content copied
content
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
C:\Users\diego\AppData\Roaming\Mozilla\Firefox\Profiles\vae7yv4k.default-release\Extensions\[email protected]
2026-06-23 22:35 - 2026-06-23 22:35 - 000000000 ____D C:\Users\diego\AppData\Roaming\RenPy
PowerShell: Remove-MpPreference -ExclusionPath "C:\Games"
PowerShell: Remove-MpPreference -ExclusionPath "D:\Games"
PowerShell: Remove-MpPreference -ExclusionPath "C:\Windows\SystemTemp\JackettUpdate-v0.24.504-639020239082305230"
PowerShell: Remove-MpPreference -ExclusionPath "C:\Windows\SystemTemp\JackettUpdate-v0.24.790-639035944633084627"
PowerShell: Remove-MpPreference -ExclusionPath "C:\Windows\SystemTemp"
PowerShell: Remove-MpPreference -ExclusionPath "C:\ProgramData\Jackett"
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {0BB36A32-0D9E-4297-AFD7-6BD7B5DB4C9B} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S2 NativePushService; "C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe" (No File)
CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{0e065295-40e5-fbff-a113-a775a5c84d70}\localserver32 -> "C:\Program Files (x86)\Steam\steamapps\common\DSX\Main\DSX.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{13be76c7-b3a6-9374-07a3-7b0ab4fc62fb}\localserver32 -> "C:\Users\diego\Downloads\Text-Grab-Self-Contained-2024-03-03\Text-Grab-Self-Contained\Text-Grab.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{c0f42af5-855f-f8f2-3cc9-c23f54cf00ec}\localserver32 -> "C:\Program Files\Nefarius Software Solutions\Nefarius VirtualPad Driver Runtime\NefariusVirtualPadDriverNotifications.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3942013402-3740469761-1670386497-1001_Classes\CLSID\{ecfe587a-46b2-f985-810a-6cedfc2da168}\localserver32 -> "C:\Users\diego\Downloads\DSX\Main\DSX.exe" -ToastActivated => No File
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers3: [HashCheck Shell Extension] -> {705977C7-86CB-4743-BFAF-6908BD19B7B0} => C:\Windows\system32\ShellExt\HashCheck.dll -> No File
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => -> No File
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\NotAllowedUnattendedBugReports:5E1E912DBE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\NotAllowedUnattendedBugReports:AC55BD64A0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative App.lnk:C1E221B7EC [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegación privada con Firefox.lnk:B9E392F4E7 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGBFusion.lnk:3BC5874B9C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGBFusion.lnk:F3508893EB [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk:7AD7FA8AB1 [3442]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [6596]
AlternateDataStreams: C:\Users\Public\Documents\install-log-admin.txt:20FCFC4171 [3442]
FirewallRules: [UDP Query User{37739869-06AD-41A0-AFAB-F3802B959A0F}C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe] => (Block) C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe => No File
FirewallRules: [TCP Query User{0CE914EF-A712-4F3D-89EA-D56B1443B5CD}C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe] => (Block) C:\program files (x86)\dodi-repacks\dragon ball fighterz\red\binaries\win64\red-win64-shipping.exe => No File
FirewallRules: [UDP Query User{97529252-3F48-4934-966A-AFFBE0FAFD26}D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe] => (Block) D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe => No File
FirewallRules: [TCP Query User{EDF59BA6-154C-4168-8740-DFD0689672BC}D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe] => (Block) D:\games\sonicracingcrossworlds\union\binaries\win64\sonicracingcrossworldssteam.exe => No File
FirewallRules: [UDP Query User{CE47FC66-1AA3-4C87-A79D-DD6A9199AF72}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [TCP Query User{3CEB33D4-FB02-4F4D-A43A-D34667D6E8D9}C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe] => (Allow) C:\program files\windowsapps\openai.chatgpt-desktop_1.2025.258.0_x64__2p2nqsd0c76g0\app\chatgpt.exe => No File
FirewallRules: [UDP Query User{ADA98E11-AD53-4DF3-BB89-7044D0ACB661}C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{D724F169-7A51-4664-BDA0-B4BC48124A26}C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{38290A4A-3463-4318-8C12-801E511FC7AE}D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe] => (Block) D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A2799249-D57D-4277-8DDE-504702AA727E}D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe] => (Block) D:\games\keeper\keeper\binaries\win64\keeper-win64-shipping.exe => No File
FirewallRules: [UDP Query User{05D43AD7-CC2D-4150-AD3C-BBF8B91BB045}D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File
FirewallRules: [TCP Query User{7448DDFC-3C1B-495D-804B-23AEAA6A592E}D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old countryy\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File
FirewallRules: [UDP Query User{153389EA-D0DF-495D-A73E-859E663213BB}D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File
FirewallRules: [TCP Query User{5EF99205-E0EF-462A-A98E-8BEE5EB907A5}D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe] => (Block) D:\games\mafia the old country\mafiatheoldcountry\binaries\win64\mafiatheoldcountry.exe => No File
FirewallRules: [UDP Query User{6B7AC087-FB2C-4C29-857C-E40F0BA9FE9E}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{1B20CAAE-4D9A-4350-BB9B-DFB6AACB8953}D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{2FBE7AE3-A9CD-4D20-B740-D06599001E4F}D:\alice\american mcgee's alice\data\alice.exe] => (Block) D:\alice\american mcgee's alice\data\alice.exe => No File
FirewallRules: [TCP Query User{6EB881EB-9F1E-4C37-BDC5-B84FB265DA92}D:\alice\american mcgee's alice\data\alice.exe] => (Block) D:\alice\american mcgee's alice\data\alice.exe => No File
FirewallRules: [UDP Query User{5A82ACEB-A068-4B7B-BEC4-F2A5E753F98B}C:\games\assassin's creed shadows\acshadows.exe] => (Allow) C:\games\assassin's creed shadows\acshadows.exe => No File
FirewallRules: [TCP Query User{D5337A92-BD49-475D-8D79-C09201DE3D96}C:\games\assassin's creed shadows\acshadows.exe] => (Allow) C:\games\assassin's creed shadows\acshadows.exe => No File
FirewallRules: [UDP Query User{F1611A47-0C0F-4289-A9A8-7B53C6BE6E1D}C:\games\grand theft auto v enhanced\gta5_enhanced.exe] => (Block) C:\games\grand theft auto v enhanced\gta5_enhanced.exe => No File
FirewallRules: [TCP Query User{D1DCBE26-7257-437F-8958-1A6E2082C2F1}C:\games\grand theft auto v enhanced\gta5_enhanced.exe] => (Block) C:\games\grand theft auto v enhanced\gta5_enhanced.exe => No File
FirewallRules: [{283F973E-3A3B-471A-B246-6DDBB2527317}] => (Allow) C:\Program Files\Ablaze Floorp\floorp.exe => No File
FirewallRules: [UDP Query User{3D29D794-C04B-45DF-B30C-5763D94A6CB1}C:\users\diego\downloads\anydesk.exe] => (Allow) C:\users\diego\downloads\anydesk.exe => No File
FirewallRules: [TCP Query User{129A386E-5078-47DD-950B-38F7FD229136}C:\users\diego\downloads\anydesk.exe] => (Allow) C:\users\diego\downloads\anydesk.exe => No File
FirewallRules: [UDP Query User{E5763629-17C9-4E4E-B751-7A56C3EAAB6C}C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe] => (Allow) C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe => No File
FirewallRules: [TCP Query User{22623F4F-749D-42E6-BDEA-C3335DA455E9}C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe] => (Allow) C:\users\diego\downloads\pummel party\pummel party\pummelparty.exe => No File
FirewallRules: [UDP Query User{5E28692E-0D07-44E1-9A06-63ED4273EC73}C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe] => (Allow) C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe => No File
FirewallRules: [TCP Query User{A396A746-996F-4E13-8707-1B36B805B7EF}C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe] => (Allow) C:\games\lifeisstrangedoubleexposure\chronos\binaries\win64\chronos-win64-shipping.exe => No File
FirewallRules: [UDP Query User{21099F56-480E-4720-8B4E-DEFC60C5FF69}C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe] => (Allow) C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe => No File
FirewallRules: [TCP Query User{4B0600A4-E829-431C-83C8-318D68D96FCA}C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe] => (Allow) C:\users\diego\downloads\d.h.s.z.ue.v2007.006.003.004.003.b16752936-gdz\game\dragon ball sparking! zero\sparkingzero\binaries\win64\sparkingzero-win64-shipping.exe => No File
FirewallRules: [UDP Query User{49E57690-CADF-4A2C-9FF9-72EBF07824C0}C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe] => (Allow) C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe => No File
FirewallRules: [TCP Query User{857ECFC0-B9F4-4216-A497-44A77A050A8D}C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe] => (Allow) C:\users\diego\downloads\platform-tools-latest-windows\platform-tools\adb.exe => No File
FirewallRules: [UDP Query User{1C4C61FD-6B52-4405-9BF2-D53FAB9A5FE8}C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe] => (Block) C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe => No File
FirewallRules: [TCP Query User{29E06DDB-5CB8-4AFD-B67E-75B1E7E37054}C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe] => (Block) C:\games\gta san andreas definitive edition\gameface\binaries\win64\sanandreas.exe => No File
FirewallRules: [UDP Query User{AC09147D-6B05-4D59-A50D-3508F5A83CB1}C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe] => (Block) C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe => No File
FirewallRules: [TCP Query User{A907AA4D-F7EE-40C3-90C4-0C48E2C4E9A4}C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe] => (Block) C:\games\gta vice city definitive edition\gameface\binaries\win64\vicecity.exe => No File
FirewallRules: [UDP Query User{554C3E49-28C8-46A8-81A7-B33D02744948}C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe] => (Block) C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe => No File
FirewallRules: [TCP Query User{D45CE5BA-78BA-4950-92E7-4C31718AD0D2}C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe] => (Block) C:\games\gta iii definitive edition\gameface\binaries\win64\libertycity.exe => No File
FirewallRules: [UDP Query User{494AC611-ADD5-4FB0-BA60-A6CB23E873F8}C:\xboxgames\call of duty\content\sp24\sp24-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp24\sp24-cod.exe => No File
FirewallRules: [TCP Query User{8751167A-8E2A-46B4-9A26-C9467AB08009}C:\xboxgames\call of duty\content\sp24\sp24-cod.exe] => (Allow) C:\xboxgames\call of duty\content\sp24\sp24-cod.exe => No File
FirewallRules: [UDP Query User{D8F3B155-3BB7-42A1-BD87-C144E6ED673C}C:\games\god of war ragnarok\gowr.exe] => (Allow) C:\games\god of war ragnarok\gowr.exe => No File
FirewallRules: [TCP Query User{9AA65343-F88B-4973-85B7-CA73660A61E4}C:\games\god of war ragnarok\gowr.exe] => (Allow) C:\games\god of war ragnarok\gowr.exe => No File
FirewallRules: [UDP Query User{17464671-B858-4385-B4CF-1CEF9B5585CD}C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe => No File
FirewallRules: [TCP Query User{7C65264E-D5EA-43D0-8342-B221982BACE3}C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dsx\main\dsx.exe => No File
FirewallRules: [UDP Query User{75D982DC-B598-40C0-A7E9-E60FAC86AD25}C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe] => (Allow) C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{7DFDE4DC-D636-4438-9CE8-5B384BDD180C}C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe] => (Allow) C:\xboxgames\the gunk\content\dust\binaries\wingdk\dust-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{DBDA5D91-93C4-4F58-95F9-C47F0DC7EE4D}C:\xboxgames\call of duty\content\cod.exe] => (Allow) C:\xboxgames\call of duty\content\cod.exe => No File
FirewallRules: [TCP Query User{BA4107C3-4A10-4D30-9589-6ADCBE56EF5F}C:\xboxgames\call of duty\content\cod.exe] => (Allow) C:\xboxgames\call of duty\content\cod.exe => No File
FirewallRules: [UDP Query User{C08845CF-9614-41E0-BF6A-DC2B12FB5988}C:\xboxgames\quake\content\bastet_winstore.exe] => (Allow) C:\xboxgames\quake\content\bastet_winstore.exe => No File
FirewallRules: [TCP Query User{ABAC5C16-E3FE-4828-A194-799E14F933BA}C:\xboxgames\quake\content\bastet_winstore.exe] => (Allow) C:\xboxgames\quake\content\bastet_winstore.exe => No File
FirewallRules: [UDP Query User{86250C7C-560B-4D59-954B-F54E7D41BE51}C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe] => (Allow) C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{ECCD0E64-E851-4288-9A2F-832D5E9EE09F}C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe] => (Allow) C:\xboxgames\senua-s saga- hellblade 2\content\hellblade2\binaries\wingdk\hellblade2-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{30B21E61-F204-4399-87CE-ABC2EE02CF3F}C:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) C:\xboxgames\gang beasts\content\gang beasts.exe => No File
FirewallRules: [TCP Query User{8C1C3B7C-D2E7-45C4-86EC-3A67233C7728}C:\xboxgames\gang beasts\content\gang beasts.exe] => (Allow) C:\xboxgames\gang beasts\content\gang beasts.exe => No File
FirewallRules: [UDP Query User{44075A7F-EFAE-4C32-91BD-F9A59A4A0EDC}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [TCP Query User{6D95CDB3-7574-4EEF-88C3-A678B0E83AC7}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{F547B9BA-DE4B-41F7-8B7A-C70EA53B12AB}C:\users\diego\downloads\dsx\main\dsx.exe] => (Allow) C:\users\diego\downloads\dsx\main\dsx.exe => No File
FirewallRules: [TCP Query User{D7CAE005-58E0-4687-8D68-EDC83C5A2F34}C:\users\diego\downloads\dsx\main\dsx.exe] => (Allow) C:\users\diego\downloads\dsx\main\dsx.exe => No File
FirewallRules: [UDP Query User{FB3B9FF2-C86E-48B5-B10C-58098679ED63}C:\games\god of war\gow.exe] => (Block) C:\games\god of war\gow.exe => No File
FirewallRules: [TCP Query User{545924F9-74DC-4E69-B97C-013F5BFB1D93}C:\games\god of war\gow.exe] => (Block) C:\games\god of war\gow.exe => No File
FirewallRules: [UDP Query User{862BED6B-6E20-4AA9-9DF0-D6A411E28486}C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [TCP Query User{AC121CB6-5584-4E12-8F25-53B521C4ACB5}C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\games\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe => No File
FirewallRules: [UDP Query User{E7C00ACB-A44C-4DE1-B5B1-87DBEE09D74E}C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe] => (Allow) C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{CF2CDC19-575B-489E-B543-2453B7C45844}C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe] => (Allow) C:\xboxgames\palworld\content\pal\binaries\wingdk\palworld-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{0FAB96D0-B5E5-4C34-84EE-A92EE65E91A3}C:\users\diego\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\diego\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [TCP Query User{6DB1C05B-25C6-45B6-A0F0-E0602CCA7EA4}C:\users\diego\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\diego\appdata\local\programs\opera gx\opera.exe => No File
FirewallRules: [UDP Query User{9EBFCDBB-27F8-4989-B52D-CDBD48128E54}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{9DB05DA8-A616-4E8A-9F69-604ADF53A769}C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{049D45DD-D3BB-4FD4-8F4E-F4651C7F2B6E}C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe] => (Block) C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe => No File
FirewallRules: [TCP Query User{B262E9A7-022A-4E8E-8F3B-BB7103A0ACDE}C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe] => (Block) C:\games\uncharted legacy of thieves collection-insaneramzes\tll-l.exe => No File
FirewallRules: [UDP Query User{92A5E1EC-5B6A-45D4-A97A-06A5B14C9217}C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe] => (Allow) C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{AC127831-F894-4D87-9072-354E3FFEF080}C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe] => (Allow) C:\xboxgames\jusant\content\asc\binaries\wingdk\asc-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{4E66D16E-E748-4CD2-8A89-AA91B0A272DE}C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe => No File
FirewallRules: [TCP Query User{F4FF62EB-3CA5-4291-88F1-F05E3A5C65EA}C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\u4.exe => No File
FirewallRules: [UDP Query User{32B7E7DE-6CA3-4B78-8410-9564A7980786}C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe => No File
FirewallRules: [TCP Query User{1C33BA73-1A6B-46DA-89AB-0D4C29740DBE}C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe] => (Allow) C:\games\uncharted legacy of thieves collection-insaneramzes\tll.exe => No File
FirewallRules: [UDP Query User{82E7DA00-EE29-4012-BBBA-15688EB4EE1F}C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe] => (Allow) C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe => No File
FirewallRules: [TCP Query User{6893C960-B33C-4870-A64D-ACE1151245F7}C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe] => (Allow) C:\xboxgames\gotham knights\content\mercury\binaries\wingdk\gothamknights.exe => No File
FirewallRules: [{CC06A603-38AD-4008-8B30-5CC8F887405D}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe => No File
FirewallRules: [{F6581DF6-F3F4-4B65-A6B1-CA49B0019B63}] => (Allow) C:\Program Files\GIGABYTE\Control Center\GCC.exe => No File
FirewallRules: [UDP Query User{1373E386-075E-45D3-AB6B-FEC1EF610F0A}C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe] => (Allow) C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe => No File
FirewallRules: [TCP Query User{E9909C36-B9C8-49DE-8909-F350EB71DFA3}C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe] => (Allow) C:\xboxgames\ghostwire- tokyo\content\snowfall\binaries\wingdk\gwt.exe => No File
FirewallRules: [UDP Query User{AA822E9C-EF78-4AA4-A99C-ED9FEE6BDD3A}C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{E68704AB-8AD4-4C1B-ACAE-4CE066497764}C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe] => (Allow) C:\xboxgames\high on life\content\oregon\binaries\wingdk\oregon-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{5226E9F8-B275-4317-B90E-06B6F305F8BD}C:\users\diego\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\diego\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [TCP Query User{4FFD8EB9-224F-4B80-B892-46F8C1CC6D74}C:\users\diego\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\diego\appdata\roaming\spotify\spotify.exe => No File
FirewallRules: [UDP Query User{B39C177C-78FC-43B2-86D9-B6EE4995651E}C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{B3EFE1BC-90FA-4A2E-9F50-652528338621}C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) C:\gog games\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [{F1CAD067-7E97-4996-8E77-38AB1BC7013C}] => (Allow) C:\Program Files\Tailscale\tailscaled.exe => No File
FirewallRules: [{A75C54A5-66AF-4D6B-811C-0AE9A1144F37}] => (Block) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File
FirewallRules: [{2AADAA3B-392C-43B5-B52B-69CDAEA7EFCD}] => (Block) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File
FirewallRules: [UDP Query User{D7B39D89-CC0C-4C62-A9A9-64FB4E6B05B6}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File
FirewallRules: [TCP Query User{90736F61-C3B1-47AE-8390-6C5016C3E037}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe => No File
FirewallRules: [{E76F98E6-3C61-4782-91BA-AAA55FD2B8D3}] => (Block) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{DD12D601-389E-4D2B-8933-CDD2C727F708}] => (Block) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File
FirewallRules: [UDP Query User{54C7DC62-5D6F-4CB2-A1D5-201BEE0D4111}C:\program files\epic games\dyinglight\dyinglightgame.exe] => (Allow) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File
FirewallRules: [TCP Query User{F7E19106-E7CF-4DD8-8D90-212B4BB65CEE}C:\program files\epic games\dyinglight\dyinglightgame.exe] => (Allow) C:\program files\epic games\dyinglight\dyinglightgame.exe => No File
FirewallRules: [{1FF75366-EE73-4B58-9B07-E2E54270B385}] => (Block) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File
FirewallRules: [{395139F6-1B8D-4846-8FDB-2B8D81930F47}] => (Block) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{AABFF7B5-64AE-466E-A7F6-6B6924DC2240}C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe] => (Allow) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{EE2A928C-24F9-4B1A-98F4-EB0233FB62BB}C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe] => (Allow) C:\xboxgames\atomic heart\content\atomicheart\binaries\wingdk\atomicheart-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{5FF5C0E1-B777-4182-A510-8811B0B5558D}C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe] => (Allow) C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe => No File
FirewallRules: [TCP Query User{7B11DE30-2AB7-47BE-88B0-F13CCEA27BAB}C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe] => (Allow) C:\xboxgames\hi-fi rush\content\hibiki\binaries\wingdk\hi-fi-rush.exe => No File
FirewallRules: [UDP Query User{7467CE11-5DB6-43BB-86CE-172B76C108A8}C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Block) C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [TCP Query User{47A31C43-E760-4439-A552-EC41BA7F9152}C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe] => (Block) C:\games\hogwarts legacy\phoenix\binaries\win64\hogwartslegacy.exe => No File
FirewallRules: [UDP Query User{1F05FF42-F3D5-495E-9686-8B56A439161F}C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe] => (Allow) C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe => No File
FirewallRules: [TCP Query User{EC15CD3B-BEF9-49C1-9058-4E5449F3B805}C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe] => (Allow) C:\games\hot wheels unleashed\hotwheels\binaries\win64\hotwheels-win64-shipping.exe => No File
FirewallRules: [UDP Query User{1516BB78-3623-48B5-B326-4EA31C32E8A9}C:\games\capcom fighting collection\capcomfightingcollection.exe] => (Allow) C:\games\capcom fighting collection\capcomfightingcollection.exe => No File
FirewallRules: [TCP Query User{C53934C5-15C8-4CDF-81E7-5924AFDC851C}C:\games\capcom fighting collection\capcomfightingcollection.exe] => (Allow) C:\games\capcom fighting collection\capcomfightingcollection.exe => No File
FirewallRules: [UDP Query User{F5654A10-C9D0-4B29-92F1-635354824C46}C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe] => (Allow) C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe => No File
FirewallRules: [TCP Query User{EB8A4A71-600F-4832-A8E0-737F1B00FFA9}C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe] => (Allow) C:\users\diego\downloads\rpcs3-v0.0.26-14636-3202cc70_win64\rpcs3.exe => No File
FirewallRules: [UDP Query User{F1D25F3F-7405-44F2-83DB-2500949696DF}C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe] => (Allow) C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{3B2333A4-1E44-427E-811F-CADB788230A6}C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe] => (Allow) C:\xboxgames\dead by daylight\content\deadbydaylight\binaries\wingdk\deadbydaylight-wingdk-shipping.exe => No File
FirewallRules: [{52325509-D12B-48EA-A0F4-80E9E1BF0196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Setup.exe => No File
FirewallRules: [{DA8A00B0-7F69-400A-BA18-53677AA8D6AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Setup.exe => No File
FirewallRules: [{CE3CF723-B1F8-467A-AF07-F2A4614C029F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [{200231B3-52B1-40A8-982B-85256C93FFB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mafia\Mafia\Game.exe => No File
FirewallRules: [UDP Query User{2894DEC3-4752-4100-9490-5625D357F548}C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{4BAEDA89-C5ED-4637-A99D-E0E2031C84FA}C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe] => (Allow) C:\xboxgames\psychonauts 2\content\psychonauts2\binaries\wingdk\psychonauts2-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{B5325E5D-1CC9-4AB6-A884-7D7D75F7A676}C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe] => (Allow) C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe => No File
FirewallRules: [TCP Query User{DEDD5AC1-C88B-4F4B-92F6-1AC7572F8B33}C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe] => (Allow) C:\xboxgames\life is strange- true colors™\content\siren\binaries\wingdk\siren-wingdk-shipping.exe => No File
FirewallRules: [UDP Query User{997EC5A7-EFF5-401A-BA92-F25DEDC82CA1}C:\program files (x86)\zotacfirestorm\firestorm.exe] => (Allow) C:\program files (x86)\zotacfirestorm\firestorm.exe => No File
FirewallRules: [TCP Query User{2829D1D5-1637-427F-A658-3D3F48C015FE}C:\program files (x86)\zotacfirestorm\firestorm.exe] => (Allow) C:\program files (x86)\zotacfirestorm\firestorm.exe => No File
FirewallRules: [{EFFDBC86-7B9C-4A2C-A436-60F842E860F9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{6820FF51-58D3-465F-8A10-AED1CCD8521B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{844C536B-6F65-4958-86EC-59A0AB0BD6FE}C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe] => (Block) C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6C8E029D-45DA-40C7-B6A6-FE768E1D3A03}C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe] => (Block) C:\users\diego\downloads\clair.obscur.expedition.33.rexagames.com\sandfall\binaries\win64\sandfall-win64-shipping.exe => No File
FirewallRules: [{339049FD-5680-4FEE-991D-7C802E5E967F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe => No File
FirewallRules: [{A4827D87-DF68-49B2-8DC6-E01A15C1E663}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe => No File
FirewallRules: [TCP Query User{8AD1D64E-02FE-415D-8662-9E621ACCBE90}C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe] => (Block) C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe => No File
FirewallRules: [UDP Query User{A3E2291E-027F-4703-91C1-3648E4EFEFA7}C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe] => (Block) C:\users\diego\downloads\replanted.v1.5.0.rexagames.com\replanted.exe => No File
FirewallRules: [TCP Query User{D59164EE-17D1-4AB8-ABE0-4242341313C1}C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe] => (Allow) C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe => No File
FirewallRules: [UDP Query User{A0BD59C5-463A-454E-B502-348B7965929D}C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe] => (Allow) C:\users\diego\downloads\scrcpy-win64-v3.3.4\scrcpy-win64-v3.3.4\adb.exe => No File
FirewallRules: [{1FE4B1DD-B75C-4C8A-A934-33C93C450D7A}] => (Allow) C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{20309CBB-2507-4B49-B60E-61523F72EB1C}] => (Allow) C:\Users\diego\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [TCP Query User{65CA0E62-6428-49F7-BC21-4EA2F1D24E4E}D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe] => (Block) D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe => No File
FirewallRules: [UDP Query User{1BD62AE3-49FB-428D-99C5-AB9A7CB3A727}D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe] => (Block) D:\games\yakuza 0 director's cut\runtime\media\yakuza0_dc.exe => No File
FirewallRules: [TCP Query User{848D3F4A-69B8-40D1-9F88-ECF1DE4887BA}D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe] => (Block) D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe => No File
FirewallRules: [UDP Query User{B8BCEFDF-CFF1-407F-A34E-2E8578C5A26C}D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe] => (Block) D:\games\pico-park-ankergames\pico-park-ankergames\pico_park.exe => No File
FirewallRules: [TCP Query User{EF7D866A-CCB1-4D8F-B484-97CFF32887ED}C:\games\resident evil requiem\re9.exe] => (Block) C:\games\resident evil requiem\re9.exe => No File
FirewallRules: [UDP Query User{5346FF8C-17F8-4B3B-950A-DE741645A1D5}C:\games\resident evil requiem\re9.exe] => (Block) C:\games\resident evil requiem\re9.exe => No File
FirewallRules: [TCP Query User{D92198B5-5516-4564-A34D-E5A34F559323}D:\games\reanimal\everholm\binaries\win64\reanimal.exe] => (Block) D:\games\reanimal\everholm\binaries\win64\reanimal.exe => No File
FirewallRules: [UDP Query User{E5E556AF-C84F-4A47-8F1E-6112BFF0BEB0}D:\games\reanimal\everholm\binaries\win64\reanimal.exe] => (Block) D:\games\reanimal\everholm\binaries\win64\reanimal.exe => No File
FirewallRules: [TCP Query User{6C5D50C6-E0B0-41FE-A907-47C225227BE2}D:\games\scott pilgrim vs the world\scott.exe] => (Block) D:\games\scott pilgrim vs the world\scott.exe => No File
FirewallRules: [UDP Query User{DC88EA26-6566-407E-ADE6-C9BB5FC71D93}D:\games\scott pilgrim vs the world\scott.exe] => (Block) D:\games\scott pilgrim vs the world\scott.exe => No File
FirewallRules: [TCP Query User{25FF0C68-591D-4445-B94E-F63893113498}D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe] => (Allow) D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe => No File
FirewallRules: [UDP Query User{43676CDB-CC41-465C-827F-AAAB18930E3A}D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe] => (Allow) D:\setup\armgddn browser\skybox vr video player v14717419(1.1.8) -armgddn\steamvr_sourcevrplayer.exe => No File
FirewallRules: [TCP Query User{9B83C390-6E67-4950-894C-EEF762DB3965}D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe] => (Block) D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe => No File
FirewallRules: [UDP Query User{EF27A2F7-1BA8-4318-8A78-955E6E282E14}D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe] => (Block) D:\games\psychonauts in the rhombus of ruin\psychonautsintherhombusofruin\binaries\win64\psychonautsintherhombusofruin-win64-shipping.exe => No File
FirewallRules: [TCP Query User{5A26255D-E8A3-48D2-9087-AB1C5F53FE35}D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe] => (Block) D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe => No File
FirewallRules: [UDP Query User{200D7343-E05F-4686-8047-514B3E49E0F8}D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe] => (Block) D:\games\beat saber (1.42.3_15380 all dlc)\beat saber.exe => No File
FirewallRules: [TCP Query User{9520B8D8-150A-4116-BE04-4B2E21834848}C:\games\resident evil requiem biohazard requiem\re9.exe] => (Block) C:\games\resident evil requiem biohazard requiem\re9.exe => No File
FirewallRules: [UDP Query User{CC8F6A72-F786-4F79-AAFC-02B0338B1F65}C:\games\resident evil requiem biohazard requiem\re9.exe] => (Block) C:\games\resident evil requiem biohazard requiem\re9.exe => No File
FirewallRules: [TCP Query User{8C1C38C1-C91A-4304-8300-9F26914FD6B0}D:\games\the binding of isaac rebirth\isaac-ng.exe] => (Block) D:\games\the binding of isaac rebirth\isaac-ng.exe => No File
FirewallRules: [UDP Query User{94D396E3-A1A5-4EB2-A172-EB9A1BD696AA}D:\games\the binding of isaac rebirth\isaac-ng.exe] => (Block) D:\games\the binding of isaac rebirth\isaac-ng.exe => No File
FirewallRules: [TCP Query User{71B9CD87-FFD2-4EDB-96D4-07E3721FF4FF}D:\games\fruit ninja vr 2\fruit ninja vr 2.exe] => (Block) D:\games\fruit ninja vr 2\fruit ninja vr 2.exe => No File
FirewallRules: [UDP Query User{A9835656-DAF6-4B80-839B-E38BABCB436E}D:\games\fruit ninja vr 2\fruit ninja vr 2.exe] => (Block) D:\games\fruit ninja vr 2\fruit ninja vr 2.exe => No File
FirewallRules: [TCP Query User{719771AA-EA79-4939-B3B2-E6768B4AD202}D:\games\pools\pools.exe] => (Block) D:\games\pools\pools.exe => No File
FirewallRules: [UDP Query User{921E217C-3298-43E3-B2B5-F3E01DE07006}D:\games\pools\pools.exe] => (Block) D:\games\pools\pools.exe => No File
FirewallRules: [TCP Query User{9039F69B-4D90-4BFE-8AB8-65A66F59091E}D:\games\pools\poolsvr\pools.exe] => (Block) D:\games\pools\poolsvr\pools.exe => No File
FirewallRules: [UDP Query User{41EBC287-37D9-4D9B-81C5-925B7845C732}D:\games\pools\poolsvr\pools.exe] => (Block) D:\games\pools\poolsvr\pools.exe => No File
FirewallRules: [{F50B0B41-386D-49D6-B61B-9573572A8D02}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe => No File
FirewallRules: [{670EA020-2760-4411-A65F-7B094F5CC828}] => (Allow) C:\Program Files (x86)\arcai.com\aips.exe => No File
FirewallRules: [{E406AAC3-7256-4114-ACA0-57FFFE3F0B4E}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe => No File
FirewallRules: [{EA20ED7B-949D-483A-B38A-85A5A77741BD}] => (Allow) C:\Program Files (x86)\arcai.com\netcut_windows.exe => No File
FirewallRules: [{86CABB58-0CD2-4B4E-8A68-3377EBB772C5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe => No File
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\Software\Classes\.cmd: => <==== ATTENTION
Folder: C:\ProgramData\Jackett
File: C:\Program Files\fpsVR\fpsvrCPUTempCounterService.exe
Comment: This snippet reverts SmartScreen settings to default
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"SmartScreenEnabled"="Warn"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter]
"EnabledV9"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost]
"EnableWebContentEvaluation"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AppHost]
"EnableWebContentEvaluation"=dword:00000001
[HKU\S-1-5-21-3942013402-3740469761-1670386497-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost]
"EnableWebContentEvaluation"=dword:00000001
EndRegedit:
HKLM\Software\Policies\...\system: [ShellSmartScreenLevel] Warn
StartPowerShell:
# This snippet re-enables Windows Defender and applies optimized settings to ensure high protection against malware
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false
# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable PUP detection
Set-MpPreference -PUAProtection Enabled
# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4
# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2
# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1
# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled
# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false
# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false
# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false
# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false
# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30
# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false
# Enables script detection
Set-MpPreference -DisableScriptScanning $false
# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1
# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0
# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0
# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true
# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12
# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine
# Updates signatures
Update-MpSignature
EndPowerShell:
StartPowershell:
# Replace /scanonly with /clean if you also want to delete items -- however, this will activate a trial license on the system, I do not recommend it
$hmpExe = "$env:TEMP\HitmanPro_x64.exe"
$logFile = "$env:TEMP\HitmanPro_ScanLog.txt"
Invoke-WebRequest -Uri "https://dl.surfright.nl/HitmanPro_x64.exe" -OutFile $hmpExe -UseBasicParsing
$proc = Start-Process $hmpExe -ArgumentList "/ews","/scanonly","/noinstall","/log=`"$logFile`"","/logtype=txt" -Wait -PassThru
if (!(Test-Path $logFile)) { Write-Host "Scan failed (exit $($proc.ExitCode))"; exit 1 }
Get-Content $logFile -Encoding Unicode
EndPowershell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
# NOTE: For the sake of users from Asia (primarily China), do not use the clean option. It will very likely remove a lot of their important software.
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
Comment: Verify that Discord does not have any injected code to intercept personal data. If anything is prompted here, it needs to be checked that it isn't malicious code.
Powershell: @("$env:APPDATA","$env:LOCALAPPDATA") | ForEach-Object { Get-ChildItem $_ -Recurse -Filter "index.js" -ErrorAction SilentlyContinue } | Where-Object { $_.FullName -match "discord_desktop_core" } | ForEach-Object { Write-Host "--- $($_.FullName) ---"; (Get-Content $_.FullName -Raw).Substring(0,[Math]::Min(2000,(Get-Content $_.FullName -Raw).Length)) }
Comment: Remove unwanted files from common folders using native removal power of Farbar to include remove on reboot if needed. Please double check the user does not have any applications incorrectly installed in the directories listed below.
C:\ProgramData\*.a3x
C:\ProgramData\*.ahk
C:\ProgramData\*.au3
C:\ProgramData\*.bat
C:\ProgramData\*.cab
C:\ProgramData\*.cmd
C:\ProgramData\*.com
C:\ProgramData\*.dll
C:\ProgramData\*.exe
C:\ProgramData\*.hta
C:\ProgramData\*.jar
C:\ProgramData\*.js
C:\ProgramData\*.jse
C:\ProgramData\*.lnk
C:\ProgramData\*.pif
C:\ProgramData\*.ps1
C:\ProgramData\*.py
C:\ProgramData\*.pyc
C:\ProgramData\*.pyd
C:\ProgramData\*.scr
C:\ProgramData\*.tmp
C:\ProgramData\*.vbe
C:\ProgramData\*.vbs
C:\ProgramData\*.wsf
C:\ProgramData\*.wsh
C:\ProgramData\*.zip
C:\ProgramData\*.rar
C:\ProgramData\*.7z
C:\Users\*\AppData\Roaming\*.au3
C:\Users\*\AppData\Roaming\*.bat
C:\Users\*\AppData\Roaming\*.cab
C:\Users\*\AppData\Roaming\*.cmd
C:\Users\*\AppData\Roaming\*.com
C:\Users\*\AppData\Roaming\*.dll
C:\Users\*\AppData\Roaming\*.exe
C:\Users\*\AppData\Roaming\*.hta
C:\Users\*\AppData\Roaming\*.jar
C:\Users\*\AppData\Roaming\*.js
C:\Users\*\AppData\Roaming\*.jse
C:\Users\*\AppData\Roaming\*.lnk
C:\Users\*\AppData\Roaming\*.pif
C:\Users\*\AppData\Roaming\*.ps1
C:\Users\*\AppData\Roaming\*.py
C:\Users\*\AppData\Roaming\*.pyc
C:\Users\*\AppData\Roaming\*.pyd
C:\Users\*\AppData\Roaming\*.scr
C:\Users\*\AppData\Roaming\*.tmp
C:\Users\*\AppData\Roaming\*.vbe
C:\Users\*\AppData\Roaming\*.vbs
C:\Users\*\AppData\Roaming\*.wsf
C:\Users\*\AppData\Roaming\*.wsh
C:\Users\*\AppData\Roaming\*.zip
C:\Users\*\AppData\Roaming\*.rar
C:\Users\*\AppData\Roaming\*.7z
C:\Users\CurrentUserName\AppData\Local\*.a3x
C:\Users\CurrentUserName\AppData\Local\*.ahk
C:\Users\CurrentUserName\AppData\Local\*.au3
C:\Users\CurrentUserName\AppData\Local\*.bat
C:\Users\CurrentUserName\AppData\Local\*.cab
C:\Users\CurrentUserName\AppData\Local\*.cmd
C:\Users\CurrentUserName\AppData\Local\*.com
C:\Users\CurrentUserName\AppData\Local\*.dll
C:\Users\CurrentUserName\AppData\Local\*.exe
C:\Users\CurrentUserName\AppData\Local\*.hta
C:\Users\CurrentUserName\AppData\Local\*.jar
C:\Users\CurrentUserName\AppData\Local\*.js
C:\Users\CurrentUserName\AppData\Local\*.jse
C:\Users\CurrentUserName\AppData\Local\*.lnk
C:\Users\CurrentUserName\AppData\Local\*.pif
C:\Users\CurrentUserName\AppData\Local\*.ps1
C:\Users\CurrentUserName\AppData\Local\*.py
C:\Users\CurrentUserName\AppData\Local\*.pyc
C:\Users\CurrentUserName\AppData\Local\*.pyd
C:\Users\CurrentUserName\AppData\Local\*.scr
C:\Users\CurrentUserName\AppData\Local\*.tmp
C:\Users\CurrentUserName\AppData\Local\*.vbe
C:\Users\CurrentUserName\AppData\Local\*.vbs
C:\Users\CurrentUserName\AppData\Local\*.wsf
C:\Users\CurrentUserName\AppData\Local\*.wsh
C:\Users\CurrentUserName\AppData\Local\*.zip
C:\Users\CurrentUserName\AppData\Local\*.rar
C:\Users\CurrentUserName\AppData\Local\*.7z
C:\Users\CurrentUserName\AppData\Roaming\*.a3x
C:\Users\CurrentUserName\AppData\Roaming\*.ahk
C:\Users\CurrentUserName\AppData\Roaming\*.au3
C:\Users\CurrentUserName\AppData\Roaming\*.bat
C:\Users\CurrentUserName\AppData\Roaming\*.cab
C:\Users\CurrentUserName\AppData\Roaming\*.cmd
C:\Users\CurrentUserName\AppData\Roaming\*.com
C:\Users\CurrentUserName\AppData\Roaming\*.dll
C:\Users\CurrentUserName\AppData\Roaming\*.exe
C:\Users\CurrentUserName\AppData\Roaming\*.hta
C:\Users\CurrentUserName\AppData\Roaming\*.jar
C:\Users\CurrentUserName\AppData\Roaming\*.js
C:\Users\CurrentUserName\AppData\Roaming\*.jse
C:\Users\CurrentUserName\AppData\Roaming\*.lnk
C:\Users\CurrentUserName\AppData\Roaming\*.pif
C:\Users\CurrentUserName\AppData\Roaming\*.ps1
C:\Users\CurrentUserName\AppData\Roaming\*.py
C:\Users\CurrentUserName\AppData\Roaming\*.pyc
C:\Users\CurrentUserName\AppData\Roaming\*.pyd
C:\Users\CurrentUserName\AppData\Roaming\*.scr
C:\Users\CurrentUserName\AppData\Roaming\*.tmp
C:\Users\CurrentUserName\AppData\Roaming\*.vbe
C:\Users\CurrentUserName\AppData\Roaming\*.vbs
C:\Users\CurrentUserName\AppData\Roaming\*.wsf
C:\Users\CurrentUserName\AppData\Roaming\*.wsh
C:\Users\CurrentUserName\AppData\Roaming\*.zip
C:\Users\CurrentUserName\AppData\Roaming\*.rar
C:\Users\CurrentUserName\AppData\Roaming\*.7z
Comment: Force policy removal
C:\Windows\System32\GroupPolicyUsers
C:\Windows\System32\GroupPolicy
Comment: System repair commands
CMD: DISM.exe /Online /Cleanup-image /Restorehealth
CMD: SFC.exe /scannow
Comment: Network reset commands
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
Comment: Additional temp file removal
C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.