Clicked suspicious link from trusted source. - Virus, Trojan, Spyware, and Malware Removal Help (2024)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.06.2024
Ran by Tom (administrator) on DESKTOP-JCH3NLD (Micro-Star International Co., Ltd. MS-7B45) (03-06-2024 04:20:34)
Running from C:\Users\Tom\Desktop\FRST64.exe
Loaded Profiles: Tom
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A-Volute SAS -> A-Volute) C:\Users\Tom\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Gyazo\GyStation.exe ->) (Helpfeel Inc -> Helpfeel Inc.) C:\Program Files (x86)\Gyazo\GyazoVideoCore.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <9>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Discord Inc. -> Discord Inc.) C:\Users\Tom\AppData\Local\Discord\app-1.0.9147\Discord.exe <6>
(explorer.exe ->) (Helpfeel Inc -> Helpfeel Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Now.gg, INC -> now.gg, Inc.) C:\Users\Tom\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe <4>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <21>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Windows\System32\IPROSetMonitor.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® Software Development Products -> Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_677da8a9230cea15\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Plarium Global LTD -> ) C:\Users\Tom\AppData\Local\PlariumPlay\8.1.0-0.0.1\PlariumPlayClientService\PlariumPlayClientService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835760 2019-11-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4382056 2024-05-24] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45430176 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [1105528 2024-05-13] (Helpfeel Inc -> Helpfeel Inc.)
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\Run: [MicrosoftEdgeAutoLaunch_405ED3BCA0DD593184AE0192F9FCB7E9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136896 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\Run: [electron.app.BlueStacks Services] => C:\Users\Tom\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe [162219656 2024-05-08] (Now.gg, INC -> now.gg, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\125.0.6422.113\Installer\chrmstp.exe [2024-05-29] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8453EACA-B661-4D6E-B542-63781D8A495B} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [302968 2024-02-21] (Now.gg, INC -> BlueStack Systems, Inc.)
Task: {CB9D0B56-841A-4524-B6C3-E096442F6ECA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {95780624-996C-4387-99F8-B6E24D7AB587} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "24c705b2-d063-4869-8d57-00c24cc3b0f9" --version "6.24.11060" --silent
Task: {3CF06490-D293-4990-B0C5-6D2A516DFBA9} - System32\Tasks\CCleanerSkipUAC - Tom => C:\Program Files\CCleaner\CCleaner.exe [39169952 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {04660B12-70E1-47AB-BC45-DD7404A53B9C} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{BA777863-BE02-41DA-967F-78F05E701C77} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {FDEF64BD-BB04-4CFC-B0C4-66158CAC3F00} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [10513976 2024-05-13] (Helpfeel Inc -> Helpfeel Inc.)
Task: {81F1CE9D-6800-49DC-9609-5A9D3313BFE9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [10513976 2024-05-13] (Helpfeel Inc -> Helpfeel Inc.)
Task: {7D01145F-A684-42E2-A48B-01891CD2D52E} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel® Corporation)
Task: {86B07D63-8E57-49EA-AB0D-5A2A816631A0} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2016-03-17] (Intel® Software -> Intel Corporation)
Task: {B49F1700-008C-4B15-82CF-E3F054C01517} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {260F2149-098C-4E52-B41E-948BB6F56EF2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18FD3071-DFD6-4F73-B04A-29053357FEC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {77126252-8282-4093-B341-182DA4B9F759} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {335B7B31-EC42-4D0C-9D2D-4FC978F4B5A6} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-28] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {5350D6ED-5BF7-4842-82B8-9CDD0F8D3D86} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1710949198-3763479281-3427055514-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-28] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {5BC3FC91-3CC3-40C2-9180-6B9A974FBDAB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {6985BCB3-1AD5-4098-AA34-08F3F058A5BF} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [852152 2018-09-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {91CF4B32-BCE4-4B2A-8DE0-EC7A5C590033} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {E7FD965E-1470-4283-A62D-5DBAB5D13D34} - System32\Tasks\Norton Security Scan for Tom => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.175\Nss.exe [848976 2018-03-26] (Symantec Corporation -> Symantec Corporation) -> C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.175\\/scan-quick /scheduled
Task: {10FAB87E-7DB9-47AE-8721-CF42E74078CE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4CB67B92-D6B1-4068-BCE5-A3594FC86402} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {656C8FFE-B3BE-4D17-99A6-46DFD406CC89} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {CE598C12-A5BC-4F63-995B-C4F1E688355F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D9072C9E-91F0-4B85-8507-CF1C58846301} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3C3A79D9-99C8-4849-ABCD-0D87C67D6DA5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EA588538-E459-4999-9572-587A0FA4B581} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A3F01580-B886-4AEC-8E2A-61322F0C549F} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {607D55CF-CD4D-4A32-826F-6490D7DA5E89} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-01] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\MSILEDKeeper_Host.job => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 64.59.135.143 64.59.128.110
Tcpip\..\Interfaces\{ba7ae594-be4f-4723-9130-9c9b1ff6c615}: [DhcpNameServer] 64.59.135.143 64.59.128.110
Tcpip\..\Interfaces\{ba7ae594-be4f-4723-9130-9c9b1ff6c615}: [DhcpDomain] cg.shawcable.net

Edge:
=======
Edge Profile: C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-03]
Edge Extension: (Google Docs Offline) - C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-18]
Edge Extension: (Edge relevant text changes) - C:\Users\Tom\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

FireFox:
========
FF DefaultProfile: nhi4zxxm.default
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default [2024-06-03]
FF DownloadDir: G:\Downloads
FF Homepage: Mozilla\Firefox\Profiles\nhi4zxxm.default -> youtube.com
FF Notifications: Mozilla\Firefox\Profiles\nhi4zxxm.default -> hxxps://lostmerchants.com; hxxps://www.pathofexile.com; hxxps://cranstonrdse.canadianpizzaunlimited.ca
FF Extension: (BetterTTV) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default\Extensions\firefox@betterttv.net.xpi [2024-05-09]
FF Extension: (Tampermonkey) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default\Extensions\firefox@tampermonkey.net.xpi [2024-05-11]
FF Extension: (uBlock Origin) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default\Extensions\uBlock0@raymondhill.net.xpi [2024-05-24]
FF Extension: (TWP - Translate Web Pages) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2024-03-11]
FF Extension: (Google Docs Dark Mode) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default\Extensions\{1214118e-758f-44ce-b69b-1ec1106297a8}.xpi [2022-03-07]
FF Extension: (FFBE Sync) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default\Extensions\{5d13c6a3-8d39-4f8a-8abf-3a73d2ba96a1}.xpi [2023-02-27] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (NoScript) - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\nhi4zxxm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2023-12-12]

Chrome:
=======
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default [2024-06-03]
CHR Session Restore: Default -> is enabled.
CHR Extension: (uBlock Origin) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-04-25]
CHR Extension: (NoScript) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\doojmbjmlfjjnbmnoijecmcbfeoakpjm [2024-04-25]
CHR Extension: (Google Docs Offline) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15738664 2024-04-08] (BattlEye Innovations e.K. -> )
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-05-20] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [12096104 2024-03-10] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2024-02-19] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [943528 2024-05-07] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-05-22] (FUTUREMARK INC -> Futuremark)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [505856 2018-05-02] (Intel Corporation) [File not signed]
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10677504 2023-07-25] (Logitech Inc -> Logitech, Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-06-03] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343600 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507952 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2740912 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [31928 2018-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1909416 2024-01-01] (A-Volute SAS -> Nahimic)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_677da8a9230cea15\Display.NvContainer\NVDisplay.Container.exe [1275544 2023-10-30] (NVIDIA Corporation -> NVIDIA Corporation)
R2 Plarium Play Client Service; C:\Users\Tom\AppData\Local\PlariumPlay\8.1.0-0.0.1\PlariumPlayClientService\PlariumPlayClientService.exe [102232 2022-11-09] (Plarium Global LTD -> )
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2021-01-28] (Even Balance, Inc. -> )
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2720088 2022-11-02] (Rockstar Games, Inc. -> Rockstar Games)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [394176 2024-02-21] (Microsoft Windows Hardware Compatibility Publisher -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [280064 2022-10-13] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-14] (Microsoft Corporation) [File not signed]
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-09-30] (Martin Malik - REALiX -> REALiX™)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-26] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-26] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-26] (Logitech Inc -> Logitech)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslf703a5a2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BCAE233B-C63B-4B62-A75A-BC5A5B2A2F8D}\MpKslDrv.sys [271648 2024-06-03] (Microsoft Windows -> Microsoft Corporation)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85616 2021-08-13] (A-Volute -> Windows ® Win 7 DDK provider)
R1 ndextlag; C:\WINDOWS\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
S3 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [69168 2020-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21056 2024-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601496 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [55704 2019-01-15] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-03 04:20 - 2024-06-03 04:21 - 000026078 _____ C:\Users\Tom\Desktop\FRST.txt
2024-06-03 03:48 - 2024-06-03 03:49 - 000000000 ____D C:\Users\Tom\AppData\Local\Malwarebytes
2024-06-03 03:23 - 2024-06-03 03:23 - 000000000 ____D C:\ProgramData\Piriform
2024-05-28 13:23 - 2024-05-30 14:47 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-18 00:23 - 2024-05-17 00:03 - 005726343 _____ C:\Users\Tom\Desktop\upgrade.jsonlz4-20240509170740
2024-05-15 13:52 - 2024-05-15 13:52 - 000000000 ___HD C:\$WinREAgent

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-06-03 04:21 - 2018-10-01 01:12 - 000000000 ____D C:\Program Files (x86)\Steam
2024-06-03 04:20 - 2022-11-30 05:47 - 000000000 ____D C:\FRST
2024-06-03 04:17 - 2022-11-30 05:40 - 002395136 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2024-06-03 04:04 - 2018-10-01 01:13 - 000000000 ____D C:\Users\Tom\AppData\Local\Steam
2024-06-03 04:02 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-03 03:48 - 2020-11-08 06:21 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-06-03 03:33 - 2020-12-03 13:03 - 000776042 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-03 03:33 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2024-06-03 03:27 - 2018-09-30 08:15 - 000000000 ____D C:\Users\Tom\AppData\Roaming\discord
2024-06-03 03:26 - 2024-02-22 18:47 - 000000000 ____D C:\Users\Tom\AppData\Roaming\bluestacks-services
2024-06-03 03:26 - 2022-09-20 14:08 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-06-03 03:26 - 2020-12-03 12:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-03 03:26 - 2020-12-03 12:52 - 000008192 ___SH C:\DumpStack.log.tmp
2024-06-03 03:26 - 2018-09-30 08:15 - 000000000 ____D C:\Users\Tom\AppData\Local\Discord
2024-06-03 03:26 - 2018-09-30 07:33 - 000000000 ____D C:\ProgramData\NVIDIA
2024-06-03 03:25 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-06-03 03:25 - 2019-02-09 12:02 - 000000296 ____H C:\WINDOWS\Tasks\MSILEDKeeper_Host.job
2024-06-03 03:25 - 2018-09-30 15:05 - 000000000 ____D C:\Users\Tom\AppData\Local\CrashDumps
2024-06-03 03:22 - 2022-09-20 14:08 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-06-03 03:22 - 2020-12-03 12:57 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-06-03 03:22 - 2019-11-01 20:58 - 000000000 ____D C:\Program Files\CCleaner
2024-06-03 02:26 - 2020-12-03 12:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-02 14:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-01 19:23 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-01 18:26 - 2023-01-17 03:47 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-06-01 18:26 - 2020-07-05 00:32 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-30 14:47 - 2018-09-30 08:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-05-29 16:27 - 2018-09-30 08:26 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-05-29 16:26 - 2022-11-14 07:23 - 000000000 ____D C:\Program Files\RUXIM
2024-05-29 16:26 - 2021-12-16 01:21 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-05-29 16:26 - 2019-05-04 14:58 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-29 16:26 - 2019-05-04 14:58 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-28 01:25 - 2020-12-03 12:57 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-28 01:25 - 2020-12-03 12:57 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-24 21:36 - 2021-12-12 22:55 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1710949198-3763479281-3427055514-1001
2024-05-24 21:36 - 2020-12-03 12:57 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1710949198-3763479281-3427055514-1001
2024-05-24 21:36 - 2020-12-03 12:06 - 000002377 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-24 11:23 - 2024-02-18 16:14 - 000267768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_4.dll
2024-05-24 11:23 - 2022-10-21 06:59 - 000108024 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-05-24 11:23 - 2022-10-21 06:59 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-05-24 11:23 - 2021-11-19 21:52 - 000206328 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-05-24 11:23 - 2021-06-06 16:16 - 002729464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-05-24 11:23 - 2021-06-06 16:16 - 000722424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-05-24 11:23 - 2021-06-06 16:16 - 000218616 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-05-24 11:23 - 2021-06-06 16:16 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-05-24 03:10 - 2018-10-21 01:51 - 000000000 ____D C:\Users\Tom\AppData\Local\Spotify
2024-05-23 22:54 - 2018-10-21 01:51 - 000000000 ____D C:\Users\Tom\AppData\Roaming\Spotify
2024-05-23 14:01 - 2018-09-30 08:59 - 000000000 ____D C:\Users\Tom\AppData\Local\Ubisoft Game Launcher
2024-05-20 20:22 - 2023-10-15 01:11 - 000003536 _____ C:\WINDOWS\system32\Tasks\GyazoUpdateTaskMachineDaily
2024-05-20 20:22 - 2023-10-15 01:11 - 000003400 _____ C:\WINDOWS\system32\Tasks\GyazoUpdateTaskMachine
2024-05-20 20:22 - 2023-10-15 01:11 - 000000000 ____D C:\Program Files (x86)\Gyazo
2024-05-20 20:07 - 2018-09-30 07:46 - 000000000 ____D C:\ProgramData\Packages
2024-05-18 01:36 - 2020-12-03 12:06 - 000000000 ____D C:\Users\Tom
2024-05-17 09:32 - 2018-09-30 08:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-17 09:28 - 2018-09-30 07:39 - 000000000 ____D C:\Users\Tom\AppData\Local\Packages
2024-05-16 12:27 - 2018-09-30 08:56 - 000000000 ____D C:\Users\Tom\AppData\Local\D3DSCache
2024-05-16 00:17 - 2020-12-03 12:52 - 000259576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-16 00:16 - 2019-12-07 03:54 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-05-16 00:16 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-05-16 00:16 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-05-16 00:16 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-16 00:16 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-05-16 00:16 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-16 00:16 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-16 00:16 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\servicing
2024-05-15 13:59 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-15 13:55 - 2020-12-03 12:55 - 003017216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-05-15 13:51 - 2018-09-30 12:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-15 13:50 - 2018-09-30 12:30 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-05-15 13:08 - 2018-09-30 08:15 - 000002237 _____ C:\Users\Tom\Desktop\Discord.lnk
2024-05-09 19:35 - 2024-02-22 18:47 - 000002432 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueStacks Services.lnk
2024-05-09 19:35 - 2024-02-22 18:14 - 000000000 ____D C:\Users\Tom\AppData\Local\bluestacks-services-updater
2024-05-07 19:26 - 2020-05-31 20:10 - 000000000 ____D C:\Users\Tom\AppData\Roaming\EasyAntiCheat

==================== Files in the root of some directories ========

2023-02-24 02:20 - 2023-10-06 14:18 - 000000170 _____ () C:\Users\Tom\AppData\Roaming\BattleBitConfig.ini
2020-02-07 15:15 - 2022-09-28 17:01 - 000063848 _____ () C:\Users\Tom\AppData\Local\PlariumPlay.log
2019-08-02 08:32 - 2019-11-04 00:59 - 000007654 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.06.2024
Ran by Tom (03-06-2024 04:21:58)
Running from C:\Users\Tom\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) (2020-12-03 18:58:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1710949198-3763479281-3427055514-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1710949198-3763479281-3427055514-503 - Limited - Disabled)
Guest (S-1-5-21-1710949198-3763479281-3427055514-501 - Limited - Disabled)
Tom (S-1-5-21-1710949198-3763479281-3427055514-1001 - Administrator - Enabled) => C:\Users\Tom
WDAGUtilityAccount (S-1-5-21-1710949198-3763479281-3427055514-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.07 (x64) (HKLM\...\7-Zip) (Version: 21.07 - Igor Pavlov)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: - )
Awakened PoE Trade 3.22.10003 (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\2ea281da-028b-5d55-b26e-53163c89344a) (Version: 3.22.10003 - Alexander Drozdov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM\...\BlueStacks_nxt) (Version: 5.20.110.1001 - now.gg, Inc.)
BlueStacks Services (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\BlueStacksServices) (Version: 3.0.9 - now.gg, Inc.)
BlueStacks X (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\BlueStacks X) (Version: 10.10.8.1001 - now.gg, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.24 - Piriform)
Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU)
CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.)
Discord (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.140.0.5653 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{3f014b8d-db98-4a9b-84ee-d1cea7453dc9}) (Version: 13.140.0.5653 - Electronic Arts)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EVGA Precision X1 (HKLM\...\EVGA Precision X1) (Version: 0.2.8.0 - EVGA Corporation)
ExitLag version 4.211 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4.211 - ExitLag)
Futuremark SystemInfo (HKLM-x32\...\{66E02F22-FA88-453D-9DE7-60F54E951FAF}) (Version: 5.10.676.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.113 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Gyazo 5.5.1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Helpfeel Inc.)
HellHades Artifact Extractor (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\{0BEB233C-BDC6-41D3-BF47-2911DEB2E866}) (Version: 1.1.62.0 - HellHades.com)
Intel Extreme Tuning Utility (HKLM-x32\...\{c976d49b-8521-4bd1-a75a-35cf6da15530}) (Version: 6.5.0.9 - Intel Corporation)
Intel® Chipset Device Software (HKLM\...\{631C57C3-B765-4327-822A-057C34D691CC}) (Version: 10.1.17695.8086 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1067 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{6AC527AD-E5C0-446D-A143-3221F1CE8849}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{EBF7AF9D-4FAB-434A-A7EC-6D7A00D593B5}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{710A449E-F455-4E45-9436-296FF62DB76E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Network Connections 23.2.0.1006 (HKLM\...\{2B165F54-F534-4856-BA99-C796B94B7983}) (Version: 23.2.0.1006 - Intel) Hidden
Intel® Network Connections 23.2.0.1006 (HKLM\...\PROSetDX) (Version: 23.2.0.1006 - Intel)
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM\...\{24DAC3F9-B4BF-437E-BB30-8BCBAAB2DFA6}) (Version: 1.9.100.41172 - Intel Corporation) Hidden
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.6.430723 - Logitech)
LOSTARK (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\gcgame_0.2001086) (Version: 1.125 - MY.GAMES)
Malwarebytes version 4.6.13.324 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.13.324 - Malwarebytes)
Microsoft .NET Core Host - 3.1.8 (x64) (HKLM\...\{D375EE6D-18EF-4EC9-8260-555DEB0EE4EC}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.8 (x64) (HKLM\...\{907E0A78-B4DF-4E35-9878-FEE2F22B6852}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.8 (x64) (HKLM\...\{912B84A5-61CC-4308-B244-5C34C2C02899}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.79 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\OneDriveSetup.exe) (Version: 24.091.0505.0003 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1 (HKLM\...\{FAF57A91-58B3-490C-9D0C-66337DAD3F11}) (Version: 4.0.8854.1 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{5E8F186D-4353-47D6-972F-174230D269D6}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{1FB35CD6-3F90-447E-9DF9-89C7028C185D}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33130 (HKLM-x32\...\{1de5e707-82da-4db6-b810-5d140cc4cbb3}) (Version: 14.38.33130.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33130 (HKLM\...\{C31777DB-51C1-4B19-9F80-38EF5C1D7C89}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33130 (HKLM\...\{1CA7421F-A225-4A9C-B320-A36981A2B789}) (Version: 14.38.33130 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM\...\{F3871724-6A58-425C-8E4C-4A54935AA68F}) (Version: 24.96.29220 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
Mozilla Firefox (x64 en-CA) (HKLM\...\Mozilla Firefox 126.0.1 (x64 en-CA)) (Version: 126.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.2 - Mozilla)
MSI Afterburner 4.6.4 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.4 Beta 3 - MSI Co., LTD)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.1.03 - MSI)
MSI MysticLight (HKLM-x32\...\{93874B70-6C5E-446A-AF4D-E5AC776A0386}}_is1) (Version: 3.0.0.19 - MSI)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.175 - Symantec Corporation)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.120 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.120 - NVIDIA Corporation)
NVIDIA Graphics Driver 546.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.01 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.0.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Plarium Play (HKLM-x32\...\{b9d855a0-482a-45ce-b4b8-811a0dd53981}) (Version: 8.1.0 - Plarium)
PlariumPlay (HKLM-x32\...\{7FA54A89-AE91-42D6-B8CE-6164963C1851}) (Version: 8.1.0 - Plarium) Hidden
REDlauncher (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.66.1083 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.1.5.1 - Rockstar Games)
RSL_Helper version 2.30 (HKLM\...\RSL_Helper_is1) (Version: 2.30 - )
Spotify (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\Spotify) (Version: 1.2.37.701.ge66eb7bc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
TT RGB Plus (HKLM-x32\...\TT RGB Plus) (Version: 1.2.4 - Thermaltake, Inc.)
Twitch (HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 70.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment)

Packages:
=========

Astro Command Center -> C:\Program Files\WindowsApps\AstroGaming.AstroCommandCenter_1.1.55.0_x64__9cg1kgznx2mv2 [2021-07-09] (Astro Gaming)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2030.2.0_x86__kgqvnymyfvs32 [2021-05-27] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.194.700.0_x86__kgqvnymyfvs32 [2021-06-02] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.1108.0_x64__rz1tebttyb220 [2021-11-19] (Dolby Laboratories)
Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2018-10-31] (SEIKO EPSON CORPORATION)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.41.4105.0_x86__ytsefhwckbdv6 [2021-05-26] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-11-01] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-06] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1710949198-3763479281-3427055514-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Tom\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_677da8a9230cea15\nvshext.dll [2023-10-30] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-12-26] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-06-03] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2024-06-03 03:26 - 2024-06-03 03:26 - 002338304 _____ () [File not signed] \\?\C:\Users\Tom\AppData\Local\Temp\73ae6254-d040-4300-a1aa-cdb633a53604.tmp.node
2023-10-15 01:11 - 2024-05-13 01:59 - 000120832 _____ () [File not signed] C:\Program Files (x86)\Gyazo\MFVideoEncoder.dll
2018-09-30 10:15 - 2017-08-02 15:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\MysticLight\LEDControl.dll
2024-02-22 18:47 - 2024-05-08 02:18 - 002862080 _____ () [File not signed] C:\Users\Tom\AppData\Local\Programs\bluestacks-services\ffmpeg.dll
2024-02-22 18:47 - 2024-05-08 02:18 - 000479232 _____ () [File not signed] C:\Users\Tom\AppData\Local\Programs\bluestacks-services\libegl.dll
2024-02-22 18:47 - 2024-05-08 02:18 - 007513600 _____ () [File not signed] C:\Users\Tom\AppData\Local\Programs\bluestacks-services\libglesv2.dll
2024-02-22 18:47 - 2024-05-08 02:18 - 005209088 _____ () [File not signed] C:\Users\Tom\AppData\Local\Programs\bluestacks-services\vk_swiftshader.dll
2018-05-03 12:30 - 2018-05-03 12:30 - 000349696 _____ (Intel® Corporation) [File not signed] C:\Windows\system32\NCS2Setp.dll
2018-09-30 10:15 - 2016-10-03 14:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MysticLight\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Tom\AppData\Local\Temp:$DATA​ [16]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-09-30] (Google Inc -> Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-09-30] (Google Inc -> Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-09-30] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-09-30] (Google Inc -> Google Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 17:38 - 2018-04-11 17:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\iCLS\;C:\Program Files\Intel\Intel® Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 64.59.135.143 - 64.59.128.110
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: ExitLag Game Booster -> nt_ndextlag (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKLM\...\StartupApproved\Run32: => "X_Boost"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\StartupApproved\Run: => "TT RGB Plus"
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1710949198-3763479281-3427055514-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E65AAD0B-5BCB-487A-89F3-BB333AA7F523}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [{D465CC84-8810-41AC-A0FC-6C1FB7841B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe () [File not signed]
FirewallRules: [UDP Query User{858AFBF2-CAD5-415F-8F3B-757123B71264}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [TCP Query User{9DE08834-B3A0-40F3-AFC5-78102355A096}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe (NCSOFT Corporation -> NCSOFT Corporation)
FirewallRules: [UDP Query User{1759234A-A074-4F9F-811B-B4AFBF43D48D}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe (THERMALTAKE TECHNOLOGY CO., LTD. -> )
FirewallRules: [TCP Query User{6A47D29D-C509-417B-80F3-738096A60565}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe (THERMALTAKE TECHNOLOGY CO., LTD. -> )
FirewallRules: [UDP Query User{D1A1C7C6-AA53-4FE1-9C91-1D3B99FDFD5A}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{EC7E7054-E1F8-46C8-8AF5-56DA8EF45046}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{CEE26B4F-A8AA-4275-8D79-D336A3290243}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{71DC53C0-6746-4ABF-9B6D-919072F2EC74}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7030EFB2-5837-451C-BB32-8705A7D4D6B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{EE14329F-54C0-4BF0-B000-E37CEA82D932}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{480087AB-F9EB-4489-BAA0-E0E1F2AA8FBE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5172B567-3783-459B-AA28-7B9A439E4CAE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4F93E892-9B02-4349-ACDB-3CD2F5B33CBB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1E5B4053-89B9-40FD-B2ED-7405B866B80C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{DE7CDE3E-63B3-49DA-9F11-81F6F1F18EDC}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe (THERMALTAKE TECHNOLOGY CO., LTD. -> )
FirewallRules: [TCP Query User{AAA69E17-5727-4FB1-ACB9-F3DE437604FA}C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe] => (Allow) C:\program files (x86)\tt\tt rgb plus\tt rgb plus.exe (THERMALTAKE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{559D6F67-8539-4407-9C63-3AB789CDC0D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E370CF8A-044A-4645-BECA-B923573387A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{88780246-1BFA-4B6D-BA13-B10031E2C379}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FA1CFA79-B264-44E5-8EA4-CC02642E74C8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C66A7D3C-42B7-440F-8F16-FD2DAFBEEBBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{E0C0D114-B09F-426A-87B2-BDFD3069CD35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{9B39D851-168B-43C3-9B5C-033106831E82}] => (Allow) C:\ffxiv dmg meter\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{A5571FC0-3ABB-40C0-BC39-802A2E840CFD}] => (Allow) C:\ffxiv dmg meter\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{F48608F4-831B-490C-B875-1553CD6F083B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{4259296C-AEEA-4BED-B392-4D9A32B657FC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{AE0C068E-8098-4890-81BC-6011820A9B31}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{F2B95FFA-5C17-4FF0-89DB-6D5975B620AB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{B54E9A1B-6340-4FD7-8AB7-7C8DD23A0CB1}] => (Allow) H:\Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe () [File not signed]
FirewallRules: [{EA5A587B-AB4E-4A5B-8EC2-0483B84C15F8}] => (Allow) H:\Steam\steamapps\common\FINAL FANTASY IX\FF9_Launcher.exe () [File not signed]
FirewallRules: [{DAD2A0CD-22DC-4AC9-8CB9-AD04CE5E68EF}] => (Allow) H:\Steam\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ABFD0E11-F956-43B1-8A5F-AA84FE60E76E}] => (Allow) H:\Steam\steamapps\common\Red Dead Redemption 2\PlayRDR2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{EAC562AC-5B43-4B37-927C-3934446B786B}] => (Allow) H:\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{FE85E37F-13CD-46C2-AB92-57887AEDBC6D}] => (Allow) H:\Steam\steamapps\common\Apex Legends\EasyAntiCheat_launcher.exe => No File
FirewallRules: [{7DA3392F-F8BF-403C-BE5E-AB5C707A9573}] => (Allow) C:\ffxiv dmg meter\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{64737FCF-6553-4C19-910B-D033A82770C2}] => (Allow) H:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{659DA952-4F4A-42E5-BFA9-30C98BFE8225}] => (Allow) H:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe => No File
FirewallRules: [{C5854605-132C-4C56-BA59-04A6C6BA5749}] => (Allow) H:\Steam\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{A4322D16-1125-42DC-B426-626FDB495458}] => (Allow) H:\Steam\steamapps\common\Destiny 2\destiny2launcher.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [TCP Query User{D80959ED-2136-469B-A4A9-7A88812FF55F}H:\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) H:\steam\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [UDP Query User{E0D2EF1F-272E-49AB-A601-49A917759FC9}H:\steam\steamapps\common\destiny 2\destiny2.exe] => (Allow) H:\steam\steamapps\common\destiny 2\destiny2.exe (Bungie Inc. -> Bungie)
FirewallRules: [TCP Query User{DFCB079D-269C-4D66-B065-B7E3667FA641}H:\program files\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) H:\program files\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{8BAA3D30-C810-4C88-8B8D-C0B25D7EDC05}H:\program files\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe] => (Allow) H:\program files\heroes of the storm\versions\base86938\heroesofthestorm_x64.exe => No File
FirewallRules: [{EBFC2AA9-567E-4737-8863-63D87B0B6927}] => (Allow) H:\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [{3B9C3AEC-A15B-4B3A-9608-C0FAB90992A1}] => (Allow) H:\Steam\steamapps\common\Monster Hunter World\MonsterHunterWorld.exe (CAPCOM CO., LTD. -> CAPCOM CO., LTD.)
FirewallRules: [TCP Query User{51E24408-1267-4449-AEA1-61EF80C2FEB5}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{C8338DAE-74DA-4702-93C8-1488CC87EED0}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{74E1A4D3-B734-4A47-9664-B12CBF10EF95}] => (Allow) H:\Steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{D09C41F7-3E2B-4164-8FB2-2C7302D70409}] => (Allow) H:\Steam\steamapps\common\Lost Ark\Binaries\Win64\Launch_Game.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{ACCCF367-17DD-4BE6-9EC1-31EB2D11D54D}H:\steam\steamapps\common\lost ark\binaries\win64\lostark.exe] => (Allow) H:\steam\steamapps\common\lost ark\binaries\win64\lostark.exe (SmileGate RPG Inc. -> Smilegate RPG)
FirewallRules: [UDP Query User{84527203-052C-4E89-A315-153E61DD8535}H:\steam\steamapps\common\lost ark\binaries\win64\lostark.exe] => (Allow) H:\steam\steamapps\common\lost ark\binaries\win64\lostark.exe (SmileGate RPG Inc. -> Smilegate RPG)
FirewallRules: [{31458A47-2519-4E52-BF63-B1C6839E94DF}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [{D243B57F-4FB2-4E88-BC49-8FA0A70EDE3F}] => (Allow) c:\program files (x86)\exitlag\exitlag.exe (SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA -> )
FirewallRules: [TCP Query User{12D76259-42DD-4750-AC57-9F5A0F65D614}H:\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) H:\steam\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{22340F08-1F91-458F-B20C-48152AE81A05}H:\steam\steamapps\common\red dead redemption 2\rdr2.exe] => (Allow) H:\steam\steamapps\common\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{BB07CE40-6053-4E43-9803-41E90599098C}H:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) H:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [UDP Query User{C2213B1A-8326-4FE1-9014-9E1B98FD2379}H:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) H:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File
FirewallRules: [TCP Query User{6A3420B3-AD60-4160-A600-09CAADFB020F}H:\program files\heroes of the storm\versions\base88936\heroesofthestorm_x64.exe] => (Allow) H:\program files\heroes of the storm\versions\base88936\heroesofthestorm_x64.exe => No File
FirewallRules: [UDP Query User{042CACAB-2619-466D-AD1E-38312D3DBFA8}H:\program files\heroes of the storm\versions\base88936\heroesofthestorm_x64.exe] => (Allow) H:\program files\heroes of the storm\versions\base88936\heroesofthestorm_x64.exe => No File
FirewallRules: [TCP Query User{C62C1515-853B-46CE-A9DE-D49132C46E68}H:\hon\hon_x64.exe] => (Allow) H:\hon\hon_x64.exe => No File
FirewallRules: [UDP Query User{DDEC6C04-84C0-4EA7-99CE-FDD5C9194074}H:\hon\hon_x64.exe] => (Allow) H:\hon\hon_x64.exe => No File
FirewallRules: [{A20297C7-1BB3-47A2-BECB-D8683C3ECBF1}] => (Allow) H:\Steam\steamapps\common\BattleBit Remastered Playtest\BattleBitEAC.exe => No File
FirewallRules: [{E6EBA096-5645-458F-ADF7-1DEE6D97E662}] => (Allow) H:\Steam\steamapps\common\BattleBit Remastered Playtest\BattleBitEAC.exe => No File
FirewallRules: [{3BF406CA-D68B-453E-87DD-DEF3983CE237}] => (Allow) H:\Steam\steamapps\common\BattleBit Remastered Playtest\EACRepair.exe => No File
FirewallRules: [{7B9201B1-BBA5-4A3A-B403-58809AA13780}] => (Allow) H:\Steam\steamapps\common\BattleBit Remastered Playtest\EACRepair.exe => No File
FirewallRules: [TCP Query User{DEBEC63F-6593-4656-9FBC-7AA2E4749E1F}H:\r5reloaded\r5apex.exe] => (Allow) H:\r5reloaded\r5apex.exe => No File
FirewallRules: [UDP Query User{8FED0CCF-7AA7-49CA-89C3-A1F969FCD604}H:\r5reloaded\r5apex.exe] => (Allow) H:\r5reloaded\r5apex.exe => No File
FirewallRules: [TCP Query User{8FFE7BB0-3B7A-419D-9017-E155925D3BA4}H:\r5reloaded\r5reloaded\r5apex.exe] => (Allow) H:\r5reloaded\r5reloaded\r5apex.exe (Respawn Entertainment) [File not signed]
FirewallRules: [UDP Query User{98AF703B-7FFF-4193-AB1C-F2AD307C26DD}H:\r5reloaded\r5reloaded\r5apex.exe] => (Allow) H:\r5reloaded\r5reloaded\r5apex.exe (Respawn Entertainment) [File not signed]
FirewallRules: [{81BCE212-B33E-4074-8AA7-CE42781F7767}] => (Allow) H:\Steam\steamapps\common\BRAVELY DEFAULT II\Bravely_Default_II.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{8AA4EC9C-F353-46E1-B06B-AF5C629637D0}] => (Allow) H:\Steam\steamapps\common\BRAVELY DEFAULT II\Bravely_Default_II.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [TCP Query User{02549291-DAF4-43D6-B535-D11141F19348}H:\program files\diablo iv\diablo iv.exe] => (Allow) H:\program files\diablo iv\diablo iv.exe => No File
FirewallRules: [UDP Query User{77062657-B318-4C70-92E1-17C4597CB9CC}H:\program files\diablo iv\diablo iv.exe] => (Allow) H:\program files\diablo iv\diablo iv.exe => No File
FirewallRules: [{546D699B-A94A-4E86-94B0-6C56B33CF9ED}] => (Allow) H:\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{19E49CAA-F80B-4AC7-B4F5-926EEC724CB6}] => (Allow) H:\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [TCP Query User{EEB65023-3051-48E9-8726-4ADCF69732D6}H:\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) H:\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{FDF21CA6-88DB-43A1-BB85-CC94FC1B639A}H:\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) H:\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [TCP Query User{FF3C96BA-5390-4109-9749-3B79E23EF0FB}H:\steam\steamapps\common\remnant2\remnant2\binaries\win64\remnant2-win64-shipping.exe] => (Allow) H:\steam\steamapps\common\remnant2\remnant2\binaries\win64\remnant2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{568C90AB-7167-4678-9F1B-23EC75039F58}H:\steam\steamapps\common\remnant2\remnant2\binaries\win64\remnant2-win64-shipping.exe] => (Allow) H:\steam\steamapps\common\remnant2\remnant2\binaries\win64\remnant2-win64-shipping.exe => No File
FirewallRules: [{653152C5-3D6C-4283-9841-8E1C50DEDC03}] => (Allow) H:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{602FD03A-9636-4F9E-943C-316402C48DDF}] => (Allow) H:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{6604D7C7-301E-4566-B778-AA903FBD7225}] => (Allow) H:\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe () [File not signed]
FirewallRules: [{9599318F-DDCE-4D10-A7C9-75EBAB0F06EF}] => (Allow) H:\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe () [File not signed]
FirewallRules: [{E73CB4DD-FCDA-4CE4-9512-54BE3F9709BE}] => (Allow) H:\Steam\steamapps\common\Crying Suns\cs.exe () [File not signed]
FirewallRules: [{87E7757A-FB2D-442F-BAA7-DCAB647BC32F}] => (Allow) H:\Steam\steamapps\common\Crying Suns\cs.exe () [File not signed]
FirewallRules: [{99BFB24A-C5A7-4505-B50D-BF93EE53AE02}] => (Allow) H:\Steam\steamapps\common\Borderlands 3\OakGame\Binaries\Win64\Borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [{E1E8E8E1-4750-48F9-9EFD-D2855F0DD572}] => (Allow) H:\Steam\steamapps\common\Borderlands 3\OakGame\Binaries\Win64\Borderlands3.exe (Gearbox Software, L.L.C. -> Gearbox Software)
FirewallRules: [{F1CB1395-208D-4EE8-821F-4459DE87F5AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B5159489-36AF-4DD6-9560-5AE0B325F8EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{695F0C51-8224-46E2-B2CE-DB5DB908F034}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DAB9A9D5-96BA-4EBF-BE31-302B7B40EAC7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95A8A28A-104C-4A60-8A3E-C760C9D047CF}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Now.gg, INC -> Bluestack Systems, Inc.)
FirewallRules: [{A918083E-37A1-4466-BADD-BEE1311B9AF2}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Now.gg, INC -> COMPANY NAME)
FirewallRules: [{81AC9E61-0D92-4B7C-8794-5659D2F26B83}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Now.gg, INC -> BlueStack Systems)
FirewallRules: [{039E85F0-24C4-4199-95FE-4B8FB4C66F74}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe (Now.gg, INC -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{E91F9E9B-74A7-4451-AB3D-580FB7E7144B}C:\users\tom\appdata\local\discord\app-1.0.9034\discord.exe] => (Block) C:\users\tom\appdata\local\discord\app-1.0.9034\discord.exe => No File
FirewallRules: [UDP Query User{8CD00F11-B23F-4B5A-B6AB-3212CCBB3E95}C:\users\tom\appdata\local\discord\app-1.0.9034\discord.exe] => (Block) C:\users\tom\appdata\local\discord\app-1.0.9034\discord.exe => No File
FirewallRules: [{40D4C87F-DEBE-45B0-B632-29CB2988CB10}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{0B55414C-FBF8-4087-9D58-EB83E23013BE}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{729626D3-FE85-4026-98F2-CEF39E1AAE63}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{6386EBA9-201F-470A-A126-596845163A95}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9AD7C899-70C3-47B0-B82D-A193B9A1E31B}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B2B9DE7A-3A2E-42D2-B873-3C1EE61EFBD9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{440FBE09-76AA-4685-95F8-DE909698F9BD}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{DE69F610-3DDE-4ED9-A66F-24A7A5285A0F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{9E509794-E384-4493-AE63-C29D4132831D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4888DD80-05F1-4599-9661-83DDAB5273A8}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{7D8A4B2C-06F9-4457-AB02-5D6DA5D333CF}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{54EBF9CA-844E-4800-8D96-FC7465AD015A}] => (Allow) H:\Steam\steamapps\common\Sea of Stars\SeaOfStars.exe () [File not signed]
FirewallRules: [{EF2E4F4A-42C5-4AE1-8818-DD460555F7D7}] => (Allow) H:\Steam\steamapps\common\Sea of Stars\SeaOfStars.exe () [File not signed]
FirewallRules: [{24D05DA9-6A40-451E-A5DB-B9C354E33446}] => (Allow) H:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{7F13AAED-9B5E-46A3-8A9A-E883F22AC726}] => (Allow) H:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{28B7134E-E2AA-4662-ABC7-1FBE5A2C8097}] => (Allow) H:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{C1330ECB-A0AA-43A9-9D5E-10EBA2F4033D}] => (Allow) H:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{0BCBE504-3F3C-4F15-A89B-BA757E3741F2}] => (Allow) H:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{DED322AD-1BF3-454D-B4D3-D36DC6F03F93}] => (Allow) H:\Ubisoft\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [TCP Query User{689D841F-343E-4386-807F-F8FE7D28E47E}C:\users\tom\appdata\local\ubisoft\r6siege\rainbowsix.exe] => (Allow) C:\users\tom\appdata\local\ubisoft\r6siege\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [UDP Query User{BF9C81E9-B146-44AD-8215-758939191B2E}C:\users\tom\appdata\local\ubisoft\r6siege\rainbowsix.exe] => (Allow) C:\users\tom\appdata\local\ubisoft\r6siege\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [TCP Query User{F90E1947-512F-4623-BE0F-0C1AA0E71B10}C:\users\tom\appdata\local\ubisoft\r6siege\y9s1.2.0_c8178548_d1893250_s58856_69866602\2275509175\rainbowsix.exe] => (Allow) C:\users\tom\appdata\local\ubisoft\r6siege\y9s1.2.0_c8178548_d1893250_s58856_69866602\2275509175\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [UDP Query User{38804285-68AA-4F3C-94C8-CEF5C37B67B8}C:\users\tom\appdata\local\ubisoft\r6siege\y9s1.2.0_c8178548_d1893250_s58856_69866602\2275509175\rainbowsix.exe] => (Allow) C:\users\tom\appdata\local\ubisoft\r6siege\y9s1.2.0_c8178548_d1893250_s58856_69866602\2275509175\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{6624EF9C-2BDA-4069-BBAB-2BF1BCCB2F08}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{75BD10A0-B27A-483B-8002-0AC0F40671C9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFBD36C0-0A23-4357-B2F5-A86EABF636ED}] => (Allow) LPort=26820
FirewallRules: [{8B6AC03D-FEE6-44F9-8EAE-33D3F074EE54}] => (Allow) LPort=26822

==================== Restore Points =========================

15-05-2024 13:52:29 Windows Modules Installer
22-05-2024 20:29:12 Scheduled Checkpoint
01-06-2024 18:36:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: G19 Gaming Keyboard (Display interface)
Description: G19 Gaming Keyboard (Display interface)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (06/01/2024 06:35:54 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (06/01/2024 06:35:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (06/01/2024 06:35:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on System Reserved (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (06/01/2024 06:35:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/28/2024 04:52:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (05/28/2024 04:52:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (05/26/2024 10:56:19 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (05/26/2024 10:55:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:
=============
Error: (06/03/2024 03:26:06 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (06/03/2024 03:26:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/03/2024 03:26:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error:
The compound file GameInput Service was produced with a newer version of storage.

Error: (06/03/2024 03:26:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/02/2024 06:00:01 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (06/02/2024 02:44:54 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (06/02/2024 02:41:57 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1796) (User: NT AUTHORITY)
Description: The Secure Boot update failed to update a Secure Boot variable with error -2147020471. For more information, please see https://go.microsoft.com/fwlink/?linkid=2169931

Error: (06/02/2024 02:41:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Windows Defender:
================
Date: 2024-06-02 16:19:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-29 16:55:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-27 15:24:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-26 00:52:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-25 18:22:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2023-11-01 02:30:33
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80501102
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security intelligence Version: 1.399.1634.0;1.399.1634.0
Engine Version: 1.1.23090.2007

CodeIntegrity:
===============
Date: 2024-06-03 03:26:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Users\Tom\AppData\Local\Discord\app-1.0.9147\Discord.exe) attempted to load \Device\HarddiskVolume4\ProgramData\obs-studio-hook\graphics-hook64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. A.40 03/08/2018
Motherboard: Micro-Star International Co., Ltd. Z370 GAMING PRO CARBON (MS-7B45)
Processor: Intel® Core™ i7-8700K CPU @ 3.70GHz
Percentage of memory in use: 48%
Total physical RAM: 16337.03 MB
Available physical RAM: 8439.13 MB
Total Virtual: 27601.03 MB
Available Virtual: 16709.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.34 GB) (Free:229.66 GB) (Model: Samsung SSD 860 PRO 512GB) NTFS
Drive d: () (Fixed) (Total:244.14 GB) (Free:32.73 GB) (Model: Maxtor 7H500F0) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) (Model: Hitachi HDS723020BLA642) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:221.61 GB) (Free:23.74 GB) (Model: Maxtor 7H500F0) NTFS
Drive g: () (Fixed) (Total:1862.07 GB) (Free:1252.05 GB) (Model: Hitachi HDS723020BLA642) NTFS
Drive h: (970 SSD) (Fixed) (Total:931.51 GB) (Free:47.46 GB) (Model: Samsung SSD 970 EVO Plus 1TB) NTFS

\\?\Volume{1d319e9e-3ae2-41b2-8719-4cdbcaa06ec1}\ () (Fixed) (Total:0.49 GB) (Free:0.06 GB) NTFS
\\?\Volume{1e300534-0000-0000-0000-a0a3d1010000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS
\\?\Volume{2f4e3739-2c06-4230-93c3-f0292b05cad8}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 5D4C8ED4)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0F1C0F1B)
Partition 1: (Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.6 GB) - (Type=0F Extended)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 1E300534)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=469 MB) - (Type=27)

==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: EB28B358)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================