Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-03-2021 Ran by aemtp (04-04-2021 18:21:49) Running from C:\Users\aemtp\Desktop\virus scan Windows 10 Home Version 20H2 19042.867 (X64) (2020-09-01 01:16:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2352705691-491874430-4063245790-500 - Administrator - Disabled) aemtp (S-1-5-21-2352705691-491874430-4063245790-1001 - Administrator - Enabled) => C:\Users\aemtp DefaultAccount (S-1-5-21-2352705691-491874430-4063245790-503 - Limited - Disabled) Guest (S-1-5-21-2352705691-491874430-4063245790-501 - Limited - Disabled) PK (S-1-5-21-2352705691-491874430-4063245790-1004 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2352705691-491874430-4063245790-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.20.0709.1 - GIGABYTE) Hidden @BIOS (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 4.20.0709.1 - GIGABYTE) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.) APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.21.0317.1 - GIGABYTE) Hidden APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.21.0317.1 - GIGABYTE) AtHomeVideoStreamer Version 5.0.2 (HKLM-x32\...\{B659A0AE-7339-41DF-A7BA-81EBEBF91321}_is1) (Version: - iChano Inc.) Backup and Sync from Google (HKLM\...\{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 - Google, Inc.) Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden BlueJeans (HKLM\...\{91090BE0-876F-4D5F-8AE0-5D155D087FAF}) (Version: 2.26.149 - BlueJeans Network, Inc.) Hidden BlueJeans (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\{58a12374-899f-4012-a8a8-50b3cef2d47d}) (Version: 2.26.149 - BlueJeans Network, Inc.) BlueStacks (64-bit) (HKLM\...\BlueStacks_bgp64) (Version: 4.280.3.4001 - BlueStack Systems, Inc.) BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.280.0.1022 - BlueStack Systems, Inc.) Box (HKLM\...\{DEF3E751-1948-4C9B-B5FF-5E516F666EBA}) (Version: 2.20.136 - Box, Inc.) Brother BRAgent 1.38.0000 (HKLM-x32\...\{9390DEE7-32CF-4A2E-A47B-30270D624AA1}) (Version: 1.38.0000 - Brother Industries, Ltd.) BRPrintAuditor 3.0.7 (HKLM-x32\...\BRPrintAuditor 3.0.7) (Version: - ) BUSB (HKLM-x32\...\{0AADC50C-C4F8-49A7-8699-AFE46875CA67}) (Version: 1.16.1020.1 - GIGABYTE) Caesar 3 (HKLM-x32\...\1207658835_is1) (Version: 2.1.0.13 - GOG.com) Cisco Webex Meetings (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\ActiveTouchMeetingClient) (Version: 41.1.2 - Cisco Webex LLC) Cloud Station (Server) (HKLM-x32\...\{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 3.19.0529.1 - GIGABYTE) Hidden Cloud Station (Server) (HKLM-x32\...\InstallShield_{5D132D9D-2A99-48CF-9DCC-775DF6F31384}) (Version: 3.19.0529.1 - GIGABYTE) CPUID CPU-Z 1.95 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.95 - CPUID, Inc.) CPUID CPU-Z Aorus 1.87 (HKLM\...\CPUID CPU-Z Aorus_is1) (Version: 1.87 - CPUID, Inc.) CutePDF Writer (HKLM\...\CutePDF Writer Installation) (Version: 4.0 - Acro Software Inc.) CyberLink YouCam 9 (HKLM-x32\...\{689DAD27-0634-4e5d-B726-E951371AE338}) (Version: 9.1.1927.0 - CyberLink Corp.) Discord (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) Documentation Manager (HKLM\...\{3EF18AD4-8F08-42FE-B2A4-F2DDB1DFB5D0}) (Version: 21.50.1.1 - Intel Corporation) Hidden EasySettingBox (HKLM-x32\...\{7E750925-00C9-4B23-A1E8-BBFC0955CFD8}) (Version: 1.1.1 - Samsung) EasyTune (HKLM-x32\...\{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.21.0114.1 - GIGABYTE) Hidden EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.21.0114.1 - GIGABYTE) EasyTuneEngineService (HKLM-x32\...\{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.21.0202.1 - GIGABYTE) Hidden EasyTuneEngineService (HKLM-x32\...\InstallShield_{964575C3-5820-4642-A89A-754255B5EFE1}) (Version: 1.21.0202.1 - GIGABYTE) ECG Viewer Manager (HKLM-x32\...\{31372480-83E1-4A4F-BDF2-944B56E67852}) (Version: 5.2 - Creative) ENE_AIC_Marvell_HAL (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden ENE_AIC_Marvell_HAL (HKLM-x32\...\{887e18fb-6bc3-4cd4-b34e-32d9ff71bbae}) (Version: 1.0.7.0 - ENE TECHNOLOGY INC.) Hidden ENE_DRAM_RGB_AIO (HKLM\...\{1745D314-9077-46C9-8562-1C62BAE189B7}) (Version: 1.0.0.10 - Ene Tech.) Hidden ENE_DRAM_RGB_AIO (HKLM-x32\...\{52d1d7de-19c3-4f83-97bb-f9435dc84c5b}) (Version: 1.0.0.10 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.8.4 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{0f607f07-7957-4887-9d5e-be8efe9595a9}) (Version: 1.0.8.4 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden ENE_MousePad_HAL (HKLM-x32\...\{bf256b46-8ff7-48be-ab7f-5661e9a0651f}) (Version: 1.0.1.8 - ENE TECHNOLOGY INC.) Hidden ENE_X_AIC_HAL (HKLM\...\{CF703694-01C6-4062-B797-84DB215662BC}) (Version: 1.0.3.1 - ENE TECHNOLOGY INC.) Hidden ENE_X_AIC_HAL (HKLM-x32\...\{33f042cf-0ae3-4241-b8c8-7f544533ea8e}) (Version: 1.0.3.1 - ENE TECHNOLOGY INC.) Hidden ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.3 - Seiko Epson Corporation) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation) EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) ezCheckPersonal (HKLM-x32\...\{AD94208C-8CEF-4C73-8560-40A1CFEA2F3D}) (Version: 4.0.4 - Halfpricesoft) ezCheckPrinting (HKLM-x32\...\{F24C4580-BBA4-4418-9AB0-D8ADB985D1FA}) (Version: 7.0.12 - Halfpricesoft) Fast Boot (HKLM-x32\...\{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.19.0226.1 - GIGABYTE) Hidden Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.19.0226.1 - GIGABYTE) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.) FreeVimager (HKLM-x32\...\FreeVimager) (Version: 9.9.5 - Contaware.com) Game Boost (HKLM-x32\...\{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte) Hidden Game Boost (HKLM-x32\...\InstallShield_{644B5310-D2AA-42A8-9F3B-7B92C856C8D7}) (Version: 1.00.0007 - Gigabyte) Gigabyte Speed v10.50 (HKLM\...\Gigabyte Speed) (Version: 10.50 - cFos Software GmbH, Bonn) GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC) Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 46.0.3.0 - Google LLC) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.) GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.) Grammarly (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\GrammarlyForWindows) (Version: 1.5.58 - Grammarly) GService (HKLM-x32\...\{D9CB4282-7B2A-4840-AD1D-9DA72B973DD9}) (Version: 1.19.0624.1 - GIGABYTE) Intel(R) Extreme Tuning Utility (HKLM-x32\...\{0e9f5d6d-2200-4a15-98fc-9bdf36186e16}) (Version: 6.5.0.45 - Intel Corporation) Intel(R) Network Connections 25.4.0.6 (HKLM\...\PROSetDX) (Version: 25.4.0.6 - Intel) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{97e1a863-427f-481e-b259-b691eb7b45cd}) (Version: 21.0.1 - Intel Corporation) Intel® Software Installer (HKLM-x32\...\{80b1fe4e-d0bb-443d-9235-8154a58cb4e6}) (Version: 21.50.1.1 - Intel Corporation) Hidden Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains) Logitech Alert Commander (HKLM-x32\...\{9C815CCE-8A56-4C1E-A3CA-D1BA519882BC}) (Version: 3.5.97 - Logitech) Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.12.8.0 - Logitech Europe S.A.) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) ManyCam 7.8.3 (HKLM-x32\...\ManyCam) (Version: 7.8.3 - Visicom Media Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.68 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3994d355-238a-4612-af93-26d13deddef1}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility) Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) Mozilla Firefox 86.0 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0 (x64 en-US)) (Version: 86.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 86.0 - Mozilla) MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD) MSI Kombustor 4.1.2.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Graphics Driver 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) ON_OFF Charge 2 B18.1203.1 (HKLM-x32\...\{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 - GIGABYTE) Hidden ON_OFF Charge 2 B18.1203.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.18.1203.1 - GIGABYTE) OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation) Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.04 - Patriot Memory) Hidden Patriot Viper M2 SSD RGB (HKLM-x32\...\{ebb7013c-0b03-497c-bed1-1e48e806a593}) (Version: 1.00.04 - Patriot Memory) Pharaoh Gold (HKLM-x32\...\1207659046_is1) (Version: 2.1.0.15 - GOG.com) Plarium Play (HKLM-x32\...\{19DBC3EA-22E7-4D19-87D7-9BC9DFCAE195}) (Version: 5.1.0 - Plarium) Hidden Plarium Play (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\{cb819049-f133-4eaf-8c26-5c61343c6d9e}) (Version: 5.1.0 - Plarium) Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc) RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.21.0310.1 - GIGABYTE) RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) save2pc Light 4.35 (HKLM-x32\...\save2pc Light_is1) (Version: - FDRLab) SGX Install (HKLM-x32\...\{3EC52501-2CDF-46D9-AA54-9205C96A5EFE}) (Version: 2.2.104.49337 - GIGABYTE) Sigma Enterprise (HKLM-x32\...\Sigma Enterprise;Sigma Enterprise) (Version: 7.1.1.11905 - Sigma Estimates) SIV (HKLM-x32\...\{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0129.1 - GIGABYTE) Hidden SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.21.0129.1 - GIGABYTE) Smart Backup (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 3.18.0911.1 - GIGABYTE) SmartKeyboard (HKLM-x32\...\{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.00.0000 - GIGABYTE) Hidden SmartKeyboard (HKLM-x32\...\InstallShield_{75B74C36-A9C6-4912-B4BB-C461AA36D01E}) (Version: 1.00.0000 - GIGABYTE) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.16.8 - TeamViewer) thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc) TinyTake (HKLM-x32\...\{F1C91E4C-E369-4172-AF9C-9412E286D755}) (Version: 5.2.19.0 - MangoApps) Hidden TinyTake by MangoApps (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\{8a503f91-e87e-44e7-b91c-b7aa0def2fc5}) (Version: 5.2.19.0 - MangoApps) TinyTake Filter 1.0.0 (HKLM\...\TinyTake Filter_is1) (Version: 1.0.0 - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) WhatsApp (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\WhatsApp) (Version: 2.2106.16 - WhatsApp) YouCam 9.0 (HKLM-x32\...\{689DAD27-0634-4e5d-B726-E951371AE338}_is1) (Version: 9.0 - CyberLink) Hidden Zoom (HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\ZoomUMX) (Version: 5.6.0 (589) - Zoom Video Communications, Inc.) Packages: ========= Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.55.4.0_x86__kgqvnymyfvs32 [2021-03-27] (king.com) Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.56.4.0_x86__kgqvnymyfvs32 [2021-04-01] (king.com) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-03-30] (Microsoft Studios) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-22] (NVIDIA Corp.) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-28] (Adobe Systems Incorporated) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.9.210.0_x64__dt26b99r8h8gj [2020-06-19] (Realtek Semiconductor Corp) Undersea Life -> C:\Program Files\WindowsApps\Microsoft.UnderseaLife_1.0.0.0_neutral__8wekyb3d8bbwe [2019-12-02] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2352705691-491874430-4063245790-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\aemtp\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-2352705691-491874430-4063245790-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\aemtp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2352705691-491874430-4063245790-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\aemtp\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.) CustomCLSID: HKU\S-1-5-21-2352705691-491874430-4063245790-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\aemtp\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {4622318C-A9BB-4D2C-898C-10A9656A2B11} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.) SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {4622318C-A9BB-4D2C-898C-10A9656A2B11} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.) ShellServiceObjects: Virtual Storage Mount Notification -> {4622318C-A9BB-4D2C-898C-10A9656A2B11} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.) ShellServiceObjects-x32: Virtual Storage Mount Notification -> {4622318C-A9BB-4D2C-898C-10A9656A2B11} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2019-10-07] (Callback Technologies, Inc. -> Callback Technologies, Inc.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\46.0.3.0\drivefsext.dll [2021-02-22] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\46.0.3.0\drivefsext.dll [2021-02-22] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\46.0.3.0\drivefsext.dll [2021-02-22] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\46.0.3.0\drivefsext.dll [2021-02-22] (Google LLC -> Google, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-03-12] (Google LLC -> Google) ShellIconOverlayIdentifiers-x32: [ BoxAvailableOffline] -> {8D0A4E1B-C25A-4AF8-8DA7-531929C02958} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers-x32: [ BoxLocked] -> {1B927815-D431-48B1-A746-6FF91FB35431} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers-x32: [ BoxLockedByOther] -> {73C8BC94-4A51-413B-B927-829449EAFA75} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers-x32: [ BoxProblem] -> {8BBBCFB6-60E2-4C0F-BB31-10434068E2BE} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers-x32: [ BoxSynced] -> {04B9BDFA-0C53-4F36-A77F-51F53E3EF3EC} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ShellIconOverlayIdentifiers-x32: [ BoxSyncing] -> {2FFF193C-5891-4B26-B363-40D3B5257FE9} => C:\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll [2021-01-13] (Box, Inc. -> Box, Inc.) ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\46.0.3.0\drivefsext.dll [2021-02-22] (Google LLC -> Google, Inc.) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-31] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\46.0.3.0\drivefsext.dll [2021-02-22] (Google LLC -> Google, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-03-12] (Google LLC -> Google) ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\46.0.3.0\drivefsext.dll [2021-02-22] (Google LLC -> Google, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_4f0927d2d65e905f\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => d:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-31] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [475936 2007-05-11] (Logitech Inc -> Logitech Inc.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [416544 2007-05-11] (Logitech Inc -> Logitech Inc.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\aemtp\Desktop\AEMTPAriEisenberg - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\aemtp\Desktop\Ari (yallanats) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4" ShortcutWithArgument: C:\Users\aemtp\Desktop\Hyman - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\aemtp\Desktop\Joe (arieisenbergtext) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5" ShortcutWithArgument: C:\Users\aemtp\Desktop\PGxRevolution - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\aemtp\Desktop\yalla - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3" ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\AirDroid Remote Control Plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=macmgoeeggnlnmpiojbcniblabkdjphe ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\award.flights AwardFinder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=dkmdpdpnihcmgndoolimdhfmljfpgnif ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TeamViewer (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 3" --app-id=oooiobdokpcfdlahlmcddobejikcmkfo ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TeamViewer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=oooiobdokpcfdlahlmcddobejikcmkfo ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Unlocker for WakeLockDetector.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=bgeplmmblegmdackkcemjkpngngocgjp ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ari (yallanats) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4" ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Hyman - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PGxRevolution - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\aemtp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yalla - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============= 2021-03-10 19:53 - 2021-03-10 19:53 - 001868288 _____ () [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\BDR_info.dll 2014-04-07 10:31 - 2014-04-07 10:31 - 000172032 _____ () [File not signed] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2021-03-25 15:27 - 2020-10-07 17:33 - 099684864 _____ () [File not signed] C:\ProgramData\BlueStacks_bgp64\CefData\libcef.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000114176 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_ctypes.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000172544 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_elementtree.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 002255872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_hashlib.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000032256 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_multiprocessing.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000046080 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_psutil_windows.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000047616 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_socket.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 002824704 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_ssl.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000026112 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\_yappi.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000080896 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\bz2.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000015872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\common.time34.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000007680 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\hashobjs_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000301568 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\PIL._imaging.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000168448 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\pyexpat.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001084416 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\pysqlite2._sqlite.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000548864 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\pythoncom27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000137728 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\pywintypes27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000010752 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\select.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000020992 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\thumbnails_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000689664 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\unicodedata.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000119808 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\usb_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000128512 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32api.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000438784 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32com.shell.shell.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000011776 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32crypt.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000023040 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32event.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000149504 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32file.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000223232 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32gui.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000048128 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32inet.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000029696 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32pdh.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000027648 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32pipe.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000044032 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32process.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000020480 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32profile.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000136192 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32security.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000026624 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\win32ts.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000034304 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\windows.conditional.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000037888 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\windows.connectivity.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000071680 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\windows.device_monitor.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000103936 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\windows.volumes.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000019968 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\windows.winwrap.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001325056 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wx._controls_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001489408 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wx._core_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001007104 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wx._gdi_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000103424 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wx._html2.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000916992 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wx._misc_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001039872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wx._windows_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000114176 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_ctypes.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000172544 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_elementtree.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 002255872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_hashlib.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000032256 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_multiprocessing.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000046080 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_psutil_windows.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000047616 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_socket.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 002824704 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_ssl.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000026112 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\_yappi.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000080896 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\bz2.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000015872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\common.time34.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000007680 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\hashobjs_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000301568 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\PIL._imaging.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000168448 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\pyexpat.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001084416 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\pysqlite2._sqlite.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000548864 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\pythoncom27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000137728 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\pywintypes27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000010752 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\select.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000020992 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\thumbnails_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000689664 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\unicodedata.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000119808 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\usb_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000128512 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32api.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000438784 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32com.shell.shell.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000011776 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32crypt.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000023040 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32event.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000149504 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32file.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000223232 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32gui.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000048128 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32inet.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000029696 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32pdh.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000027648 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32pipe.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000044032 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32process.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000020480 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32profile.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000136192 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32security.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000026624 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\win32ts.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000034304 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\windows.conditional.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000037888 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\windows.connectivity.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000071680 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\windows.device_monitor.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000103936 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\windows.volumes.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000019968 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\windows.winwrap.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001325056 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wx._controls_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001489408 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wx._core_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001007104 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wx._gdi_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000103424 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wx._html2.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000916992 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wx._misc_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001039872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wx._windows_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000114176 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_ctypes.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000172544 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_elementtree.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 002255872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_hashlib.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000032256 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_multiprocessing.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000046080 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_psutil_windows.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000047616 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_socket.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 002824704 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_ssl.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000026112 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\_yappi.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000080896 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\bz2.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000015872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\common.time34.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000007680 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\hashobjs_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000301568 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\PIL._imaging.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000168448 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\pyexpat.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001084416 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\pysqlite2._sqlite.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000548864 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\pythoncom27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000137728 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\pywintypes27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000010752 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\select.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000020992 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\thumbnails_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000689664 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\unicodedata.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000119808 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\usb_ext.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000128512 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32api.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000438784 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32com.shell.shell.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000011776 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32crypt.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000023040 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32event.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000149504 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32file.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000223232 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32gui.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000048128 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32inet.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000029696 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32pdh.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000027648 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32pipe.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000044032 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32process.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000020480 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32profile.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000136192 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32security.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000026624 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\win32ts.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000034304 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\windows.conditional.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000037888 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\windows.connectivity.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000071680 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\windows.device_monitor.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000103936 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\windows.volumes.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000019968 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\windows.winwrap.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001325056 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wx._controls_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001489408 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wx._core_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001007104 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wx._gdi_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000103424 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wx._html2.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 000916992 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wx._misc_.pyd 2021-04-03 17:17 - 2021-04-03 17:17 - 001039872 _____ () [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wx._windows_.pyd 2020-07-30 16:16 - 2017-04-15 14:39 - 000070144 _____ () [File not signed] d:\Program Files\TinyTake Filter\screen-capture-recorder-x64.dll 2019-04-15 16:24 - 2019-04-15 16:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\yccV2.dll 2019-04-15 17:24 - 2019-04-15 17:24 - 000155648 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed] C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\yccV2.dll 2006-10-26 14:40 - 2006-10-26 14:40 - 000192512 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll 2020-08-31 21:03 - 2020-08-31 21:03 - 001101824 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL 2020-08-31 21:03 - 2020-08-31 21:03 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL 2021-04-03 17:17 - 2021-04-03 17:17 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\python27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\python27.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\python27.dll 2021-01-23 16:48 - 2020-02-10 18:11 - 000018432 _____ (Samsung Electronics Pvt Ltd.) [File not signed] C:\Program Files (x86)\Samsung\EasySettingBox\StringLoader.dll 2021-01-23 16:48 - 2020-02-10 18:11 - 000058368 _____ (Samsung Electronics Pvt Ltd.) [File not signed] C:\Program Files (x86)\Samsung\EasySettingBox\XMLParser.dll 2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ESPSUTL.dll 2011-04-14 09:25 - 2011-04-14 09:25 - 000206336 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnCom10.dll 2011-04-14 09:25 - 2011-04-14 09:25 - 000082944 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnEps25.dll 2011-04-14 09:25 - 2011-04-14 09:25 - 000055808 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScnMgr10.dll 2012-02-09 12:53 - 2012-02-09 12:53 - 000110080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll 2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll 2011-04-14 09:16 - 2011-04-14 09:16 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\ScanEngine30.dll 2021-03-16 11:22 - 2011-08-30 13:38 - 000558080 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll 2021-03-16 11:22 - 2011-08-01 18:24 - 000250880 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enpres.dll 2021-03-16 11:22 - 2013-12-23 12:00 - 000040448 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXGI09A.DLL 2021-03-16 11:22 - 2013-12-23 12:00 - 000181760 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXMI09A.dll 2021-03-16 11:22 - 2013-12-23 12:00 - 000235008 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EFXUI09A.DLL 2021-03-25 15:27 - 2020-10-07 17:33 - 000564736 _____ (The Chromium Authors) [File not signed] C:\ProgramData\BlueStacks_bgp64\CefData\chrome_elf.dll 2015-10-14 01:15 - 2015-10-14 01:15 - 002042368 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\osvi.dll 2020-12-16 11:08 - 2020-12-16 11:08 - 002001920 _____ (TODO: ) [File not signed] C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GbtNvGpuLib.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wxbase30u_net_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wxbase30u_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wxmsw30u_adv_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wxmsw30u_core_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wxmsw30u_html_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI148642\wxmsw30u_webview_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wxbase30u_net_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wxbase30u_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wxmsw30u_adv_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wxmsw30u_core_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wxmsw30u_html_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI164242\wxmsw30u_webview_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wxbase30u_net_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wxbase30u_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wxmsw30u_adv_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wxmsw30u_core_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wxmsw30u_html_vc90_x64.dll 2021-04-03 17:17 - 2021-04-03 17:17 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\aemtp\AppData\Local\Temp\_MEI235562\wxmsw30u_webview_vc90_x64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-12-02] (Google Inc -> Google Inc.) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) BHO-x32: No Name -> {4622318C-A9BB-4D2C-898C-10A9656A2B11}' -> No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-12-02] (Google Inc -> Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2019-12-02] (Google Inc -> Google Inc.) Toolbar: HKLM - Smart Backup - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2019-12-02] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-19 00:49 - 2019-03-19 00:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2352705691-491874430-4063245790-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\aemtp\AppData\Local\Microsoft\Windows\Themes\Undersea\DesktopBackground\05_gettyimages_57577177_super_resized.jpg DNS Servers: 192.168.10.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. Network Binding: ============= Wi-Fi: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled) Ethernet: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled) Ethernet 2: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run32: => "GrooveMonitor" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "FUFAXRCV" HKLM\...\StartupApproved\Run32: => "FUFAXSTM" HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\StartupApproved\Run: => "BlueJeans.Detector" HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon" HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-2352705691-491874430-4063245790-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F5296798-5D48-45E1-991A-4053A4AA0211}] => (Allow) LPort=9009 FirewallRules: [UDP Query User{9A0BD692-CF26-4A51-BCF2-638E7768690B}C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe] => (Allow) C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe (iChano Incoporation.) [File not signed] FirewallRules: [TCP Query User{13EA493F-572F-43AA-ADAA-2479DB4A1665}C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe] => (Allow) C:\program files (x86)\athomevideostreamer\athomevideostreamer.exe (iChano Incoporation.) [File not signed] FirewallRules: [{9261E93D-13EA-4B36-9F2A-60F8B9385742}] => (Allow) C:\Program Files (x86)\Brother\BRPrintAuditor\auditormailer.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.) FirewallRules: [{03C69AE3-3D80-454F-A1CA-09F25BC80A1C}] => (Allow) C:\Program Files (x86)\Brother\BRPrintAuditor\BRAgtSrv.exe (Brother Industries, Ltd. -> ) FirewallRules: [{B2E8C4BB-3822-44C3-9334-9B04F02772EE}] => (Allow) C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe (Brother Industries, Ltd. -> ) FirewallRules: [{71D46077-9B14-4FD4-9EA6-ADF713B31C7C}] => (Allow) LPort=9009 FirewallRules: [{82DBCC19-08FD-484E-BDB4-CCA845BD3566}] => (Allow) LPort=9009 FirewallRules: [{D660D418-677A-45EB-AC04-E0EF27A9C6E9}] => (Allow) LPort=9009 FirewallRules: [{CA561CE2-CC50-4CC8-9D87-586BA6BFA879}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{1864B296-655D-464E-97A6-E8DAB509AD91}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{DA9573E7-BAC6-4C86-AA42-FCF5A027F89B}] => (Allow) LPort=9009 FirewallRules: [{D4691635-2398-43B2-9DCD-31226EABAD6A}] => (Allow) LPort=9009 FirewallRules: [{0EB2CF0F-D85A-494B-8F7E-406E94CE9102}] => (Allow) C:\Users\aemtp\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{5FDEBC1D-09EA-4FC3-BFF6-85D759C1EC1B}] => (Allow) C:\Users\aemtp\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{D2053B39-7AED-4F97-9085-045186337DD8}] => (Allow) LPort=9009 FirewallRules: [{20470631-577E-428A-BD19-F537D4081ED5}] => (Allow) LPort=9009 FirewallRules: [{D0B5A8A5-26C4-4315-9228-9A6DAD7974AD}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{4FF80D00-CD27-41CE-907D-8389BD036762}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{ACEF1574-FAE6-4C2F-A39E-6DB3C4997E43}] => (Allow) LPort=9009 FirewallRules: [{1E2A5C82-6FA6-49C1-BE5A-05AC6C6ACF9F}] => (Allow) LPort=9009 FirewallRules: [{F73669CD-497B-4911-BAA5-D2883985DB5A}] => (Allow) LPort=9009 FirewallRules: [{927BB19B-E306-4D57-AD9A-A395C95F616D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{09E7FE1D-987E-490F-8510-D0BDB1202640}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5BA0C970-F736-4108-A50D-2402D58801F9}] => (Allow) LPort=9009 FirewallRules: [{24723913-30AB-40A0-852D-92CB314D1543}] => (Allow) LPort=9009 FirewallRules: [{F116638C-878C-4C0E-9F3C-ED9FE411052A}] => (Allow) LPort=9009 FirewallRules: [{EA5E6434-EBAA-4EBE-9CEE-EE6811910418}] => (Allow) LPort=9009 FirewallRules: [{6496DCB6-2358-4007-BDD4-8E9CBC6027D4}] => (Allow) LPort=9009 FirewallRules: [{A73617B6-BF1B-4F0A-B9ED-D78CFF6515E1}] => (Allow) LPort=9009 FirewallRules: [{40B0A840-5D7D-403F-99B5-697FE296D19C}] => (Allow) LPort=9009 FirewallRules: [{15C67D02-7F7B-4292-8D81-C1E55C27B88A}] => (Allow) LPort=9009 FirewallRules: [{84F214C9-A89D-4C32-B69A-A36BAE12EBFB}] => (Allow) LPort=9009 FirewallRules: [{6F213846-1238-4ED9-8E75-4C8353A9E79D}] => (Allow) LPort=9009 FirewallRules: [{F8A59F98-937C-403B-8C3A-5E03513213AE}] => (Allow) LPort=9009 FirewallRules: [{487CDEA8-7200-4CD7-92C9-A204143D5573}] => (Allow) LPort=9009 FirewallRules: [{FAF7BD67-EAE9-47ED-9F28-527DCEE72A61}] => (Allow) LPort=9009 FirewallRules: [{09F826B4-F611-4302-8555-DA413F7B7ABF}] => (Allow) LPort=9009 FirewallRules: [{7CA41E29-74C8-4199-8CF6-E8097C62430B}] => (Allow) LPort=9009 FirewallRules: [{8EB1D672-867E-45DF-8ABA-B943F45CBFC4}] => (Allow) LPort=9009 FirewallRules: [{1BD74A8A-6702-4AF9-A3AD-4431E04F94B9}] => (Allow) LPort=9009 FirewallRules: [{909102C9-D95A-42EE-AF11-669F4639915B}] => (Allow) LPort=9009 FirewallRules: [{AA026EAF-0EB4-4274-8A6F-F04439CC9261}] => (Allow) LPort=9009 FirewallRules: [{B8AA03BC-92BC-4C2C-9A6D-153E9BBA3871}] => (Allow) LPort=9009 FirewallRules: [{0A03CAB5-90CE-48CE-BA8A-9E0504414FD7}] => (Allow) LPort=9009 FirewallRules: [{710C94A2-546A-459D-B00D-FBA4C18E95E9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [{39AECB0A-5019-4E6A-AF83-E905B54722B4}] => (Allow) LPort=9009 FirewallRules: [{4908FC89-0925-4257-9B46-9F590E9F60B3}] => (Allow) LPort=9009 FirewallRules: [{B721F582-88E4-41DA-AB5A-74B226475A86}] => (Allow) LPort=9009 FirewallRules: [{92C28F3A-F926-45B6-891E-A8815E6581F2}] => (Allow) LPort=9009 FirewallRules: [{29DADF78-B86A-40AB-B8E5-499C069FAEF4}] => (Allow) LPort=9009 FirewallRules: [{F2725F47-95F1-4173-B090-BF0B1AB18CDD}] => (Allow) LPort=9009 FirewallRules: [{4A021658-3F89-45D9-B881-308320FBE25D}] => (Allow) LPort=9009 FirewallRules: [{92D84D49-E1D4-458C-8CBD-D67C1BAFC1BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{A5E2AE9E-C454-4B62-9326-78D8EAE3C9A6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{CBA9E9CF-EFFA-4751-AFE7-8D5205CD2BEF}] => (Allow) LPort=9009 FirewallRules: [{10584343-D97C-4EC2-A04E-D33E820057BC}] => (Allow) LPort=9009 FirewallRules: [UDP Query User{F321DC53-C5A9-48B7-8C51-0E780F4789E7}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) FirewallRules: [TCP Query User{B4E7591C-E9DE-4258-A758-F6EA21A7A030}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) FirewallRules: [{B45376E0-ED22-4C0A-8BB5-96144163F7CB}] => (Allow) LPort=9009 FirewallRules: [{D683F5DF-0EB5-439E-867E-33031734EDB7}] => (Allow) LPort=9009 FirewallRules: [{6D6B0117-5945-458A-80F3-089E62E10653}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{830B7B79-1604-4FBE-A17A-FA3756D5BB58}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{D1ECB163-F0B1-4518-BFCD-29148720BCCD}] => (Allow) LPort=9009 FirewallRules: [{C04C33D5-E55D-46C7-972B-93FF26DBC9DA}] => (Allow) LPort=9009 FirewallRules: [{44374CBC-2205-4CB7-89C5-3431BCC88944}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{FD2E11B5-3CD1-44A9-A1B0-7F16BD7E63EA}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{5C4A309E-947C-40F2-A81D-F1B71799FCE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{5D5B9A36-AB6D-4046-A47E-8E687528C73C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C84CC10C-3189-4F58-B896-417A4C760264}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EF046545-081B-4F7C-835F-9FEA6D283152}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{EC951A73-4E5F-4E4F-8268-38122AE7F533}] => (Allow) LPort=9009 FirewallRules: [{EF03F8FC-B115-4943-8C9E-5ABD341A49D4}] => (Allow) LPort=9009 FirewallRules: [{635BA454-318F-4454-A562-CB97668D2D19}] => (Allow) LPort=9009 FirewallRules: [{F43CF9CD-65DF-4BD1-9CB0-79F8E3AA7853}] => (Allow) LPort=9009 FirewallRules: [{B5707066-2EC0-4A99-B29A-C25375E018BE}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{856417FD-2920-45B7-A6FB-759C4CDC8A9B}C:\users\aemtp\appdata\local\bluejeans\current\bluejeans.exe] => (Allow) C:\users\aemtp\appdata\local\bluejeans\current\bluejeans.exe (Blue Jeans Network, Inc. -> BlueJeans) FirewallRules: [UDP Query User{EF101BD0-C744-4971-8A10-12D3E7E96EB2}C:\users\aemtp\appdata\local\bluejeans\current\bluejeans.exe] => (Allow) C:\users\aemtp\appdata\local\bluejeans\current\bluejeans.exe (Blue Jeans Network, Inc. -> BlueJeans) FirewallRules: [TCP Query User{F35F964B-CF1D-4C5B-A5D7-73C140DB54C5}C:\users\aemtp\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aemtp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{BA9180F5-8456-449A-BDA7-1E277D89BC3E}C:\users\aemtp\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\aemtp\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BDC62791-DB12-4FF0-9DEC-81FD1CB22FD0}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{CB833C48-F909-4D8E-A246-B6691984A875}C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe] => (Allow) C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe (Logitech, Inc. -> Logitech) FirewallRules: [UDP Query User{C2C9009E-B82F-4E5F-B5DE-C0ADB465B4D7}C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe] => (Allow) C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe (Logitech, Inc. -> Logitech) FirewallRules: [{F9E2ECB5-64CB-4839-A4E9-1553D3D2BD26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{03A344E5-93DB-450C-BA20-AAF071DC48F1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{73405870-3253-4C61-A13A-70D15C3E22B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{752885E8-CD5C-45C0-AA74-22BB1E97DD01}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B6264D5D-C7D3-4E28-A226-BB906BB19DFC}] => (Allow) LPort=9009 FirewallRules: [{3753475C-4BF0-4527-897F-11FED4544F50}] => (Allow) LPort=9009 FirewallRules: [{E3FC40B3-4CFB-46C2-8379-84B630DFEDE8}] => (Allow) LPort=9009 FirewallRules: [{25A7ED8B-0214-4853-80F8-25391D25E9EE}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{32C8E491-6BD1-4E07-A0B5-37D54053625E}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.) FirewallRules: [UDP Query User{6F5DDD8A-01D8-40C2-8FCF-858504A4D5CC}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.) FirewallRules: [{B4600DB9-B82E-4178-9A08-030E46DB0594}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{0C08DF69-1953-438E-A10D-2A8F7E3D9D8A}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{DA34BA45-69F4-4A60-A964-4024381144B2}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{44231285-F464-44EC-8685-3F65D8037E50}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.) FirewallRules: [UDP Query User{BF772EDF-2A9F-43B5-8951-F817176EC7E1}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.) FirewallRules: [{A4B19A84-B67F-48C7-840A-008FCB1AB935}] => (Allow) LPort=9009 FirewallRules: [{57E8227A-39FC-4D3B-99FA-45EA73EEA36A}] => (Allow) LPort=9009 FirewallRules: [{42FC9E7A-0DD7-4B8F-A4F0-0B0363AA8C34}] => (Allow) LPort=9009 FirewallRules: [{E1AA12D9-0250-419F-A9A1-84950974432F}] => (Allow) LPort=9009 FirewallRules: [{ADB321B6-3FE6-42E2-82AA-47EC939A3708}] => (Allow) LPort=9009 FirewallRules: [{096FD489-2916-45C8-9BA2-EC8618BCE6F3}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [{9F42A230-6839-4F2C-B1E5-124D1D1BA6AD}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [{BDBF3FE0-9131-4C96-B51B-8D7E34142501}] => (Allow) C:\Users\aemtp\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe => No File FirewallRules: [{FE5629A7-9D04-46D7-B40B-CFC4A25CC2A7}] => (Allow) C:\Users\aemtp\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe => No File FirewallRules: [{6AE8BD0F-1AF0-4830-9D98-E825098A6BDE}] => (Allow) LPort=9009 FirewallRules: [TCP Query User{66B07EAB-8DCD-4675-87AF-BDD7BEE8F023}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{FAD51F4E-C25E-4BF0-AF01-F5D9F5AD6F66}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) FirewallRules: [{F51F2B40-9A6D-4D78-8451-89CB09C2BCB0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F6591078-E20E-4A7D-B294-56E3CB6D8C2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E7E2459D-A0A1-4090-991F-EB8229FA021A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{543F5924-C2CE-4BE1-BFA7-EB10B5E3B236}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{C8F17221-9FC7-483D-956F-E681A728F268}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{E322C2D3-AED7-4281-84D3-AD930FA180E3}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{0963089F-F5C9-4AB4-AF99-83CB9E3F9E54}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{4561A8D6-31B8-495F-A427-CB840E11DFF6}] => (Allow) LPort=9009 FirewallRules: [{22F3A7DF-32BE-4DEE-98F5-B79181F41FE6}] => (Allow) C:\Program Files\BlueStacks_bgp64\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.) FirewallRules: [{2240CEC4-50DC-4B59-B8C6-A1F10EF7B414}] => (Allow) LPort=9009 FirewallRules: [{ACF2EB90-DE74-43DC-91F0-DD2B7E056C47}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\HomeCloud\HCLOUD.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) FirewallRules: [{671C79F9-271F-417C-8880-FFAADB308968}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteOC\ubssrv_oc_only.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{6F2B77C8-717A-4C89-BA89-BC014E53D752}] => (Allow) C:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteControl\grckm.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> ) FirewallRules: [{035F3630-5B29-4A31-8EE5-9340B8532F1A}] => (Allow) LPort=1980 FirewallRules: [{6C4D5B9C-253A-403B-AD47-D693C2F25343}] => (Allow) LPort=1900 FirewallRules: [{F6502D24-A4A6-4011-A139-309BD06FAA58}] => (Allow) LPort=1900 FirewallRules: [{ACE79B94-0D9D-4010-B064-105963909724}] => (Allow) LPort=8000 ==================== Restore Points ========================= 16-03-2021 11:22:08 Installed EpsonNet Print 24-03-2021 11:11:56 Scheduled Checkpoint 31-03-2021 17:18:04 Scheduled Checkpoint 02-04-2021 11:52:19 AdwCleaner_BeforeCleaning_02/04/2021_11:52:19 03-04-2021 12:50:45 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============ Name: USB Mass Storage Device Description: USB Mass Storage Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Compatible USB storage device Service: USBSTOR Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ======================== Application errors: ================== Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service avgbIDSAgent since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service AVG Tools since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service AVG Antivirus since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary avgVmm. System Error: The system cannot find the file specified. . Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary avgSP. System Error: The system cannot find the file specified. . Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary avgSnx. System Error: The system cannot find the file specified. . Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary avgRvrt. System Error: The system cannot find the file specified. . Error: (04/03/2021 12:50:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary avgRdr. System Error: The system cannot find the file specified. . System errors: ============= Error: (04/04/2021 02:21:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (04/04/2021 02:21:08 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\aemtp\AppData\Local\Temp\ehdrv.sys Error: (04/04/2021 02:21:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (04/04/2021 02:21:07 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\aemtp\AppData\Local\Temp\ehdrv.sys Error: (04/04/2021 02:21:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (04/04/2021 02:21:07 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\aemtp\AppData\Local\Temp\ehdrv.sys Error: (04/04/2021 02:21:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: This driver has been blocked from loading Error: (04/04/2021 02:21:07 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\aemtp\AppData\Local\Temp\ehdrv.sys Windows Defender: ================ Date: 2021-04-03 13:09:53 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-03-29 11:56:55 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Date: 2021-03-29 11:50:48 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-03-28 02:48:24 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2021-03-28 02:24:36 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Quick Scan  CodeIntegrity: =============== Date: 2021-04-04 14:15:59 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\Installer\{92DDBC00-FAA7-47ED-826F-177C8AC33379}\ARPPRODUCTICON.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-04-03 17:18:54 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-04-03 17:16:58 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Intel\Wired Networking\NCS2\Agent\Coinstaller.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-04-03 02:49:33 Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Box\Box\BoxShellExtShim-2.20.136.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F30 09/15/2020 Motherboard: Gigabyte Technology Co., Ltd. X570 AORUS ELITE WIFI Processor: AMD Ryzen 7 3700X 8-Core Processor Percentage of memory in use: 73% Total physical RAM: 32714.05 MB Available physical RAM: 8653.01 MB Total Virtual: 93681.67 MB Available Virtual: 52324.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.31 GB) (Free:255.61 GB) NTFS Drive d: (SSD DATA) (Fixed) (Total:476.93 GB) (Free:422.27 GB) NTFS Drive e: (OS) (Fixed) (Total:213.15 GB) (Free:38.68 GB) NTFS ==>[system with boot components (obtained from drive)] Drive f: (OFFICE12) (CDROM) (Total:0.52 GB) (Free:0 GB) UDF Drive g: (Google Drive) (Fixed) (Total:15 GB) (Free:11.65 GB) FAT32 \\?\Volume{bd0bf495-d885-4af7-9996-97701d8602c4}\ (Recovery) (Fixed) (Total:25 GB) (Free:11.81 GB) NTFS \\?\Volume{f03b22ae-2d17-452a-b424-b33c6272f365}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS \\?\Volume{33f55c50-d46e-46cf-9db8-e99a5189e284}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.17 GB) FAT32 \\?\Volume{1949a8c1-7177-428f-8dca-344012962f06}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 \\?\Volume{2b4370c7-4aa8-11eb-833b-0cdd246413aa}\ (Box) (Network) (Total:476.31 GB) (Free:255.61 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: FE50551B) Partition: GPT. ========================================================== Disk: 1 (Size: 476.9 GB) (Disk ID: 174B37A8) Partition 1: (Not Active) - (Size=476.9 GB) - (Type=0F Extended) ========================================================== Disk: 2 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================