Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020 Ran by kevin (19-12-2020 13:01:54) Running from D:\Desktop Windows 10 Home Version 20H2 19042.685 (X64) (2020-12-16 22:19:33) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1594935762-1857880304-426175554-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1594935762-1857880304-426175554-503 - Limited - Disabled) Guest (S-1-5-21-1594935762-1857880304-426175554-501 - Limited - Disabled) kevin (S-1-5-21-1594935762-1857880304-426175554-1001 - Administrator - Enabled) => C:\Users\kevin WDAGUtilityAccount (S-1-5-21-1594935762-1857880304-426175554-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C} FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.433 - Adobe) Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated) Adobe Photoshop Elements 2021 (HKLM-x32\...\PSE_19_0) (Version: 19.0 - Adobe Inc.) Adobe Premiere Pro CC 2019 (HKLM-x32\...\PPRO_13_0_1) (Version: 13.0.1 - Adobe Systems Incorporated) Adobe Spark (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\0912fe44b191ae5b4e461fcb229de8a1) (Version: 1.0 - Adobe Spark) AIDA64 Extreme v6.25 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 6.25 - FinalWire Ltd.) Amazon Kindle (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon) Amazon Music (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Amazon Music) (Version: 7.12.0.2203 - Amazon.com Services LLC) Amazon Photos (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Amazon Photos) (Version: 7.6.2 - Amazon.com, Inc.) Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.1.250 - Amazon) ANT Drivers Installer x64 (HKLM\...\{16BA964D-698D-4663-8FA7-B9613DA7958B}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.1.0 - philandro Software GmbH) AnyDesk MSI (HKLM-x32\...\{62853EBF-E9DD-4AA5-B20A-5A6C3DD74FF3}) (Version: 6.0.7 - philandro Software GmbH) Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment) Autodesk Fusion 360 (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.8609 - Autodesk, Inc.) AutoHotkey 1.1.33.02 (HKLM\...\AutoHotkey) (Version: 1.1.33.02 - Lexikos) Backup and Sync from Google (HKLM\...\{3A8CD593-8CF9-45B4-9932-FC41CBC14E15}) (Version: 3.53.3404.7585 - Google, Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) calibre 64bit (HKLM\...\{0185ADA8-A025-46A7-8A5C-7F5C2C000CC5}) (Version: 4.21.0 - Kovid Goyal) Canon CanoScan LiDE 120 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 120 On-screen Manual) (Version: 7.7.1 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.) Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.) CanoScan LiDE 120 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2415) (Version: 1.02 - Canon Inc.) Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 65.0.2.15 - COMODO) CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.7 - Ursa Minor Ltd) CORSAIR iCUE Software (HKLM-x32\...\{F59B42DC-B192-409E-A0B9-79BB6D37A5F5}) (Version: 3.34.170 - Corsair) CPUID HWMonitor 1.42 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.42 - CPUID, Inc.) Customer Support (HKLM-x32\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 1.0.0.0 - Lexmark International, Inc.) Disney+ _ Movies and Shows (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\b8fe3528afee2da2f3924cab8c6eeb69) (Version: 1.0 - Disney+ _ Movies and Shows) EaseUS Partition Master 13.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Elevated Installer (HKLM-x32\...\{877496C2-70B0-42F1-835A-FAFE2CF0199C}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden EU Waste Recycling Information (HKLM-x32\...\{42DF7152-0B7D-7917-4633-94E00C7BE684}) (Version: 1.0.0.0 - Lexmark International, Inc.) FastStone Photo Resizer 4.3 (HKLM-x32\...\FastStone Photo Resizer) (Version: 4.3 - FastStone Soft.) Fire Toolbox V9.1 version   (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{63274841-9C5F-4B30-B181-AECE757BB62C}_is1) (Version:   - Datastream) Garmin Express (HKLM-x32\...\{235f2ee5-7383-44df-a298-01221caa5532}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{E944FA32-8BCF-474F-BFB2-D1EF24555873}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC) Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden Information Center (HKLM-x32\...\{851828ED-8353-E017-70EE-BF284CE2B799}) (Version: 1.0.0.0 - Lexmark International, Inc.) Intel(R) Chipset Device Software (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel(R) Corporation) Hidden Intel® USB 3.1 Device Driver (HKLM\...\{7DFE2F7E-3154-45D6-A468-4725DE033AC8}) (Version: 15.2.30.250 - Intel Corporation) ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com) iTunes (HKLM\...\{79951B67-3DC8-45DF-A516-86F89DA95924}) (Version: 12.11.0.26 - Apple Inc.) JPEGminiPro (HKLM-x32\...\{562DB2AC-3EBD-4D8F-882C-DB19FECA7AE5}) (Version: 2.1.1.1 - Beamr Imaging Ltd) Killer Drivers (HKLM\...\{79D3BD20-5240-45E8-A367-2082C0DE299F}) (Version: 2.2.1460 - Rivet Networks) Lexmark Network Twain Scan Driver (HKLM-x32\...\{3376919A-5F1D-4383-4E76-11B5CDBA1069}) (Version: 1.21.169.0 - Lexmark International, Inc.) Lexmark Printer Software G4 HBP Print Driver (HKLM\...\{8882B0EE-907E-44AA-9756-BF0B3AF051FA}) (Version: 4.2.0.0 - Lexmark International, Inc.) Lexmark Printer Software G4 Scan Driver (HKLM\...\{A1229F7D-4CDB-6C36-09BB-017B230DB998}) (Version: 4.2.0.0 - Lexmark International, Inc.) Lexmark Status Center (HKLM-x32\...\{C81FE7E1-4FDF-43C6-ACB6-53CB40EA1B88}) (Version: 2.5.59.0 - Lexmark International, Inc.) Lexmark USB Bidi Solution (HKLM\...\{4C0B7166-C37D-434B-88A5-56D55F240448}) (Version: 1.3.64.0 - Lexmark International, Inc.) LG Mobile Driver (HKLM-x32\...\{3F490D0E-3131-438C-BCF9-7549CB88DF41}) (Version: 4.5.0 - LG Electronics) Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.) Messenger 81.6.118 (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 81.6.118 - Facebook, Inc.) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.60 - Microsoft Corporation) Microsoft Edge Beta (HKLM-x32\...\Microsoft Edge Beta) (Version: 88.0.705.22 - Microsoft Corporation) Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - ) Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.13426.20332 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) MSI Kombustor 4.1.7.0 (64-bit) (HKLM\...\{F3D3CC6B-9AD7-4F43-8C69-40D5902FDC5C}}_is1) (Version: - MSI / Geeks3D) mydlink services plugin (HKLM-x32\...\{1A9B665A-5F27-4F71-BF90-22FDFE7A1635}) (Version: 1.0.2.7 - D-Link Corporation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9 - Notepad++ Team) NoxPlayer (HKLM-x32\...\Nox) (Version: 6.6.1.5 - Duodian Technology Co. Ltd.) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation) NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation) NVIDIA Graphics Driver 457.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 457.30 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden Postbox 7.0.42 (x86 en-US) (HKLM-x32\...\Postbox 7.0.42 (x86 en-US)) (Version: 7.0.42 - Postbox, Inc.) PuTTY release 0.74 (64-bit) (HKLM\...\{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 - Simon Tatham) qBittorrent 4.2.3 (HKLM-x32\...\qBittorrent) (Version: 4.2.3 - The qBittorrent project) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.3.1 r3321 - Rainmeter) Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 9.12.1002.1309 - Razer Inc.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder) RoboForm 8-9-6-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-9-6-6 - Siber Systems) SecurityCenter (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC) Simplify3D Software (HKLM\...\Simplify3D Software 4.1.2) (Version: 4.1.2 - Simplify3D) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synology Drive Client (remove only) (HKLM\...\Synology Drive) (Version: 6.0.2.11078 - Synology, Inc.) TELUS Business Connect Phone (HKLM-x32\...\{75F75BA3-15FC-4F3D-A8EA-9B2A878768C2}) (Version: 20.4.0.41051 - TELUS) Thunderbolt™ Software (HKLM-x32\...\{D6676AF9-720E-428B-A51B-08FBD281D25F}) (Version: 17.2.71.250 - Intel Corporation) TNAS PC (HKLM-x32\...\{5726F42F-DEAE-49BA-86EA-05D58B38BD92}) (Version: 32.00.000 - Terra Master) Topaz Adjust AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{4942a4a6-f04c-4d0a-806f-fba8f7d0f444}) (Version: 1.0.0 - Topaz Labs, LLC) Topaz DeNoise AI (HKLM\...\Topaz DeNoise AI 2.2.2) (Version: 2.3.4 - Topaz Labs LLC) Topaz Gigapixel AI (HKLM\...\Topaz Gigapixel AI 4.9.3.2) (Version: 5.3.1 - Topaz Labs LLC) Topaz JPEG to RAW AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{9ee67d49-2018-4f64-bd14-c5fe15dfa3f7}) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Mask AI (HKLM\...\Topaz Mask AI 1.2.0) (Version: 1.3.3 - Topaz Labs LLC) Topaz Mask AI (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\{5e31f254-f4f2-4393-91ae-4efef050413e}) (Version: 0.0.0 - Topaz Labs, LLC) Topaz Sharpen AI (HKLM\...\Topaz Sharpen AI 2.0.5) (Version: 2.2.1 - Topaz Labs LLC) Topaz Studio 2 (HKLM\...\Topaz Studio 2 2.2.0) (Version: 2.3.1 - Topaz Labs LLC) TurboTax 2018 (HKLM-x32\...\{A44A24D7-CC5A-4C02-A702-F112B47089A9}) (Version: 1.00.0000 - Intuit Canada) TurboTax 2019 (HKLM-x32\...\{176AF9FD-3AF6-4C10-9F68-A3AA455B3D51}) (Version: 1.00.0000 - Intuit Canada) Vivaldi (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\Vivaldi) (Version: 3.4.2066.94 - Vivaldi Technologies AS.) WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.177 - McAfee, LLC) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23258 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Lexmark International Printer (01/29/2016 4.0.0.0) (HKLM\...\34DC397FE8B1BE8ED89856F5656D9FEAD70A7447) (Version: 01/29/2016 4.0.0.0 - Lexmark International) Windows Driver Package - Lexmark International Printer (01/29/2016 4.2.0.0) (HKLM\...\A9A8A66323C6477EA1EDA3DACDB6A4377E868B45) (Version: 01/29/2016 4.2.0.0 - Lexmark International) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ZOC Terminal 8.0 (64-bit) (HKLM\...\ZOC8) (Version: 8.01.2 - EmTec Innovative Software) Zoom (HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.) Zoom Outlook Plugin (HKLM-x32\...\{0B76DE11-5937-4491-A66A-617E42170AFF}) (Version: 5.4.58864 - Zoom) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2020-05-12] (Adobe Systems Incorporated) Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-05-06] (Amazon.com) Amazon Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.42.0_x64__pwbj9vvecjh7j [2020-12-16] (Amazon Development Centre (London) Ltd) Best Video Converter -> C:\Program Files\WindowsApps\22450.BestVideoConverter_2.5.17.0_x64__0aqw1zw0x2snt [2020-05-18] (韵华软件) [MS Ad] HEIC Image Viewer - Support Converter -> C:\Program Files\WindowsApps\35487uwpdeveloper.HEICImageConverterPro_2.12.45.0_x64__09s05jk6m8d1c [2020-07-28] (uwpdeveloper) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.2.0_neutral__8xx8rvfyw5nnt [2020-06-01] (Instagram) Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_830.5.128.0_x64__8xx8rvfyw5nnt [2020-12-17] (Facebook Inc) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-16] (Microsoft Corporation) [MS Ad] Microsoft Edge Beta -> C:\Program Files (x86)\Microsoft\Edge Beta\Application [2020-12-16] (0) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Studios) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-12-16] (NVIDIA Corp.) Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-30] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2020}\localserver32 -> C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2021}\localserver32 -> C:\Program Files\Adobe\Elements 2021 Organizer\Elements Auto Creations 2021.exe (Adobe Inc. -> Adobe) CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll () [File not signed] CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: ) [File not signed] CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: ) [File not signed] CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: ) [File not signed] CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: ) [File not signed] CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\kevin\AppData\Local\Vivaldi\Application\3.4.2066.94\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 -> C:\Users\kevin\AppData\Local\Autodesk\webdeploy\production\bc9c725a70f09cde6da1d8ccb49780b84d161bee\NPreview10.dll (Autodesk, Inc. -> ) CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll (TODO: ) [File not signed] CustomCLSID: HKU\S-1-5-21-1594935762-1857880304-426175554-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: ) [File not signed] ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: ) [File not signed] ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: ) [File not signed] ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: ) [File not signed] ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll [2020-12-12] (TODO: ) [File not signed] ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2020-11-03] (Google LLC -> Google) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-09-23] (Notepad++ -> ) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [STKContextMenu] -> {90DD7445-E924-4c6e-92AC-01F8C3A7E0C7} => C:\Program Files (x86)\Amazon\SendToKindle\stkContextMenu_250.dll [2020-04-20] (Amazon Services LLC -> Amazon.com, Inc.) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2020-11-03] (Google LLC -> Google) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5dcb5bbf5c3edcf2\nvshext.dll [2020-11-07] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1_S-1-5-21-1594935762-1857880304-426175554-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2020-12-12] () [File not signed] ContextMenuHandlers6_S-1-5-21-1594935762-1857880304-426175554-1001: [CloudStation.SyncFolderContextMenu] -> {2C4A5D61-009C-4561-9A33-6AFD542FD237} => C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll [2020-12-12] () [File not signed] ==================== Codecs (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed] HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\kevin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Microsoft Edge Beta.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ShortcutWithArgument: C:\Users\kevin\AppData\Local\Microsoft\Edge Beta\User Data\Default\Web Applications\_crx__mbjafbmjpcimpkkihihoideiofnoalmh\Disney+ _ Movies and Shows.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=mbjafbmjpcimpkkihihoideiofnoalmh ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Spark.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=biilbcfkfcjcppaoognbchpjbjihinil ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disney+ _ Movies and Shows.lnk -> C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=mbjafbmjpcimpkkihihoideiofnoalmh ShortcutWithArgument: C:\Users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb ==================== Loaded Modules (Whitelisted) ============= 2020-10-16 16:36 - 2020-10-16 16:36 - 000352256 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll 2020-10-16 16:04 - 2020-10-16 16:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll 2020-10-16 16:04 - 2020-10-16 16:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll 2020-10-16 16:03 - 2020-10-16 16:03 - 000537600 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll 2020-10-16 16:04 - 2020-10-16 16:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll 2020-10-16 16:03 - 2020-10-16 16:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll 2020-10-16 16:03 - 2020-10-16 16:03 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll 2020-11-28 06:06 - 2020-11-28 06:06 - 048966144 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\AdobePIE.dll 2020-11-28 06:05 - 2020-11-28 06:05 - 060800000 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_core410.dll 2020-11-28 06:05 - 2020-11-28 06:05 - 003119104 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_imgcodecs410.dll 2020-11-28 06:05 - 2020-11-28 06:05 - 045977600 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\opencv_imgproc410.dll 2020-11-28 06:05 - 2020-11-28 06:05 - 000283136 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\PhotoCreations.dll 2020-11-28 06:05 - 2020-11-28 06:05 - 000137728 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\ToastNotification.dll 2020-11-28 06:05 - 2020-11-28 06:05 - 017214464 _____ () [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\usd_win.dll 2016-06-06 09:33 - 2016-06-06 09:33 - 000268288 _____ () [File not signed] C:\Program Files\Lexmark\Bidi\LM__inpa.dll 2020-12-04 15:13 - 2020-12-04 15:13 - 000799744 _____ () [File not signed] C:\Users\kevin\AppData\Local\Amazon Drive\sqlite3.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000345600 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\fct-qt.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 021790171 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icudt53.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 003506395 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuin53.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 002223218 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\icuuc53.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000033280 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qgif.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000043008 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qicns.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000032768 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qico.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000507904 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjp2.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000239104 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qjpeg.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000430080 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\imageformats\qtiff.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000834555 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libcurl-4.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000121524 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libgcc_s_dw2-1.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 003331103 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libsqlite3-0.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 001547595 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libstdc++-6.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000691712 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\platforms\qwindows.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000156160 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\WinCFWrapper.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000124430 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\zlib1.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 001367552 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\ContextMenu.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000198144 _____ () [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\WinCFWrapper.dll 2020-11-28 06:05 - 2020-11-28 06:05 - 000446976 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\AdobeSVGAGM.dll 2020-11-28 06:04 - 2020-11-28 06:04 - 002861568 _____ (Apache Software Foundation) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\xerces.dll 2020-11-28 06:04 - 2020-11-28 06:04 - 051178496 _____ (Cognitec Systems GmbH) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\frsdk-9.4.0.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000028672 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Concurrent.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 004620288 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Core.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 003921408 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Gui.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 001448448 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Network.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 006133760 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\Qt5Widgets.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000065629 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\libwinpthread-1.dll 2020-12-04 15:13 - 2020-12-04 15:13 - 000125952 _____ (Robert Vazan) [File not signed] C:\Users\kevin\AppData\Local\Amazon Drive\crc32c.dll 2020-08-18 15:10 - 2020-08-18 15:10 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll 2020-11-28 06:04 - 2020-11-28 06:04 - 027534336 _____ (The ICU Project) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\icudt64.dll 2020-11-28 06:04 - 2020-11-28 06:04 - 002430976 _____ (The ICU Project) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\icuuc64.dll 2018-04-06 11:29 - 2018-04-06 11:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll 2018-04-06 11:29 - 2018-04-06 11:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Logitech Gaming Software\ssleay32.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 002781303 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\LIBEAY32.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 000809896 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\SSLEAY32.dll 2020-12-12 09:42 - 2020-12-12 09:42 - 002822144 _____ (TODO: ) [File not signed] C:\Users\kevin\AppData\Local\SynologyDrive\SynologyDrive.app\icon-overlay\22\x64\iconOverlay.dll 2020-11-28 06:04 - 2020-11-28 06:04 - 002957312 _____ (WinSoft S.A.) [File not signed] C:\Program Files\Adobe\Elements 2021 Organizer\WRServices.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-ca/?pc=UE01&ocid=UE01DHP BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-14] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Neverwinter\Arc\Plugins\ArcPluginIE.dll => No File BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2020-11-21] (Siber Systems -> Siber Systems Inc.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler-x32: intu-tt2018 - {c10cb859-8e11-44f1-833b-68a8e1ed7e1d} - C:\Program Files (x86)\TurboTax 2018\ic2018pp.dll [2019-05-15] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.) Handler-x32: intu-tt2019 - {F526FF07-B913-4B56-85DC-D7014178A5B4} - C:\Program Files (x86)\TurboTax 2019\ic2019pp.dll [2020-05-14] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-05] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\sharepoint.com -> hxxps://behrendsgroup-files.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-03-18 21:49 - 2020-04-20 12:19 - 000001996 _____ C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na1r.services.adobe.com na2m-pr.licenses.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1594935762-1857880304-426175554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kevin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg DNS Servers: 64.59.184.13 - 64.59.190.242 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AdobeUpdateService => 2 MSCONFIG\Services: AGMService => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IceDragonUpdater => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: ThunderboltService => 3 HKLM\...\StartupApproved\StartupFolder: => "AnyDesk MSI.lnk" HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Calendar Sync Pro.lnk" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "Amazon Music Helper" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "CCXProcess" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "GoogleDriveSync" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "LM___SCE" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1594935762-1857880304-426175554-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0E8D758D-4B8B-4277-BDFB-AA082D7BF743}] => (Allow) C:\WINDOWS\system32\winrmsrv.exe => No File FirewallRules: [{DEA994C0-1802-4E53-A889-95931CC7D915}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.22\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CA1F1338-D46D-4777-9524-BE106072938D}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\msedge.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{618FCA40-6972-42E8-98CE-75DE33F18AEF}C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe] => (Allow) C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe (RingCentral, Inc. -> TELUS) FirewallRules: [TCP Query User{6698E9F5-D2EA-4990-882B-8F296A5AD431}C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe] => (Allow) C:\users\kevin\appdata\local\telus\softphoneapp\softphone.exe (RingCentral, Inc. -> TELUS) FirewallRules: [UDP Query User{526A370E-F30B-4355-8ED7-D02204898172}C:\users\kevin\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\kevin\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.) FirewallRules: [TCP Query User{BF0ED3FA-3ECC-4DB7-8C77-3F06AF370AA1}C:\users\kevin\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\kevin\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.) FirewallRules: [{85254FBB-3432-454B-835E-877DD66BE4A3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{F6B2DC7A-A0C7-45EF-AC41-E4B6E4E93C04}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A6288DC8-D85C-41B4-BB59-DE3ABB80F96A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{444817FC-63ED-4842-8711-2C1161DADAFA}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\88.0.705.18\msedgewebview2.exe => No File FirewallRules: [{CC1A8B44-A93C-4AFC-9BFA-80AF85576E4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{B629EB14-FE97-46AE-8EAF-A26E2D192C96}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.57\msedgewebview2.exe => No File FirewallRules: [{8BEEDC1F-960B-464B-866E-6CB82261C411}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.55\msedgewebview2.exe => No File FirewallRules: [{5B6C23A8-D561-482F-8A9C-11792B81C507}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.52\msedgewebview2.exe => No File FirewallRules: [UDP Query User{E5B1BC38-A1A6-4975-A646-73649D3D5147}D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> ) FirewallRules: [TCP Query User{F3CF8D2E-8E28-4096-B1A0-408D2F22C88A}D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe] => (Allow) D:\neverwinter\neverwinter_en\neverwinter\live\x64\gameclient.exe (Cryptic Studios Inc. -> ) FirewallRules: [{A203527B-6235-4A55-B1A4-A689ADFC0AA0}] => (Allow) D:\SteamLibrary\steamapps\common\Marvels Avengers\avengers.exe (Crystal Dynamics, Inc.) [File not signed] FirewallRules: [{BBE3ED30-E518-461C-AE69-9F2B12B59849}] => (Allow) D:\SteamLibrary\steamapps\common\Marvels Avengers\avengers.exe (Crystal Dynamics, Inc.) [File not signed] FirewallRules: [{E52E36BF-DA11-48E3-8029-9A5615219715}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{755FA6E4-89DD-4C61-B7BD-5C2EEA9E700E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{6844A719-9460-4F2F-AF07-D8BD4CA9182C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{B9A40349-2894-48D7-9BAE-48DAE1B28785}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{FDE58AFD-8720-46FB-B5D3-D5D5A988736D}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe (Nox Limited -> Nox Limited Corporation) FirewallRules: [{FCE312DB-E5FC-4D22-A2D4-4A6B6F8F94B9}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.) FirewallRules: [{1473070C-7B58-487B-B98B-F769D1DAAE88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{1FECC8AA-62E9-479C-826E-89F2DA0EC76A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{77412A0A-985B-4546-B253-DC65B4CFB204}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{4C522A61-EAC7-49C7-BD65-FE6B2AFA28A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{3726EFF4-378C-4984-974E-7F2453F7355B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.47\msedgewebview2.exe => No File FirewallRules: [{4088A64B-906C-4728-8F3C-66D553BDF69B}] => (Allow) E:\Itunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{84FB4AF2-1D65-45F8-9608-9A958CF974A1}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.41\msedgewebview2.exe => No File FirewallRules: [{936E41B2-6EE8-43DA-8825-FF01D28C83E4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.40\msedgewebview2.exe => No File FirewallRules: [{95FC046E-1CCD-450A-A818-99D9C7762217}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.36\msedgewebview2.exe => No File FirewallRules: [{D36CDABB-7F63-4B4F-8CDD-7351CBD55906}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.30\msedgewebview2.exe => No File FirewallRules: [{170B4AC3-6726-49DC-A0D4-B7C1A973ECB7}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.24\msedgewebview2.exe => No File FirewallRules: [{D1C4A25B-861C-4230-92B1-9F20D93844E9}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.18\msedgewebview2.exe => No File FirewallRules: [{8518E440-FD04-4035-B2CC-406C7747AE82}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\87.0.664.12\msedgewebview2.exe => No File FirewallRules: [{D8EFB38C-1417-4244-9227-9BA6A9CBA3E1}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.43\msedgewebview2.exe => No File FirewallRules: [UDP Query User{39214D58-BBA2-4AF2-9079-2A0552F15D2E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> TODO: ) FirewallRules: [TCP Query User{4201D7F5-D49C-4AD6-BA05-985B7CD1E46E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> TODO: ) FirewallRules: [{63E8831D-6604-436C-80F7-410BBF94BB26}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.38\msedgewebview2.exe => No File FirewallRules: [{4544CF9D-0F41-4F61-8D91-D0B228DB63AC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.36\msedgewebview2.exe => No File FirewallRules: [{7BE013B9-22BB-4794-BB43-C28F6C2ABE48}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.31\msedgewebview2.exe => No File FirewallRules: [{7EAEAFC2-CF16-4EC6-91EE-E2A16BCC768B}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.28\msedgewebview2.exe => No File FirewallRules: [{460F9A5F-3701-4746-BF7A-5B4E6D6462E2}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.19\msedgewebview2.exe => No File FirewallRules: [{B5410A0A-B57A-4A29-82DD-6C81D03EA2F2}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.15\msedgewebview2.exe => No File FirewallRules: [{534FBA5D-9E85-49BA-8A06-975FF09B293E}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\86.0.622.11\msedgewebview2.exe => No File FirewallRules: [{BB46A02A-F97B-4029-9857-6F0A1A8331E4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.44\msedgewebview2.exe => No File FirewallRules: [{7D25FD06-71E9-41A7-8AEF-D52F50770737}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.41\msedgewebview2.exe => No File FirewallRules: [{33FC7E18-D52E-45F7-89E6-94E0DE1EDD22}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.40\msedgewebview2.exe => No File FirewallRules: [{141AF645-62B6-466A-AC59-9E2FCD589E85}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.36\msedgewebview2.exe => No File FirewallRules: [{5DBC6F90-9244-4A2E-810F-B37AB17362D8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.30\msedgewebview2.exe => No File FirewallRules: [{478D09A3-4664-490C-B36D-032E42618B32}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.23\msedgewebview2.exe => No File FirewallRules: [{8D5C8D0F-F1A5-43E5-BE70-BEE35CAA4FBC}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\85.0.564.18\msedgewebview2.exe => No File FirewallRules: [{07F2C21F-5CD4-49C9-938E-B1FB0F6B73BD}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.44\msedgewebview2.exe => No File FirewallRules: [{0FC1AA6B-DF28-4C76-81E6-79B307D8C3C5}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{545E19E5-E98E-4963-97A1-0483DBD68868}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{88C420CC-B0CB-407D-AC87-D6A8A8DD0404}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{2F7166C8-C4C9-4C38-B72C-3E811F6D69F0}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{84653DF2-D5F4-4F70-BBA6-B014FD11E375}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{CA4D34C0-9074-4005-8A86-26E26D35DB44}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{3D93626D-F892-4D21-895D-E74792B1DEAD}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{D4C74079-4DBD-43A1-8F3D-3D5AC67C7B67}] => (Allow) C:\Users\kevin\AppData\Local\Temp\RarSFX0\InstallationPackage\install\x64\installgui.exe => No File FirewallRules: [{358984B1-C691-4CFE-AE3E-02AC37C12346}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.39\msedgewebview2.exe => No File FirewallRules: [{9A7A5AD8-0277-43AB-AA1D-72DDD9E85C12}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe => No File FirewallRules: [{6DA66435-9E3D-48A7-9221-5CF573795E46}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.35\msedgewebview2.exe => No File FirewallRules: [UDP Query User{96F35947-6CAF-4228-AC35-F02221E48AEE}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) FirewallRules: [TCP Query User{5BF58A46-9E58-49BB-A742-B50247CDAB86}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) FirewallRules: [{5FD76585-9AF6-4FC9-A8BD-CC0F629A8F4C}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.28\msedgewebview2.exe => No File FirewallRules: [{7E18FEE3-6AFB-4526-872C-D29CE03271F8}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.26\msedgewebview2.exe => No File FirewallRules: [UDP Query User{A579E7A8-CBBF-4626-94FA-D94DBFAAD121}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) FirewallRules: [TCP Query User{71E487E2-7601-4DF4-AA42-E932AFF2EB48}C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\kevin\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) FirewallRules: [{F833EB83-8871-4F6A-A6F0-42DF9072471A}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.20\msedgewebview2.exe => No File FirewallRules: [{A7DDFA5A-C199-4F98-909D-465FB4C38AF4}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.15\msedgewebview2.exe => No File FirewallRules: [{4D5B3263-FFAC-411C-82BB-E292389412DF}] => (Allow) C:\Program Files (x86)\Microsoft\Edge Beta\Application\84.0.522.11\msedgewebview2.exe => No File FirewallRules: [{5C45CFB4-C3BA-4C13-8F15-9D01D01F5465}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{73174BFA-04E5-4EA3-B7B5-E5FCB7635B7E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [{377FFFB6-E13F-4A00-9FDD-276ADC923DE7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{649D2B84-692F-41E1-901B-A340860B3171}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{832AEFCA-918B-453A-B42B-9101C1F8AB2F}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{D57A7D76-2B51-4FB6-9CB5-6AD0BED9AD2E}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc -> Logitech Inc.) FirewallRules: [{E8E0722C-7F80-4975-8987-3AE837F79FBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F64D2E1C-38AF-4523-A49A-AC08725CDC1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EB1449ED-B9D6-49B7-99A1-9939AA40E195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{BFA18375-A1C4-452C-8CDF-D0EACD16E2CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{579FA8AB-60E5-4C93-9D06-8C3B96121776}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F6DFEF05-4BEE-4738-B3D8-90184CDB0699}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1A6BAE4F-DEFE-421B-801B-4EF0518F5D62}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0AD1E50C-A827-4280-86D6-F27D18C16332}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2AAE2A8F-BD8C-4573-85C3-4CED842865F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{FA275219-6F77-4AFE-B0C9-6AA3D5C8159D}C:\program files (x86)\terra master\tnas pc\tnaspc.exe] => (Allow) C:\program files (x86)\terra master\tnas pc\tnaspc.exe (Terra Master) [File not signed] FirewallRules: [UDP Query User{A68A482D-7AAF-4981-806F-AFA44B3AFAF3}C:\program files (x86)\terra master\tnas pc\tnaspc.exe] => (Allow) C:\program files (x86)\terra master\tnas pc\tnaspc.exe (Terra Master) [File not signed] FirewallRules: [{53B4C7C9-7B33-4CD3-8FDD-D60E51FB56A5}] => (Allow) J:\install\x64\installgui.exe => No File FirewallRules: [{2C3F2A19-EA9F-4C07-B8F4-3D46D70A7BAE}] => (Allow) J:\install\x64\installgui.exe => No File FirewallRules: [{8BD13980-59D2-416B-88DD-D747AF2C40F3}] => (Allow) C:\Users\kevin\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{9B30EF8C-CC6E-4651-8C6F-8BFC227C38D5}] => (Allow) C:\Users\kevin\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{51178299-E9BE-4E3E-BA32-8177E0AB0C73}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{17A9E4D5-B005-4C85-A3AE-ED1A36D9DC2C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [TCP Query User{5335E494-38B2-46CA-808E-A45BC21D4084}D:\downloads\adobe tool v4.9.4.0\adobetool.exe] => (Allow) D:\downloads\adobe tool v4.9.4.0\adobetool.exe => No File FirewallRules: [UDP Query User{D862A85A-4D25-418C-A144-816037575E1B}D:\downloads\adobe tool v4.9.4.0\adobetool.exe] => (Allow) D:\downloads\adobe tool v4.9.4.0\adobetool.exe => No File FirewallRules: [{692A263A-59DE-4223-AEDE-E02897ED2FBA}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File FirewallRules: [{D750B1BE-A581-4422-83A6-DE5FC5A01968}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File FirewallRules: [{E44B4D25-33B3-4980-8288-B29374B6C657}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File FirewallRules: [{0A45937B-1A64-41FC-B04B-78AADE723B81}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File FirewallRules: [TCP Query User{E94D43EA-EC40-446C-9461-7A109602FED7}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [UDP Query User{1E2748AC-449E-40F6-BAD7-9367EF4BA02A}C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe] => (Allow) C:\program files\windowsapps\facebook.317180b0bb486_480.5.121.0_x64__8xx8rvfyw5nnt\app\messenger.exe => No File FirewallRules: [{9D973010-87D9-493A-819B-556FA64BF386}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{68234F13-6692-407E-8369-1E9162E50BBF}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{FC5E04F8-3475-4BE0-8E39-888F364021F7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC) FirewallRules: [{7311EF0D-4BDC-4772-8FDD-23277A4EAA68}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7A6185DC-FADE-4635-96F8-417F0BAF8722}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{4AB7F330-DBC2-47E5-8C60-4EC01A9E5BA5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{44587D76-8B63-4850-B496-C2D41F0C7647}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F5A00C30-8C54-4078-8C15-8F344C53FCA8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{7C34D924-D1FC-4E32-A2CB-F3273019D40F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{8797050F-AC00-4491-8784-40FAFA43C355}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{2A99EE43-6B78-477C-A544-6378772D65B3}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{D8F13368-45C5-4B6A-A8CB-976AC2429A69}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{DDCC201F-BB2A-428E-8D06-F044DCF64F8C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{B6A08990-CE44-4382-BC93-BC75AC90E009}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{F92E378A-448B-40FF-BEDF-458EEA1DCD27}] => (Allow) C:\Program Files (x86)\AnyDeskMSI\AnyDeskMSI.exe (philandro Software GmbH -> philandro Software GmbH) ==================== Restore Points ========================= 17-12-2020 13:17:56 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (12/19/2020 12:55:10 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: THEWHITETOWER) Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126). Error: (12/19/2020 12:55:10 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: THEWHITETOWER) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (12/19/2020 12:39:07 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: THEWHITETOWER) Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126). Error: (12/19/2020 12:39:07 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: THEWHITETOWER) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (12/19/2020 12:37:58 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (12/19/2020 12:37:58 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (12/19/2020 12:20:42 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: THEWHITETOWER) Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126). Error: (12/19/2020 12:20:42 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: THEWHITETOWER) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. System errors: ============= Error: (12/19/2020 12:20:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s). Error: (12/19/2020 07:15:33 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY) Description: A fatal hardware error has occurred. A record describing the condition is contained in the data section of this event. Error: (12/18/2020 10:04:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (12/18/2020 01:18:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/18/2020 09:24:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (12/17/2020 02:26:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (12/17/2020 06:23:48 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: NT AUTHORITY) Description: A fatal hardware error has occurred. A record describing the condition is contained in the data section of this event. Error: (12/16/2020 05:26:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Windows Defender: =================================== Date: 2020-12-16 15:21:06.3650000Z Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.C!rfn&threatid=2147745897&enterprise=0 Name: Trojan:Win32/CoinMiner.C!rfn ID: 2147745897 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\winlogui.exe; file:_C:\Windows\System32\winrmsrv.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Security intelligence Version: AV: 1.323.574.0, AS: 1.323.574.0, NIS: 1.323.574.0 Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5 Date: 2020-12-16 15:21:06.1090000Z Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Name: Trojan:Win32/Tiggre!plock ID: 2147723626 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\StartupCheckLibrary.dll; file:_C:\Windows\System32\winscomrssrv.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\rundll32.exe Security intelligence Version: AV: 1.323.574.0, AS: 1.323.574.0, NIS: 1.323.574.0 Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5 Date: 2020-12-16 15:21:05.9850000Z Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!plock&threatid=2147723626&enterprise=0 Name: Trojan:Win32/Tiggre!plock ID: 2147723626 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\winscomrssrv.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\rundll32.exe Security intelligence Version: AV: 1.323.574.0, AS: 1.323.574.0, NIS: 1.323.574.0 Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5 Date: 2020-12-16 15:21:05.9320000Z Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/CoinMiner.C!rfn&threatid=2147745897&enterprise=0 Name: Trojan:Win32/CoinMiner.C!rfn ID: 2147745897 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\winrmsrv.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\System32\svchost.exe Security intelligence Version: AV: 1.323.574.0, AS: 1.323.574.0, NIS: 1.323.574.0 Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5 CodeIntegrity: =================================== Date: 2020-12-19 12:57:44.0520000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-19 12:57:44.0470000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-19 12:57:44.0420000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-19 12:57:44.0360000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-19 12:57:44.0300000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-19 12:57:44.0250000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-19 12:57:44.0200000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. Date: 2020-12-19 12:57:44.0140000Z Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. ALASKA - 1072009 06/09/2017 Motherboard: Gigabyte Technology Co., Ltd. X99-Ultra Gaming-CF Processor: Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz Percentage of memory in use: 19% Total physical RAM: 32602.55 MB Available physical RAM: 26087.58 MB Total Virtual: 37466.55 MB Available Virtual: 28826.43 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.84 GB) (Free:117.54 GB) NTFS Drive d: (Users) (Fixed) (Total:931.51 GB) (Free:760.38 GB) NTFS Drive e: (Programs) (Fixed) (Total:3725.9 GB) (Free:3717.56 GB) NTFS Drive y: (Gaming) (Fixed) (Total:223.57 GB) (Free:154.34 GB) NTFS \\?\Volume{86dd5f42-87c6-4772-84d4-bcb2378f5481}\ () (Fixed) (Total:0.52 GB) (Free:0.07 GB) NTFS \\?\Volume{9ce114ca-1580-453c-bfb0-957e0201ae95}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 223.6 GB) (Disk ID: A5426BEB) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 8005979F) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 01807300) Partition: GPT. ========================================================== Disk: 3 (Size: 238.5 GB) (Disk ID: 0A77A4EE) Partition: GPT. ==================== End of Addition.txt =======================