\RabbitSteel.exe (mino_dev) [File not signed]
FirewallRules: [{E9492F23-5E5E-49AD-A8C8-D36BD4339B88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rabbit and Steel Demo\RabbitSteel.exe (mino_dev) [File not signed]
FirewallRules: [{5A1733D6-1A42-45E6-B4F7-11D8306387BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Cult of Chanseville Demo\TheCultofChanseville.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{9946F238-9E82-4A93-8222-58C6829B196D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Cult of Chanseville Demo\TheCultofChanseville.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{92A7A695-2E44-401F-A739-9C6FA003CFF6}] => (Allow) C:\Users\Franco\AppData\Local\Discord\Update.exe (Discord Inc. -> GitHub)
FirewallRules: [{5F7C7D34-B30A-48B0-B4B2-6E8101894FC6}] => (Allow) C:\Users\Franco\AppData\Local\Discord\Update.exe (Discord Inc. -> GitHub)
FirewallRules: [{C5DBD42E-A908-44D4-BA56-842C430258EF}] => (Allow) C:\Users\Franco\AppData\Local\Discord\Update.exe (Discord Inc. -> GitHub)
FirewallRules: [{A69D7256-6474-4F1E-AE05-9DA7315B07AB}] => (Allow) C:\Users\Franco\AppData\Local\Discord\Update.exe (Discord Inc. -> GitHub)
FirewallRules: [{161F77DB-26D6-4A8B-ABDB-F5A582A8264C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rental\RENTAL.exe () [File not signed]
FirewallRules: [{AD4F35B7-8211-4781-B499-E28FFA86C826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rental\RENTAL.exe () [File not signed]
FirewallRules: [{EA0CA9C4-E13D-4A8D-9C86-5993C0CC3C50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\nmrih.exe () [File not signed]
FirewallRules: [{AD7DA21F-DE44-4AF8-B7A9-18FC6F076BDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\nmrih\nmrih.exe () [File not signed]
FirewallRules: [{79012E47-D6BD-421B-9E12-91A309FCDE6C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Living With SIster Monochrome Fantasy\Game.exe () [File not signed]
FirewallRules: [{880A0DA8-9EB4-454D-8D74-B904E584127A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Living With SIster Monochrome Fantasy\Game.exe () [File not signed]
FirewallRules: [{ABDC0668-30EE-4E45-A991-0680EFCEA6C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dome Keeper\domekeeper.exe (Godot Engine) [File not signed]
FirewallRules: [{670EE8A4-4D84-4AE3-B6B3-ADB386528440}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dome Keeper\domekeeper.exe (Godot Engine) [File not signed]
FirewallRules: [{73EF522C-74D3-49E1-A1C1-69C9970AB972}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Fantasia Origin\Launcher.exe (X-LEGEND ENTERTAINMENT CO., LTD. -> X-LEGEND ENTERTAINMENT)
FirewallRules: [{8BD23C8D-7652-4CAE-A6C4-1CB4901C598A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Fantasia Origin\Launcher.exe (X-LEGEND ENTERTAINMENT CO., LTD. -> X-LEGEND ENTERTAINMENT)
FirewallRules: [TCP Query User{702926F8-CFE2-4B5C-A58C-DA2FF5385F13}C:\program files (x86)\steam\steamapps\common\grand fantasia origin\game.bin] => (Allow) C:\program files (x86)\steam\steamapps\common\grand fantasia origin\game.bin (X-LEGEND ENTERTAINMENT CO., LTD. -> X-Legend Entertainment)
FirewallRules: [UDP Query User{073F76E2-B6DB-41B9-BA83-8494C3F57871}C:\program files (x86)\steam\steamapps\common\grand fantasia origin\game.bin] => (Allow) C:\program files (x86)\steam\steamapps\common\grand fantasia origin\game.bin (X-LEGEND ENTERTAINMENT CO., LTD. -> X-Legend Entertainment)
FirewallRules: [{E5B7BC2E-38D0-4A9E-B27E-ABD419C0B96A}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\130.0.6723.14\remoting_host.exe (Google LLC -> Google LLC)
FirewallRules: [{1D787A04-E0D5-4543-9D04-2849F8C6D88B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C2ED9C3C-6583-4A14-B11B-298FC4A1351F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DFA82131-AC86-45C4-93CA-CE663FBB8C18}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\130.0.2849.56\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D76CF082-F1F4-487B-B981-C645421364C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kagura Survivors Endless Night\Kagura_Survivors.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C3D5043D-85BD-4B9B-9A4E-CEB5332B634B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kagura Survivors Endless Night\Kagura_Survivors.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{E84B24B5-8DE1-4F15-B886-181976788654}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harem of Gods Demo\HaremOfGods.exe () [File not signed]
FirewallRules: [{C4753D01-B7B5-47EA-8425-8511C6B20B8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Harem of Gods Demo\HaremOfGods.exe () [File not signed]
FirewallRules: [{C09B4565-DD03-44CC-BA40-D7E196AF8008}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbus Company\LimbusCompany.exe () [File not signed]
FirewallRules: [{22C610E0-5275-47DC-8CD1-EBF140302F76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbus Company\LimbusCompany.exe () [File not signed]
FirewallRules: [{F0466A3E-ACA1-4021-9C35-0739CA0378DB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{796B2647-E4EB-48B6-BA17-4C3A103494A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Femboy Roommate Demo\Roommate.exe () [File not signed]
FirewallRules: [{BFE8E370-3B99-4C84-BF14-DA3A25A94D71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\My Femboy Roommate Demo\Roommate.exe () [File not signed]

==================== Restore Points =========================

03-11-2024 19:52:30 Punto de control programado
04-11-2024 06:39:08 Restore Operation

==================== Faulty Device Manager Devices ============

Name: Microsoft Hyper-V Virtualization Infrastructure Driver
Description: Microsoft Hyper-V Virtualization Infrastructure Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Vid
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Steam Streaming Microphone
Description: Steam Streaming Microphone
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Valve Corporation Audio DDK
Service: SteamStreamingMicrophone
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Steam Streaming Speakers
Description: Steam Streaming Speakers
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Valve Corporation Audio DDK
Service: SteamStreamingSpeakers
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: ========================

Application errors:
==================
Error: (11/05/2024 11:34:10 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Error: (11/05/2024 06:43:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Spike.exe, version: 4.1.0.0, time stamp: 0x65b134a1
Faulting module name: KERNELBASE.dll, version: 10.0.19041.4957, time stamp: 0xc5225d0f
Exception code: 0xc0000602
Fault offset: 0x0000000000133b32
Faulting process id: 0x31c4
Faulting application start time: 0x01db2f672d026e2e
Faulting application path: C:\Program Files\Spike\Spike.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 296bcc5d-dd44-44a5-bf21-8810695ff228
Faulting package full name: 
Faulting package-relative application ID:

Error: (11/05/2024 06:38:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, Se está cerrando el sistema..

Error: (11/05/2024 06:38:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, Se está cerrando el sistema.]

Error: (11/04/2024 01:56:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/04/2024 01:19:21 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Error: (11/04/2024 11:28:11 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (11/04/2024 09:47:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, Se está cerrando el sistema..


System errors:
=============
Error: (11/05/2024 11:54:30 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "No disponible" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/05/2024 11:53:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-591ALQ9)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "No disponible" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (11/05/2024 11:53:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-591ALQ9)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "No disponible" in order to run the server:
{F087771F-D74F-4C1A-BB8A-E16ACA9124EA}

Error: (11/05/2024 11:53:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-591ALQ9)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "No disponible" in order to run the server:
{6D18AD12-BDE3-4393-B311-099C346E6DF9}

Error: (11/05/2024 11:53:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-591ALQ9)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "No disponible" in order to run the server:
{03CA98D6-FF5D-49B8-ABC6-03DD84127020}

Error: (11/05/2024 11:53:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-591ALQ9)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "No disponible" in order to run the server:
{659CDEA7-489E-11D9-A9CD-000D56965251}

Error: (11/05/2024 11:53:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-591ALQ9)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "No disponible" in order to run the server:
{BB6DF56B-CACE-11DC-9992-0019B93A3A84}

Error: (11/05/2024 11:53:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-591ALQ9)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "No disponible" in order to run the server:
{1ECCA34C-E88A-44E3-8D6A-8921BDE9E452}


Windows Defender:
================
Date: 2024-11-04 06:35:03
Description: 
Antivirus de Microsoft Defender has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Formbook!ml&threatid=2147760507&enterprise=0
Name: Trojan:Win32/Formbook!ml
Severity: Grave
Category: Caballo de Troya
Path: file:_C:\Users\Franco\AppData\Local\Temp\N1DHF52F2GAWH01SR.exe
Detection Origin: Equipo local
Detection Type: FastPath
Detection Source: Protección en tiempo real
Process Name: C:\Users\Franco\AppData\Local\Temp\Kobzar.pif
Security intelligence Version: AV: 1.421.77.0, AS: 1.421.77.0, NIS: 1.421.77.0
Engine Version: AM: 1.1.24090.11, NIS: 1.1.24090.11

Date: 2024-11-02 23:01:23
Description: 
Antivirus de Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Examen rápido

Date: 2024-11-01 23:26:23
Description: 
Antivirus de Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Examen rápido

Date: 2024-11-01 01:34:55
Description: 
Antivirus de Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Examen rápido

Date: 2024-11-01 01:29:01
Description: 
Antivirus de Microsoft Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Examen rápido
Event[0]:

Date: 2024-11-05 07:43:07
Description: 
Antivirus de Microsoft Defender has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.421.105.0
Update Source: Servidor de Microsoft Update
Security intelligence Type: AntiVirus
Update Type: Completa
Current Engine Version: 
Previous Engine Version: 1.1.24090.11
Error code: 0x8007043c
Error description: El servicio no puede iniciarse en modo a prueba de errores 

Date: 2024-11-05 07:33:03
Description: 
Antivirus de Microsoft Defender Real-Time Protection feature has encountered an error and failed.
Feature: Durante el acceso
Error Code: 0x8007043c
Error description: El servicio no puede iniciarse en modo a prueba de errores 
Reason: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2024-11-05 07:31:19
Description: 
Antivirus de Microsoft Defender Real-Time Protection feature has encountered an error and failed.
Feature: Durante el acceso
Error Code: 0x8007043c
Error description: El servicio no puede iniciarse en modo a prueba de errores 
Reason: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2024-11-05 06:38:55
Description: 
Antivirus de Microsoft Defender Real-Time Protection feature has encountered an error and failed.
Feature: Durante el acceso
Error Code: 0x8007043c
Error description: El servicio no puede iniciarse en modo a prueba de errores 
Reason: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2024-11-04 11:06:32
Description: 
Antivirus de Microsoft Defender has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Actual
Error Code: 0x80501102
Error description: Problema inesperado. Instale todas las actualizaciones disponibles e intente iniciar el programa de nuevo. Para obtener más información sobre cómo instalar actualizaciones, consulte Ayuda y soporte técnico. 
Security intelligence Version: 1.421.82.0;1.421.82.0
Engine Version: 1.1.24090.11

CodeIntegrity:
===============
Date: 2024-11-05 11:49:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: Award Software International, Inc. F8 10/15/2010
Motherboard: Gigabyte Technology Co., Ltd. GA-880GM-USB3
Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 20%
Total physical RAM: 8189.55 MB
Available physical RAM: 6487.72 MB
Total Virtual: 20477.55 MB
Available Virtual: 19066.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:893.69 GB) (Free:70.11 GB) (Model: KINGSTON SA400S37960G ATA Device) NTFS
Drive d: () (Fixed) (Total:3726.02 GB) (Free:29.77 GB) (Model: WDC WD40EZRZ-22GXCB0 ATA Device) NTFS

\\?\Volume{84bfdf67-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{84bfdf67-0000-0000-0000-706fdf000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 894.3 GB) (Disk ID: 84BFDF67)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=893.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=522 MB) - (Type=27)

==========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 3A665D28)

Partition: GPT.

==================== End of Addition.txt =======================

Acudi a los foros de malwarebytes ya que vi que estaban muy ocupados en el foro desde hace un tiempo Caso que intentando veinte tres mil cosas el malware es LummaC, se injecta en Windows y es imposible sacar a menos que formateen, no afecta ningún otro archivo solo Windows y navegadores, le saca absolutamente todos los datos, desactivan sincronizacion de cuenta en sus navegadores, borren todo y formateen, además de agregar doble factor de autentificacion a todas sus cuentas que tenían logeadas en sus navegadores, una vez hecho esto asegurarse de que el API de su cuenta de su STEAM la revoquen, ya que le roban esos datos también para tradear sus items Vean historial de logeo y sesiones activas y borren todas las desconocidas, con eso basta.