Jump to content

Recommended Posts

  • Root Admin

Hello @lgibson

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

Hello @lgibson

We are currently having an issue with posting logs. Hopefully this will be resolved sometime tomorrow. Once that has been resolved please run FRST again and post back new logs.

You could potentially post them back directly but in the past sometimes the logs were not translated correctly and why uploading as an attachment was often better.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

Here are new Farbar logs, Malwarebytes and Adwcleaner came back clean.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2020
Ran by efilr (administrator) on DESKTOP-HAJGTG6 (01-09-2020 06:51:40)
Running from C:\Users\efilr\Downloads
Loaded Profiles: efilr
Platform: Windows 10 Pro Version 1903 18362.1016 (X64) Language: English (United Kingdom)
Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\laragon\bin\memcached\memcached-1.4.5\memcached.exe
() [File not signed] C:\laragon\bin\mysql\mysql-5.7.24-winx64\bin\mysqld.exe
() [File not signed] C:\laragon\bin\nginx\nginx-1.16.0\nginx.exe <2>
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe <4>
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\httpd.exe <2>
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <45>
(JAM Software GmbH -> JAM Software) C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
(Le Ngoc Khoa) [File not signed] C:\laragon\laragon.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\efilr\AppData\Local\Microsoft\OneDrive\20.134.0705.0008\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\efilr\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2007.8-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Firefox Developer Edition\firefox.exe <10>
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Notepad++ -> Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(pCloud AG -> pCloud AG) C:\Program Files\pCloud Drive\pCloud.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\php-cgi.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2091064 2020-07-17] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-06-06] (Adobe Inc. -> )
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3377440 2020-07-31] (Valve -> Valve Corporation)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [677512 2020-07-25] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe [3586184 2019-10-07] (pCloud AG -> pCloud AG)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\efilr\AppData\Local\Vivaldi\Application\update_notifier.exe [1880648 2020-03-20] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [Spotify] => C:\Users\efilr\AppData\Roaming\Spotify\Spotify.exe [23330024 2020-07-15] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [29262520 2020-07-29] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [269584 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2075816 2020-08-27] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2075816 2020-08-27] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\MountPoints2: {de90fddd-2e38-11ea-a2dd-e0cb4e798529} - "F:\LaunchU3.exe" -a
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\85.1.13.82\Installer\chrmstp.exe [2020-08-28] (Brave Software, Inc.) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B808D1-1D79-4899-9A10-CCA93CF31107} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0561156C-ACAB-41EB-9A16-94DFD3879A58} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155488 2020-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {062331B1-F0E7-4265-855E-6B480CEF3A42} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0ABC6850-0007-433D-BAB7-2BF2F40F4FBD} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-23] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {13EADDC6-9C8F-4F53-B10E-240DD0F630AA} - System32\Tasks\update-S-1-5-21-2647366133-644958006-1508198402-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {157D3971-8969-400D-AFED-8A963537AFB6} - System32\Tasks\Mozilla\Firefox Developer Edition Default Browser Agent CA9422711AE1A81C => C:\Program Files\Firefox Developer Edition\default-browser-agent.exe do-task "CA9422711AE1A81C"
Task: {16C34391-7D6C-4481-89BB-B432F545AE20} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {18A57450-E226-4023-A2CA-46A2C6B90079} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24910520 2020-07-29] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1F28BDF8-EABA-4681-B35E-5A3D3BA56D6D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {23B45588-05A7-4B31-A872-8B37981F6475} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4385BC6F-DF9C-4C0C-BD51-5811D397F36E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {46399E45-F31D-406C-AAB1-05A935BB9F4C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B129890-16DE-4797-B2E5-2CCF27E26D6A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {657C06DD-58ED-44B3-B0C5-0F11CE1E0D94} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-07-29] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {716ED77A-5746-4D3B-95D9-14BB7F9F10CE} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-23] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {7E8588D8-F78D-41CE-80D2-FB5AD8F50D0E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1840520 2020-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F5625E5-4E33-4D6F-A49E-2518CE5A142F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D30AAED-11C9-4AF0-AF71-F7D388743F68} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8DBDDE97-2EF2-44A4-A69E-67255E585C26} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A4F5CEEC-0EC3-4010-A320-9CCA756EE2BF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23819120 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB5E7602-1691-4B42-A963-73CCD0EAF951} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C630043A-0391-4D76-90C5-9B9E6FD70B38} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155488 2020-08-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBF64510-BD10-4834-AD88-CEA85809AAA9} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D685D2AE-41CF-4855-BBC3-9EA1D1ECFDBD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E505733B-9173-41FA-892E-7F956A0F50E0} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2EA775B-9421-4AE8-A8FC-BC37E6F9DAA2} - System32\Tasks\UltraSearch\UltraSearch_SkipUAC_efilr => C:\Program Files\JAM Software\UltraSearch\UltraSearch.exe [37767920 2019-04-23] (JAM Software GmbH -> JAM Software)
Task: {F57A7534-F10E-4CEB-B915-774B20C2737B} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {FDA7A3E2-3C7F-4B1D-8C66-69ED89FE732D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MpCmdRun.exe [516776 2020-08-05] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2647366133-644958006-1508198402-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{c70ae358-1d92-4e1a-ae74-7f71d3795683}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{c70ae358-1d92-4e1a-ae74-7f71d3795683}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-02-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-08-08] (Microsoft Corporation -> Microsoft Corporation)

Edge: 
======
DownloadDir: C:\Users\efilr\Downloads
Edge Extension: (No Name) -> EdgeExtension_48376MaximeRFEnhancerforYouTubeforMicrosoftEdge_f4efyycdr3qdm => C:\Program Files\WindowsApps\48376MaximeRF.EnhancerforYouTubeforMicrosoftEdge_2.0.99.0_neutral__f4efyycdr3qdm [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\efilr\AppData\Local\Microsoft\Edge\User Data\Default [2020-08-28]
Edge DownloadDir: C:\Users\efilr\Downloads
Edge HomePage: Default -> hxxp://www.google.co.uk/
Edge StartupUrls: Default -> "hxxp://www.google.co.uk/"
Edge Extension: (Enhancer for YouTube™) - C:\Users\efilr\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2020-04-19]

FireFox:
========
FF DefaultProfile: 3yi3km7w.default
FF DefaultProfile: drviygqt.default
FF ProfilePath: C:\Users\efilr\AppData\Roaming\ParseHub\parsehub\Profiles\3yi3km7w.default [2020-07-01]
FF Extension: (ParseHub) - C:\Users\efilr\AppData\Roaming\ParseHub\parsehub\Profiles\3yi3km7w.default\Extensions\parsehub2@parsehub.com.xpi [2020-06-30] [Legacy] [not signed]
FF Extension: (ParseHub Installer) - C:\Program Files (x86)\ParseHub\browser\extensions\install@parsehub.com.xpi [2018-04-26] [Legacy] [not signed]
FF ProfilePath: C:\Users\efilr\AppData\Roaming\Mozilla\Firefox\Profiles\w7u0f7rd.dev-edition-default [2020-09-01]
FF ProfilePath: C:\Users\efilr\AppData\Roaming\Mozilla\Firefox\Profiles\drviygqt.default [2020-07-16]
FF ProfilePath: C:\Users\efilr\AppData\Roaming\Mozilla\Firefox\Profiles\9e9attm5.default-release [2020-08-06]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-02-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-07-17] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-02-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-10-23] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-10-23] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-07-17] (Adobe Inc. -> Adobe Systems)
StartMenuInternet: Firefox-79FEC2A9F45F67D1 - C:\Program Files (x86)\ParseHub\parsehub.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844856 2020-06-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8404720 2019-10-30] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-23] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-10-23] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10566536 2020-08-05] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2020-05-14] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech -> Logitech, Inc.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [269584 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6149984 2020-08-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\NisSrv.exe [2169568 2020-08-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MsMpEng.exe [128376 2020-08-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfsconnect2017; C:\Windows\system32\drivers\cbfsconnect2017.sys [476904 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S3 iLokDrvr; C:\Windows\System32\drivers\iLokDrvr.sys [33544 2019-12-24] (PACE Anti-Piracy, Inc. -> )
R3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [784872 2019-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Line 6)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] (ASUSTeK Computer Inc. -> )
R3 nlwt; C:\Windows\system32\DRIVERS\nlwt.sys [39360 2020-04-20] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\Windows\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [20704 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [78216 2020-08-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [430320 2020-08-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [98520 2020-08-05] (Microsoft Windows -> Microsoft Corporation)
R3 yukonw8; C:\Windows\System32\drivers\yk63x64.sys [288768 2019-03-19] (Microsoft Windows -> Marvell)
U3 aswbdisk; no ImagePath
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-01 06:51 - 2020-09-01 06:51 - 000000000 ____D C:\Users\efilr\Downloads\FRST-OlderVersion
2020-08-30 07:18 - 2020-08-30 07:50 - 000000000 ____D C:\Users\efilr\Downloads\Cloudyprojecttest
2020-08-30 04:49 - 2020-08-30 04:49 - 000000887 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2020-08-30 04:49 - 2020-08-30 04:49 - 000000000 ____D C:\Users\efilr\AppData\Roaming\Sublime Text 3
2020-08-30 04:49 - 2020-08-30 04:49 - 000000000 ____D C:\Users\efilr\AppData\Local\Sublime Text 3
2020-08-30 04:49 - 2020-08-30 04:49 - 000000000 ____D C:\Program Files\Sublime Text 3
2020-08-30 04:25 - 2020-08-30 04:25 - 010931184 _____ (Sublime HQ Pty Ltd ) C:\Users\efilr\Downloads\Sublime Text Build 3211 x64 Setup.exe
2020-08-30 03:24 - 2020-08-30 07:14 - 000000000 ____D C:\Users\efilr\Downloads\weadown.com_pinkmart_v2.7.5
2020-08-30 03:03 - 2020-08-30 03:03 - 031933448 _____ C:\Users\efilr\Downloads\weadown.com_pinkmart_v2.7.5.zip
2020-08-30 01:09 - 2020-08-30 01:09 - 516412688 _____ (Serif (Europe) Ltd.) C:\Users\efilr\Downloads\affinity-photo-1.8.5.exe
2020-08-30 01:08 - 2020-08-30 01:11 - 126878936 _____ ( ) C:\Users\efilr\Downloads\PinegrowWinSetup.5.973 (1).exe
2020-08-29 23:40 - 2020-08-29 23:40 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-08-29 17:03 - 2020-08-29 17:03 - 000001024 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk
2020-08-29 16:43 - 2020-08-29 16:43 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2020.lnk
2020-08-28 18:11 - 2020-08-28 18:11 - 000329812 _____ C:\Users\efilr\Downloads\Concept Branding Pricing.pdf
2020-08-28 03:01 - 2020-08-31 12:52 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2020-08-27 17:20 - 2020-08-27 17:20 - 000000000 ____D C:\Users\efilr\AppData\Local\SWTOR
2020-08-26 21:03 - 2020-08-26 21:03 - 000000000 ____D C:\Users\efilr\AppData\Local\SWTORPerf
2020-08-26 09:39 - 2020-08-26 09:39 - 000736037 _____ C:\Users\efilr\Downloads\65-Profile-Creation-Sites.pdf
2020-08-26 08:40 - 2020-08-26 08:40 - 000001102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk
2020-08-19 18:10 - 2020-08-19 18:17 - 000000000 ____D C:\Users\efilr\AppData\Roaming\Bleed2
2020-08-19 18:09 - 2020-08-19 18:09 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2020-08-19 15:43 - 2020-08-19 15:43 - 000000000 ____D C:\Users\efilr\AppData\LocalLow\Massive Monster
2020-08-17 09:01 - 2020-08-17 09:08 - 507121936 _____ (Serif (Europe) Ltd.) C:\Users\efilr\Downloads\affinity-designer-1.8.4.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 025903104 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 022642688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 019852288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 019812352 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 018032128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 014820352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 009932088 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 007915864 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 007758848 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 007270912 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 007270728 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 006526448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 006436864 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 006294528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 006074552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005946368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005904896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005849872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005767224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005283776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005111296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005013504 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 005003824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 004611072 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 004565248 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 004129408 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 003974376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 003822592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 003806208 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 003743056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 003727872 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 003637760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 003516416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 003368616 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002986808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 002950808 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 002766952 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2020-08-13 00:09 - 2020-08-13 00:09 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2020-08-13 00:09 - 2020-08-13 00:09 - 002739200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directml.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002737664 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002698048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 002588688 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 002583496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002576896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002422384 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 002307584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002260312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002259192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 002138280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 002096128 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002085632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 002022400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001870200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001836160 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001756592 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-08-13 00:09 - 2020-08-13 00:09 - 001743680 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001672544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001669344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001665024 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001660536 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001654312 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001612800 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001587712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001564160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001540096 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001512848 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 001482568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 001458688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001420320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001418832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001406464 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001397576 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 001393960 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001366144 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-08-13 00:09 - 2020-08-13 00:09 - 001338368 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001319936 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001316352 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001282872 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2020-08-13 00:09 - 2020-08-13 00:09 - 001274128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001215488 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 001197056 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001182248 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001123344 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001101312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001077048 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 001015296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001012792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001009664 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 001008128 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000995840 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\dsregcmd.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000963072 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000950784 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000941568 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000931328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000917800 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000914432 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000899072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000897648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000894032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000888352 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000882688 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000875520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000867840 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000843776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000843776 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000823744 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000822800 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000783480 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000782336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000775480 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000738064 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 000724480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000717312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.FileExplorer.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000716312 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000709120 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000705536 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BTAGService.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000692224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000690536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000677888 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000675040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000675024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000673088 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000671744 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000671040 _____ (Microsoft Corporation) C:\Windows\system32\computecore.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000668672 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000666280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 000661816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 000649728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000639488 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000593480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000572200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000568128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000564488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 000548352 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000535040 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000534016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000522688 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000500224 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.FileExplorer.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000495104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000477496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-08-13 00:09 - 2020-08-13 00:09 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000463168 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000461112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000457016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 000456704 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000435200 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\WalletService.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000431104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000410624 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\DispBroker.Desktop.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000403456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000379704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000369304 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000359496 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000353280 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000343408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2020-08-13 00:09 - 2020-08-13 00:09 - 000339456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\HrtfApo.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000338944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000335872 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 000321536 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000314368 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000312832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000309248 _____ (Microsoft Corporation) C:\Windows\system32\tapisrv.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000307712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000273744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000255488 _____ (Microsoft Corporation) C:\Windows\system32\wpnservice.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tapisrv.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000247856 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000228352 _____ (Microsoft Corporation) C:\Windows\system32\rasplap.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000220984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000209208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000208384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasplap.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000199480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\Winlangdb.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatializerApo.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000193592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\weretw.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000186472 _____ (Microsoft Corporation) C:\Windows\system32\BCP47mrm.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000180224 _____ (Microsoft Corporation) C:\Windows\system32\net1.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000179512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\rtm.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\profsvcext.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000172544 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000165176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rtm.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000157184 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000152416 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\sdrsvc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Winlangdb.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000133256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47mrm.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000132408 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\globinputhost.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000127064 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000125440 _____ (Microsoft Corporation) C:\Windows\system32\sdshext.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000124512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000114176 _____ (Microsoft Corporation) C:\Windows\system32\DeviceUpdateAgent.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\fdSSDP.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000104248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\globinputhost.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000092672 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000090936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000089328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdSSDP.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\lpkinstall.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000072192 _____ (Microsoft Corporation) C:\Windows\system32\PrintBrmUi.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iemigplugin.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguageProfileCallback.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguageProfileCallback.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afunix.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acwow64.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\afunix.sys
2020-08-13 00:09 - 2020-08-13 00:09 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\sbservicetrigger.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000018432 _____ (Microsoft Corporation) C:\Windows\system32\wiatrace.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000011776 _____ (Microsoft Corporation) C:\Windows\system32\iprtprio.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtprio.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2020-08-13 00:09 - 2020-08-13 00:09 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-08-13 00:09 - 2020-08-13 00:09 - 000000357 _____ C:\Windows\system32\DrtmAuthKeyDelegate_From_20190529_To_20200303.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000357 _____ C:\Windows\system32\DrtmAuth1KeyDelegate.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-08-13 00:09 - 2020-08-13 00:09 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-08-13 00:08 - 2020-08-13 00:09 - 002471936 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 017792512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 007850784 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 007583272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 007297536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 004625184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2020-08-13 00:08 - 2020-08-13 00:08 - 004227116 _____ C:\Windows\system32\DefaultHrtfs.bin
2020-08-13 00:08 - 2020-08-13 00:08 - 004005376 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 003984896 _____ (Microsoft Corporation) C:\Windows\system32\tellib.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 003712000 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 003581240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-08-13 00:08 - 2020-08-13 00:08 - 003141632 _____ (Microsoft Corporation) C:\Windows\system32\directml.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 003084800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 002808832 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 002717696 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-08-13 00:08 - 2020-08-13 00:08 - 002552120 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 002523136 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 002289152 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001885184 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001751040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001182208 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001149712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2020-08-13 00:08 - 2020-08-13 00:08 - 001127424 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001072128 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001059328 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 001055232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000937984 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000875424 _____ (Microsoft Corporation) C:\Windows\system32\pkeyhelper.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2020-08-13 00:08 - 2020-08-13 00:08 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000521728 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\HrtfApo.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-08-13 00:08 - 2020-08-13 00:08 - 000340992 _____ (Microsoft Corporation) C:\Windows\system32\LanguageOverlayServer.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2020-08-13 00:08 - 2020-08-13 00:08 - 000287232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000275256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2020-08-13 00:08 - 2020-08-13 00:08 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000252928 _____ (Microsoft Corporation) C:\Windows\system32\SpatializerApo.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000201728 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000201544 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_SIUF.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2020-08-13 00:08 - 2020-08-13 00:08 - 000174592 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\mssecuser.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\CustomInstallExec.exe
2020-08-13 00:08 - 2020-08-13 00:08 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2020-08-13 00:08 - 2020-08-13 00:08 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cellulardatacapabilityhandler.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000041984 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2020-08-13 00:08 - 2020-08-13 00:08 - 000032256 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000031232 _____ (Microsoft Corporation) C:\Windows\system32\FaxPrinterInstaller.dll
2020-08-13 00:08 - 2020-08-13 00:08 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2020-08-13 00:02 - 2020-07-18 04:07 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-08-13 00:02 - 2020-07-18 03:53 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-08-12 23:49 - 2020-08-12 23:49 - 000000000 ____D C:\Users\efilr\AppData\LocalLow\JellySnow
2020-08-12 23:30 - 2020-08-12 23:30 - 000000000 ____D C:\Users\efilr\AppData\LocalLow\Puppygames
2020-08-10 19:45 - 2020-08-10 19:45 - 000000000 ____D C:\Users\efilr\AppData\LocalLow\Oroboro games
2020-08-09 23:41 - 2020-08-09 23:41 - 000000000 ____D C:\Users\efilr\AppData\LocalLow\scriptwelder studio
2020-08-07 05:52 - 2020-08-07 05:52 - 000000000 ____D C:\Users\efilr\AppData\Local\OneDrive
2020-08-06 23:45 - 2020-08-06 23:45 - 000000000 ____D C:\ProgramData\NordVPN
2020-08-06 23:45 - 2020-08-06 23:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\NordSec
2020-08-06 23:45 - 2020-08-06 23:45 - 000000000 ____D C:\Program Files\NordVPN
2020-08-06 23:45 - 2020-07-10 15:32 - 000038608 _____ (TEFINCOM S.A.) C:\Windows\system32\Drivers\nordlwf.sys
2020-08-06 23:44 - 2020-08-06 23:45 - 000000000 ____D C:\Users\efilr\AppData\Local\NordVPN
2020-08-06 04:42 - 2020-08-06 04:42 - 000000000 ____D C:\avast! sandbox
2020-08-06 03:52 - 2020-08-06 03:56 - 000075969 _____ C:\Users\efilr\Downloads\Addition.txt
2020-08-06 03:50 - 2020-09-01 06:52 - 000027046 _____ C:\Users\efilr\Downloads\FRST.txt
2020-08-06 03:49 - 2020-09-01 06:52 - 000000000 ____D C:\FRST
2020-08-06 03:49 - 2020-09-01 06:51 - 002298880 _____ (Farbar) C:\Users\efilr\Downloads\FRST64.exe
2020-08-06 02:01 - 2020-08-06 02:01 - 002040904 _____ (Malwarebytes) C:\Users\efilr\Downloads\MBSetup.exe
2020-08-06 01:53 - 2020-08-06 01:53 - 008414384 _____ (Malwarebytes) C:\Users\efilr\Downloads\adwcleaner_8.0.7.exe
2020-08-05 15:22 - 2020-08-05 15:22 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2020.lnk
2020-08-04 16:08 - 2020-08-04 16:08 - 000022498 _____ C:\Users\efilr\Downloads\Invoice - 0160.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-01 06:45 - 2019-10-23 14:02 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-09-01 06:45 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-08-31 12:39 - 2019-10-23 14:17 - 000000000 ____D C:\ProgramData\NVIDIA
2020-08-30 23:55 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2020-08-30 01:17 - 2020-04-19 19:30 - 000000949 _____ C:\Users\Public\Desktop\Affinity Photo.lnk
2020-08-30 01:17 - 2020-04-19 19:30 - 000000949 _____ C:\ProgramData\Desktop\Affinity Photo.lnk
2020-08-30 01:17 - 2020-04-19 19:30 - 000000000 ____D C:\Program Files\Affinity
2020-08-30 01:17 - 2019-11-30 21:35 - 000000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Affinity Photo.lnk
2020-08-30 01:14 - 2020-07-16 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinegrow Web Editor
2020-08-30 01:14 - 2020-07-16 17:09 - 000000000 ____D C:\Program Files (x86)\Pinegrow Web Editor
2020-08-29 23:40 - 2020-07-19 07:34 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2020-08-29 23:40 - 2020-07-16 03:08 - 000000000 ____D C:\Users\efilr\AppData\LocalLow\Mozilla
2020-08-29 16:43 - 2020-04-24 00:58 - 000000000 ____D C:\Program Files\Adobe
2020-08-29 16:42 - 2019-11-03 04:00 - 000000000 ____D C:\ProgramData\Adobe
2020-08-28 19:30 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-08-28 17:18 - 2019-11-07 17:05 - 000001456 _____ C:\Users\efilr\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-08-28 17:16 - 2019-11-02 13:30 - 000000000 ____D C:\Program Files (x86)\Steam
2020-08-28 13:44 - 2020-02-17 22:25 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-08-28 03:01 - 2020-07-16 03:08 - 000000000 ____D C:\ProgramData\Mozilla
2020-08-28 00:15 - 2019-10-23 16:18 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2020-08-27 19:11 - 2020-04-01 16:53 - 000000000 ____D C:\Users\efilr\AppData\Local\Daedalic Entertainment GmbH
2020-08-27 18:54 - 2019-11-02 14:21 - 000000000 ____D C:\Users\efilr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2020-08-27 17:20 - 2019-10-30 14:38 - 000000000 ____D C:\Users\efilr\AppData\Local\CrashDumps
2020-08-26 08:24 - 2019-11-03 04:04 - 000000000 ___RD C:\Users\efilr\Creative Cloud Files
2020-08-26 03:41 - 2020-07-16 03:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-08-25 14:39 - 2019-10-23 14:17 - 000892382 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-25 14:39 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-08-25 14:38 - 2020-02-17 22:24 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-08-25 14:38 - 2020-02-17 22:24 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-08-25 14:33 - 2019-10-23 14:13 - 000000000 ____D C:\Users\efilr
2020-08-25 14:33 - 2019-10-23 14:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-25 14:33 - 2019-10-23 14:02 - 000461968 _____ C:\Windows\system32\FNTCACHE.DAT
2020-08-22 17:04 - 2020-05-08 01:47 - 000000000 ____D C:\Users\efilr\AppData\Roaming\WhatsApp
2020-08-22 07:47 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2020-08-16 21:32 - 2020-04-29 13:13 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-08-15 23:59 - 2019-10-30 11:51 - 000000000 ____D C:\Program Files\Microsoft Office
2020-08-13 21:02 - 2020-05-08 01:47 - 000000000 ____D C:\Users\efilr\AppData\Local\WhatsApp
2020-08-13 18:59 - 2019-10-23 14:18 - 000003378 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2647366133-644958006-1508198402-1001
2020-08-13 18:59 - 2019-10-23 14:13 - 000002363 _____ C:\Users\efilr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-08-13 03:14 - 2019-10-23 14:16 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-08-13 03:14 - 2019-10-23 14:16 - 000000000 ___RD C:\Users\efilr\3D Objects
2020-08-13 03:13 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-08-13 03:12 - 2019-03-19 12:43 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\oobe
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\setup
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\migwiz
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Dism
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Provisioning
2020-08-13 03:12 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2020-08-13 03:12 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\servicing
2020-08-07 03:21 - 2019-10-23 14:16 - 000000000 ____D C:\Users\efilr\AppData\Roaming\Adobe
2020-08-06 23:52 - 2020-04-06 12:51 - 000000000 ____D C:\Users\efilr\AppData\Roaming\Zoom
2020-08-06 15:30 - 2020-04-24 00:25 - 000000000 ____D C:\Users\efilr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs LLC
2020-08-06 15:30 - 2020-04-24 00:25 - 000000000 ____D C:\Program Files\Topaz Labs LLC
2020-08-06 15:29 - 2020-04-24 00:26 - 000000000 ____D C:\ProgramData\Topaz Labs LLC
2020-08-06 15:27 - 2019-10-23 15:50 - 000000000 ____D C:\Program Files (x86)\Google
2020-08-06 15:27 - 2019-10-23 15:49 - 000000000 ____D C:\Users\efilr\AppData\Local\Google
2020-08-06 15:25 - 2019-11-03 03:58 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-08-06 15:18 - 2020-07-20 07:25 - 000000000 ____D C:\ProgramData\Avast Software
2020-08-06 14:24 - 2020-03-01 02:38 - 000007615 _____ C:\Users\efilr\AppData\Local\Resmon.ResmonCfg
2020-08-06 04:46 - 2020-07-20 06:35 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-08-06 04:46 - 2020-07-20 06:35 - 000000823 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-08-06 04:46 - 2020-07-20 06:35 - 000000823 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-08-06 04:39 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-08-06 04:07 - 2020-07-10 04:04 - 000000000 ____D C:\Users\efilr\AppData\Roaming\XuanZhi
2020-08-06 04:07 - 2020-07-10 04:04 - 000000000 ____D C:\Program Files\ldplayerbox
2020-08-06 01:55 - 2019-11-04 20:32 - 000000000 ____D C:\AdwCleaner
2020-08-05 15:23 - 2019-11-03 03:58 - 000000000 ____D C:\Program Files\Common Files\Adobe
2020-08-05 11:22 - 2019-10-23 14:05 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-08-03 15:19 - 2020-04-24 01:03 - 000001324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2020-08-03 15:19 - 2020-04-24 01:03 - 000001312 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2020-08-03 15:19 - 2020-04-24 01:03 - 000001312 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk

==================== Files in the root of some directories ========

2020-07-10 04:05 - 2020-07-10 04:05 - 000000068 _____ () C:\Users\efilr\AppData\Roaming\changzhi_leidian.data
2019-11-07 17:05 - 2020-08-28 17:18 - 000001456 _____ () C:\Users\efilr\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-05-03 18:27 - 2020-07-16 08:45 - 000005120 _____ () C:\Users\efilr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-11-03 04:00 - 2019-11-03 04:00 - 000000410 _____ () C:\Users\efilr\AppData\Local\oobelibMkey.log
2020-03-01 02:38 - 2020-08-06 14:24 - 000007615 _____ () C:\Users\efilr\AppData\Local\Resmon.ResmonCfg
2020-02-29 22:19 - 2020-02-29 22:19 - 000000003 _____ () C:\Users\efilr\AppData\Local\updater.log
2020-02-29 22:19 - 2020-02-29 22:19 - 000000424 _____ () C:\Users\efilr\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2020
Ran by efilr (01-09-2020 06:53:24)
Running from C:\Users\efilr\Downloads
Windows 10 Pro Version 1903 18362.1016 (X64) (2019-10-23 13:11:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2647366133-644958006-1508198402-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2647366133-644958006-1508198402-503 - Limited - Disabled)
efilr (S-1-5-21-2647366133-644958006-1508198402-1001 - Administrator - Enabled) => C:\Users\efilr
Guest (S-1-5-21-2647366133-644958006-1508198402-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2647366133-644958006-1508198402-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_1_3) (Version: 17.1.3 - Adobe Inc.)
Adobe Bridge 2020 (HKLM-x32\...\KBRG_10_1_1) (Version: 10.1.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.2.1.441 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_2_3) (Version: 24.2.3 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_3_2) (Version: 14.3.2 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_2_2) (Version: 21.2.2.289 - Adobe Inc.)
Affinity Designer (HKLM\...\{6F0DC7EB-161A-409C-9B26-3EB3FE9ED69D}) (Version: 1.8.3.641 - Serif (Europe) Ltd)
Affinity Photo (HKLM\...\{E0A227B9-8299-48C6-9FB2-71140FEF82B4}) (Version: 1.8.5.703 - Serif (Europe) Ltd)
BandLab Assistant 5.1.1 (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\{9b08bea4-021c-5f9d-a74e-ac0ceb51fb28}) (Version: 5.1.1 - BandLab)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 85.1.13.82 - Brave Software Inc)
Bulk Rename Utility 3.3.1.0 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 26.04.0.179 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.69 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Core Temp 1.15.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.15.1 - ALCPU)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Firefox Developer Edition 81.0 (x64 en-GB) (HKLM\...\Firefox Developer Edition 81.0 (x64 en-GB)) (Version: 81.0 - Mozilla)
FlashBack Express 5 (HKLM-x32\...\FlashBack Express 5) (Version: 5.45.0.4591 - Blueberry Software (UK) Ltd.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Laragon 4.0.16 (HKLM-x32\...\Laragon_is1) (Version: 4.0.16.190914 - leokhoa)
Lightshot-5.5.0.4 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.4 - Skillbrains)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
massCode 1.0.0-beta (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\{28d75001-1a84-5945-8afc-b4fb140bde60}) (Version: 1.0.0-beta - Anton Reshetov)
Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13029.20344 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.41 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft OneDrive (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.31.5.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{77DA107A-7AE4-497D-A84A-B143C3A21676}) (Version: 1.0.0 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.5 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Graphics Driver 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13029.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13029.20200 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Ozone 8 Advanced (HKLM-x32\...\Ozone 8) (Version: 8.02 - iZotope, Inc.)
PACE License Support Win64 (HKLM\...\{962626E7-CFC9-4dfe-87AB-6FD7FCAE5C4B}) (Version: 5.1.1.2937 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{962626E7-CFC9-4dfe-87AB-6FD7FCAE5C4B}) (Version: 5.1.1.2937 - PACE Anti-Piracy, Inc.)
ParseHub 54.0.1 (x86 en-US) (HKLM-x32\...\ParseHub 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
pCloud Drive (HKLM\...\{D45AF89C-A830-429D-92A0-371107A90540}) (Version: 3.9.0.0 - pCloud AG) Hidden
pCloud Drive (HKLM-x32\...\{9fd88b33-8528-42f4-a5c3-24d0ab725482}) (Version: 3.9.0.0 - pCloud AG)
Pinegrow Web Editor version 5.973 (HKLM-x32\...\Pinegrow Web Editor_is1) (Version: 5.973 - )
PlanetSide 2 (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PortraitPro Studio Max v15.7 (HKLM\...\PortraitProStudioMaxv15_is1) (Version: 15.7 - Anthropics Technology Ltd.)
Product Portal (HKLM-x32\...\Product Portal) (Version:  - iZotope, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Spotify) (Version: 1.1.37.690.g8f3b16fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TechSmith Capture (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\RelayRecorder) (Version: 1.1.1 - TechSmith Corporation)
Topaz Adjust AI (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\{db028400-29b7-4de9-9ef3-4c00a78235d0}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz DeNoise AI (HKLM\...\Topaz DeNoise AI 2.2.2) (Version: 2.2.7 - Topaz Labs LLC)
Topaz Gigapixel AI (HKLM\...\Topaz Gigapixel AI 4.5.0) (Version: 5.1.0 - Topaz Labs LLC)
Topaz JPEG to RAW AI (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\{5259f873-8f87-42b9-ab88-002a750667f3}) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Sharpen AI (HKLM\...\Topaz Sharpen AI 2.0.5) (Version: 2.1.0 - Topaz Labs LLC)
Tracktion 7 (HKLM\...\Tracktion 7) (Version: 7.2.1.0 - Tracktion Software Corp.)
UE3Redist (HKLM-x32\...\{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games) Hidden
UE3Redist (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE4 Prerequisites (x64) (HKLM\...\{98B19848-911F-4BA6-9B2B-CF18BC324F0C}) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{806e2721-1f69-4b94-ae05-faf2149ceafa}) (Version: 1.0.12.0 - Epic Games, Inc.) Hidden
UltraSearch V2.3.2 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.3.2 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 103.0 - Ubisoft)
Valhalla Hills 1.05.17 (HKLM-x32\...\{0CC7AEE2-1BD4-4AEF-AB93-A62CCAB7F769}_is1) (Version: 1.05.17 - Daedalic Entertainment GmbH)
Vivaldi (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\Vivaldi) (Version: 2.11.1811.49 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\WhatsApp) (Version: 2.2033.7 - WhatsApp)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-11] (Adobe Systems Incorporated)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.61.0_x64__xns73kv1ymhp2 [2020-07-24] (Audible Inc)
Enhancer for YouTube™ for Microsoft Edge™ -> C:\Program Files\WindowsApps\48376MaximeRF.EnhancerforYouTubeforMicrosoftEdge_2.0.101.0_neutral__f4efyycdr3qdm [2020-04-02] (Maxime RF)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-24] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-24] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2020-07-14] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-29] (Microsoft Corporation)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-02-29] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2647366133-644958006-1508198402-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A60EB858EB5A} -> [Creative Cloud Files] => C:\Users\efilr\Creative Cloud Files [2019-11-03 04:04]
CustomCLSID: HKU\S-1-5-21-2647366133-644958006-1508198402-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\efilr\AppData\Local\Vivaldi\Application\2.11.1811.49\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
CustomCLSID: HKU\S-1-5-21-2647366133-644958006-1508198402-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {02C7C390-0702-459B-9861-8260B90F1130} - C:\Windows\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {02C7C390-0702-459B-9861-8260B90F1130} - C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {02C7C390-0702-459B-9861-8260B90F1130} => C:\Windows\system32\cbfsconnectMntNtf2017.dll [2019-03-01] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {02C7C390-0702-459B-9861-8260B90F1130} => C:\Windows\SysWOW64\cbfsconnectMntNtf2017.dll [2019-03-01] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellIconOverlayIdentifiers: [    pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [    pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [    pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-10-27] (Notepad++ -> )
ContextMenuHandlers1: [BB FlashBack 2] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers1: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2019-10-17] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers1: [ContextMenuExtension] -> {a0b73fac-351f-3948-9d8a-1dad9d870193} => C:\Program Files\pCloud Drive\ContextMenuHandler.DLL [2019-09-26] (pCloud AG) [File not signed] [File is in use]
ContextMenuHandlers1: [QuickShare] -> {A8065B9E-193F-4797-B62D-8F6321E7FCCB} =>  -> No File
ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2019-10-17] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2019-10-17] (TGRMN Software -> Bulk Rename Utility)
ContextMenuHandlers4: [ContextMenuExtension] -> {a0b73fac-351f-3948-9d8a-1dad9d870193} => C:\Program Files\pCloud Drive\ContextMenuHandler.DLL [2019-09-26] (pCloud AG) [File not signed] [File is in use]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\efilr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
ShortcutWithArgument: C:\Users\efilr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Apps\Pinterest.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) ->  --profile-directory=Default --app-id=ocoplhflikmldemgaclpfiohheppbbgj
ShortcutWithArgument: C:\Users\efilr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e2f3576b7abb043d\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2020-06-30 16:45 - 2020-06-09 15:50 - 000281600 _____ () [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\libssh2.dll
2020-06-30 16:42 - 2018-03-20 15:09 - 000396288 _____ () [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\pcre.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000281600 _____ () [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\libssh2.dll
2019-10-07 18:15 - 2019-10-07 18:15 - 002365952 _____ () [File not signed] C:\Program Files\pCloud Drive\pSyncLib.dll
2020-06-30 16:42 - 2018-09-19 14:08 - 000194048 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\libapr-1.dll
2020-06-30 16:42 - 2018-09-19 14:08 - 000036352 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\libapriconv-1.dll
2020-06-30 16:42 - 2018-09-19 14:08 - 000276992 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\libaprutil-1.dll
2020-06-30 16:42 - 2018-09-19 14:08 - 000436224 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\libhttpd.dll
2020-06-30 16:42 - 2018-09-19 14:10 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_access_compat.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000014848 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_actions.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000020992 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_alias.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000012800 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_allowmethods.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000013312 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_asis.so
2020-06-30 16:42 - 2018-09-19 14:09 - 000017920 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_auth_basic.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000015872 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_authn_core.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000014336 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_authn_file.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000023552 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_authz_core.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_authz_groupfile.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000016896 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_authz_host.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000012800 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_authz_user.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000037888 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_autoindex.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000025600 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_cgi.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000015872 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_dir.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000013824 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_env.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000023040 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_headers.so
2020-06-30 16:42 - 2018-09-19 14:10 - 000048128 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_include.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000029696 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_isapi.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000031744 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_log_config.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000022528 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_mime.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000035840 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_negotiation.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000064000 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_rewrite.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000018432 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_setenvif.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000024576 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_socache_shmcb.so
2020-06-30 16:42 - 2018-09-19 14:11 - 000178688 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_ssl.so
2020-06-30 16:42 - 2018-09-19 14:09 - 000014848 _____ (Apache Software Foundation) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\modules\mod_version.so
2020-06-30 16:42 - 2018-09-09 08:45 - 000136192 _____ (hxxps://nghttp2.org/) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\nghttp2.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000206336 _____ (hxxps://nghttp2.org/) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\nghttp2.dll
2019-04-08 16:31 - 2019-04-08 16:31 - 000082944 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files\pCloud Drive\pthreadVC2.dll
2020-06-30 16:42 - 2010-08-02 21:10 - 000035840 _____ (Open Source Software community project) [File not signed] C:\laragon\bin\memcached\memcached-1.4.5\pthreadGC2.dll
2020-06-30 16:53 - 2020-06-09 15:50 - 028037632 _____ (The ICU Project) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\icudt66.dll
2020-06-30 16:53 - 2020-06-09 15:50 - 002632704 _____ (The ICU Project) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\icuin66.dll
2020-06-30 16:53 - 2020-06-09 15:50 - 000061440 _____ (The ICU Project) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\icuio66.dll
2020-06-30 16:53 - 2020-06-09 15:50 - 001894912 _____ (The ICU Project) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\icuuc66.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 028037632 _____ (The ICU Project) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\icudt66.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 002632704 _____ (The ICU Project) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\icuin66.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000061440 _____ (The ICU Project) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\icuio66.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 001894912 _____ (The ICU Project) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\icuuc66.dll
2020-06-30 16:42 - 2020-06-09 15:50 - 003439616 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\libcrypto-1_1-x64.dll
2020-06-30 16:42 - 2020-06-09 15:50 - 000682496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\libssl-1_1-x64.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 003439616 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\libcrypto-1_1-x64.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000682496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\libssl-1_1-x64.dll
2020-06-30 16:45 - 2020-06-09 15:50 - 009498624 _____ (The PHP Group) [File not signed] C:\laragon\bin\apache\httpd-2.4.35-win64-VC15\bin\php7ts.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000551936 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_curl.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000071680 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_exif.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 005708800 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_fileinfo.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 001691648 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_gd2.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000390656 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_intl.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 001436672 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_mbstring.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000110592 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_mysqli.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000125952 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_openssl.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000030720 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_pdo_mysql.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000288256 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\ext\php_xsl.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 000035840 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\php7apache2_4.dll
2020-06-09 15:50 - 2020-06-09 15:50 - 009498624 _____ (The PHP Group) [File not signed] C:\laragon\bin\php\php-7.4.7-Win32-vc15-x64\php7ts.dll
2017-10-23 19:28 - 2017-10-23 19:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files\pCloud Drive\OverlayIcon64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\PACE:A5B20508A5C61958 [217]
AlternateDataStreams: C:\Users\efilr\Downloads\Core-Temp-setup.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\efilr\AppData\Local\Temp:com.affinity.designer.2 [240]
AlternateDataStreams: C:\Users\efilr\AppData\Local\Temp:com.affinity.photo.1 [240]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-08-07 03:16 - 000001104 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1      autofax.test         #laragon magic!   
127.0.0.1      cleanup.test         #laragon magic!   
127.0.0.1      cloudy.test          #laragon magic!   
127.0.0.1      fungi.test           #laragon magic!   
127.0.0.1      playd.test           #laragon magic!   

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\efilr\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\eberhard-grossgasteiger-338314-unsplash.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: PaceLicenseDServices => 2
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_05617082612FF58FCAD5371C87F7647B"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "LDNews"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2647366133-644958006-1508198402-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F9720AA-F3BD-4E55-A8EA-3150A642ABCD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AED0ED2E-9826-4BF8-8CBA-B9FB08C37C3E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{4BAF8167-3C40-4A51-B85B-F44088080611}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F28C4906-2EA4-4151-ACA6-7B0DB43E365D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{989C3DD9-4DBA-4643-88EF-1715445A4BD2}] => (Allow) D:\SteamLibrary\steamapps\common\MOTHERGUNSHIP\TowerOfGuns2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7DA55C38-2B65-4BE5-B2BC-759E0D2374AB}] => (Allow) D:\SteamLibrary\steamapps\common\MOTHERGUNSHIP\TowerOfGuns2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{26715CF9-80E3-4E90-BC4B-F07524C61200}] => (Allow) C:\Program Files\pCloud Drive\pCloud.exe (pCloud AG -> pCloud AG)
FirewallRules: [{FB0F4B7A-E23B-4B9D-9F58-B3302FD6CD69}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FAAAF8DE-F8E9-468C-BACF-DF7AAF317A7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{941A9332-08B4-4EA1-A660-86037201F641}] => (Allow) D:\SteamLibrary\steamapps\common\Space Rangers HD A War Apart\Rangers.exe (СНК-Games) [File not signed]
FirewallRules: [{1D9F5B38-AF56-4A6A-8B4C-5807620A3119}] => (Allow) D:\SteamLibrary\steamapps\common\Space Rangers HD A War Apart\Rangers.exe (СНК-Games) [File not signed]
FirewallRules: [{B727250D-4913-4B80-AC06-03482B3E06E5}] => (Allow) D:\SteamLibrary\steamapps\common\TheDarkEye Cos\satinav.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [{8D05163D-A503-4F92-BA72-F45521E2C6BD}] => (Allow) D:\SteamLibrary\steamapps\common\TheDarkEye Cos\satinav.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [{62F649D3-55F2-43FF-A19B-519B8AFAA8E7}] => (Allow) D:\SteamLibrary\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [{A7240D3D-987A-4FC5-A9D5-045B6696B7DB}] => (Allow) D:\SteamLibrary\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [{D30201A5-26B8-43CE-B96D-813DAD032673}] => (Allow) D:\SteamLibrary\steamapps\common\Aven Colony\AvenColony.exe () [File not signed]
FirewallRules: [{FBD42359-63CF-49CB-BE54-45DFD2D4F6DF}] => (Allow) D:\SteamLibrary\steamapps\common\Aven Colony\AvenColony.exe () [File not signed]
FirewallRules: [{FF1A7B2A-0B2B-49B7-B81E-9FC354F4B53A}] => (Allow) D:\SteamLibrary\steamapps\common\Pathologic Classic HD\bin\Final\Game.exe () [File not signed]
FirewallRules: [{B337B490-20D7-430B-9A09-138ADF264D2C}] => (Allow) D:\SteamLibrary\steamapps\common\Pathologic Classic HD\bin\Final\Game.exe () [File not signed]
FirewallRules: [TCP Query User{2BB65BF7-E5DA-4D47-BC13-8763EA8ECF68}D:\steamlibrary\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{6BA7BB40-460A-4750-845A-E12EB8C528BE}D:\steamlibrary\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\aven colony\avencolony\binaries\win64\avencolony-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{2E9800B4-E604-48EC-80CA-551461157AA8}C:\users\efilr\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\efilr\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab)
FirewallRules: [UDP Query User{3D921DB1-788C-406A-AD1C-AB88C2A96AC1}C:\users\efilr\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\efilr\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab)
FirewallRules: [{E86C49AB-E1B5-470E-B5DD-A85775465E9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{67A6F8FD-958A-4190-8DDC-3B62F5C1ED79}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{70FEC597-A530-409D-8723-6913E751CA01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{40BC183E-6D65-426D-9E06-9256E92500A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B6D63CC8-91A6-4CE0-AA66-234C4F859899}] => (Allow) D:\Humble Games\Valhalla Hills\ValhallaHills.exe () [File not signed]
FirewallRules: [{66F95F74-296D-4BED-9AE2-296CB2EDF3EA}] => (Allow) D:\Humble Games\Valhalla Hills\ValhallaHills.exe () [File not signed]
FirewallRules: [TCP Query User{BF32FAE8-0FA1-4E94-8D44-81B3E428D822}D:\humble games\valhalla hills\valhallahills\binaries\win32\valhallahills-win32-shipping.exe] => (Allow) D:\humble games\valhalla hills\valhallahills\binaries\win32\valhallahills-win32-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{C66DC77F-6B9E-4B67-ACAF-2705991C480A}D:\humble games\valhalla hills\valhallahills\binaries\win32\valhallahills-win32-shipping.exe] => (Allow) D:\humble games\valhalla hills\valhallahills\binaries\win32\valhallahills-win32-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{D5BA4F0D-233E-4613-88CD-6B39F53ABA3A}] => (Block) D:\humble games\valhalla hills\valhallahills\binaries\win32\valhallahills-win32-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C1240546-8101-4B6E-A4FB-5070FBB114D4}] => (Block) D:\humble games\valhalla hills\valhallahills\binaries\win32\valhallahills-win32-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{1A3E57E0-5AF3-40F2-98B9-D30DE9263AD5}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe () [File not signed]
FirewallRules: [{E454F644-933A-4EBE-AECC-0EAA2414CBD8}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe () [File not signed]
FirewallRules: [{B4BB4584-6B2A-45FA-8B98-512615B58BD5}] => (Allow) D:\SteamLibrary\steamapps\common\TPH\TPH.exe () [File not signed]
FirewallRules: [{45D28C82-F0C4-4299-A5BA-CAA7F1D61F9A}] => (Allow) D:\SteamLibrary\steamapps\common\TPH\TPH.exe () [File not signed]
FirewallRules: [{3DBE10D6-F425-43D6-8754-9DF416F1F6E0}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe () [File not signed]
FirewallRules: [{1BC760FD-AF5C-4A5F-AE79-EAE5CE6F90E1}] => (Allow) D:\SteamLibrary\steamapps\common\Besiege\Besiege.exe () [File not signed]
FirewallRules: [{E7FDAB4C-C329-4DEE-BAC9-3386FA1F8DB2}] => (Allow) D:\SteamLibrary\steamapps\common\Project Warlock\pw_x64.exe () [File not signed]
FirewallRules: [{38836805-9C0C-45DC-ACE0-6D2CBB1FC1A1}] => (Allow) D:\SteamLibrary\steamapps\common\Project Warlock\pw_x64.exe () [File not signed]
FirewallRules: [{95A72D39-15ED-40C8-9BFC-2B0CCB084E18}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{8858321E-FA06-4401-B08E-684411078BAB}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe () [File not signed]
FirewallRules: [{18F08C2A-A428-45B2-966E-21DA87455217}] => (Allow) D:\SteamLibrary\steamapps\common\My Memory of US\mmou.exe () [File not signed]
FirewallRules: [{90D71FA8-25FD-4250-9C4B-50526EE9C4EB}] => (Allow) D:\SteamLibrary\steamapps\common\My Memory of US\mmou.exe () [File not signed]
FirewallRules: [{5950C6DD-E241-422D-8983-006DD73565E9}] => (Allow) D:\SteamLibrary\steamapps\common\The Deed\Game.exe () [File not signed]
FirewallRules: [{3F091110-868B-447E-8C2B-14D5FECDD216}] => (Allow) D:\SteamLibrary\steamapps\common\The Deed\Game.exe () [File not signed]
FirewallRules: [{81860D07-21DA-41A9-A2EF-F5AB2C124BB2}] => (Allow) D:\SteamLibrary\steamapps\common\Return 2 Games\r2g_launcher.exe (Thing Trunk) [File not signed]
FirewallRules: [{3CDA461F-F791-440F-AEEC-1C6418255167}] => (Allow) D:\SteamLibrary\steamapps\common\Return 2 Games\r2g_launcher.exe (Thing Trunk) [File not signed]
FirewallRules: [{014D13E8-3FDF-4127-AEA2-01FE152CD49E}] => (Allow) D:\SteamLibrary\steamapps\common\Eliza\Eliza.exe () [File not signed]
FirewallRules: [{C5719A1B-5ABF-44A1-BF99-9821A2DCCC5E}] => (Allow) D:\SteamLibrary\steamapps\common\Eliza\Eliza.exe () [File not signed]
FirewallRules: [{9DE62ED5-4081-470F-9E3D-BED545BA28B3}] => (Allow) D:\SteamLibrary\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [{AB7EF6E2-2571-4A8A-9C90-191AFBA60384}] => (Allow) D:\SteamLibrary\steamapps\common\Graveyard Keeper\Graveyard Keeper.exe () [File not signed]
FirewallRules: [{7FB4ED51-DA5E-4D34-952D-A3D3905A14AE}] => (Allow) D:\SteamLibrary\steamapps\common\Whispers of a Machine\Whispers.exe (Clifftop & Faravid) [File not signed]
FirewallRules: [{8057AB18-1FCA-4A3F-9B64-5FAD694FC5A8}] => (Allow) D:\SteamLibrary\steamapps\common\Whispers of a Machine\Whispers.exe (Clifftop & Faravid) [File not signed]
FirewallRules: [{8CC38E8C-428C-4C73-9EA1-A99668DD7177}] => (Allow) D:\SteamLibrary\steamapps\common\Mages of Mystralia\Build.exe () [File not signed]
FirewallRules: [{C74D0CA3-8999-4E85-BF88-EC479420E51D}] => (Allow) D:\SteamLibrary\steamapps\common\Mages of Mystralia\Build.exe () [File not signed]
FirewallRules: [{5BF9B160-7599-4930-A0CD-8D53B1B37A93}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil 0\re0hd.exe (CAPCOM) [File not signed]
FirewallRules: [{CEC53159-AF0C-4C48-8743-D782261462A8}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil 0\re0hd.exe (CAPCOM) [File not signed]
FirewallRules: [{2225DC3A-E8B2-4C68-8CA4-BDFAA82A7589}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe () [File not signed]
FirewallRules: [{912C56B2-E58E-42C9-8A46-61EFBAA9D8D4}] => (Allow) D:\SteamLibrary\steamapps\common\Resident Evil Biohazard HD REMASTER\bhd.exe () [File not signed]
FirewallRules: [{277F3FD9-3B9F-48CB-B5D1-66AA0902F325}] => (Allow) D:\SteamLibrary\steamapps\common\A Short Hike\AShortHike.exe () [File not signed]
FirewallRules: [{F4AA2DE7-93F9-4AC5-B91C-40BCB6E67154}] => (Allow) D:\SteamLibrary\steamapps\common\A Short Hike\AShortHike.exe () [File not signed]
FirewallRules: [{CEECA6D3-A4EE-402C-9BA8-C7129034BA28}] => (Allow) D:\SteamLibrary\steamapps\common\Regions Of Ruin\Regions of Ruin.exe () [File not signed]
FirewallRules: [{4F88FF71-A8F6-400F-8374-C62C29C2196C}] => (Allow) D:\SteamLibrary\steamapps\common\Regions Of Ruin\Regions of Ruin.exe () [File not signed]
FirewallRules: [{86B98D50-233C-45CD-924D-6C5095E748A3}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Pirates!\Pirates!.exe (Firaxis Games) [File not signed]
FirewallRules: [{4E3A4938-4799-4B44-96B3-328A1B9D65B4}] => (Allow) D:\SteamLibrary\steamapps\common\Sid Meier's Pirates!\Pirates!.exe (Firaxis Games) [File not signed]
FirewallRules: [{05C5B41A-736C-440E-A55F-AFFE829F450F}] => (Allow) D:\SteamLibrary\steamapps\common\Blasphemous\Blasphemous.exe () [File not signed]
FirewallRules: [{60B924BC-2292-42CE-B1A3-5DDFF84BD338}] => (Allow) D:\SteamLibrary\steamapps\common\Blasphemous\Blasphemous.exe () [File not signed]
FirewallRules: [{AE2EABD6-CB03-40C6-BF32-D55DE060ACF2}] => (Allow) D:\SteamLibrary\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{33D5A545-62AA-4B50-87BD-159AC83A98BA}] => (Allow) D:\SteamLibrary\steamapps\common\SlayTheSpire\SlayTheSpire.exe () [File not signed]
FirewallRules: [{7D144883-C1E7-492F-B82E-D0DD4B86C8D6}] => (Allow) D:\SteamLibrary\steamapps\common\Arida Backland's Awakening\Arida.exe () [File not signed]
FirewallRules: [{4530685C-2CA7-4A4C-A7FB-4E599D3D3A74}] => (Allow) D:\SteamLibrary\steamapps\common\Arida Backland's Awakening\Arida.exe () [File not signed]
FirewallRules: [{8D03BD76-13B1-44CB-91DA-048363CD7731}] => (Allow) D:\SteamLibrary\steamapps\common\GodsTrigger\GodsTrigger.exe () [File not signed]
FirewallRules: [{AE131B64-77BB-4949-BEA0-BAC981DAF9E2}] => (Allow) D:\SteamLibrary\steamapps\common\GodsTrigger\GodsTrigger.exe () [File not signed]
FirewallRules: [{76513376-6D68-4E0A-8F79-CED4BC8A0D27}] => (Allow) D:\SteamLibrary\steamapps\common\Turok\sobek.exe () [File not signed]
FirewallRules: [{93415485-7356-4829-BF20-BD300387A033}] => (Allow) D:\SteamLibrary\steamapps\common\Turok\sobek.exe () [File not signed]
FirewallRules: [{E42C6A3A-DF21-4D3B-8302-67C45AECE81B}] => (Allow) D:\SteamLibrary\steamapps\common\Turok\editor.exe () [File not signed]
FirewallRules: [{5DAE701C-D657-4EB8-A072-7BC5484B01E4}] => (Allow) D:\SteamLibrary\steamapps\common\Turok\editor.exe () [File not signed]
FirewallRules: [{CDA7B29B-FD23-4987-843A-945EC7F960FD}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe () [File not signed]
FirewallRules: [{51A629FE-68AE-4043-9DA6-3A1F9EB41004}] => (Allow) D:\SteamLibrary\steamapps\common\Fell Seal\Fell Seal.exe () [File not signed]
FirewallRules: [{0E9CD01D-76B1-445C-87F1-5C4E40DB5B79}] => (Allow) D:\SteamLibrary\steamapps\common\Battle Chasers Nightwar\BC.exe () [File not signed]
FirewallRules: [{CC72657F-48DE-47D1-ABDC-B322A2819565}] => (Allow) D:\SteamLibrary\steamapps\common\Battle Chasers Nightwar\BC.exe () [File not signed]
FirewallRules: [{39E561CD-8A33-4BBB-BF25-03FF656A3AED}] => (Allow) D:\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe (CD Projekt RED) [File not signed]
FirewallRules: [{03155CA8-BCE2-4D98-822C-0DE4AAB58702}] => (Allow) D:\SteamLibrary\steamapps\common\the witcher 2\Launcher.exe (CD Projekt RED) [File not signed]
FirewallRules: [{A7A258B1-12C5-4B25-B16A-C988F8084AC8}] => (Allow) D:\SteamLibrary\steamapps\common\Earth 2160\Earth2160_START.exe (Reality Pump) [File not signed]
FirewallRules: [{1C03762E-DB09-4F16-8E96-C7C2473680E7}] => (Allow) D:\SteamLibrary\steamapps\common\Earth 2160\Earth2160_START.exe (Reality Pump) [File not signed]
FirewallRules: [{3DBB62C4-0D01-4875-84EE-A3665D0F292D}] => (Allow) D:\SteamLibrary\steamapps\common\Earth 2160\Earth2160Editor_START.exe (Reality Pump) [File not signed]
FirewallRules: [{ECAD220E-232F-4866-AEC5-DC345AA6CDA0}] => (Allow) D:\SteamLibrary\steamapps\common\Earth 2160\Earth2160Editor_START.exe (Reality Pump) [File not signed]
FirewallRules: [{0F7137C8-70CC-44C1-BD25-0B668D3CDBBA}] => (Allow) D:\SteamLibrary\steamapps\common\Niffelheim\Niffelheim.exe () [File not signed]
FirewallRules: [{961801CE-730F-41E5-A650-26AFCB83EFA9}] => (Allow) D:\SteamLibrary\steamapps\common\Niffelheim\Niffelheim.exe () [File not signed]
FirewallRules: [{6358CFD1-B66E-4DE7-B5EA-A15F722A5114}] => (Allow) D:\SteamLibrary\steamapps\common\State of Mind\StateOfMind.exe () [File not signed]
FirewallRules: [{20A6556E-3F17-4AFA-8DEF-68A49DD4D7A9}] => (Allow) D:\SteamLibrary\steamapps\common\State of Mind\StateOfMind.exe () [File not signed]
FirewallRules: [{2B1FCCA1-41AE-486B-ADFF-EFAF3BE4AE06}] => (Allow) D:\SteamLibrary\steamapps\common\Bridge Constructor Medieval\BridgeConstructorMedieval.exe () [File not signed]
FirewallRules: [{ECF77577-3D47-46AB-B4BA-B43FA658035C}] => (Allow) D:\SteamLibrary\steamapps\common\Bridge Constructor Medieval\BridgeConstructorMedieval.exe () [File not signed]
FirewallRules: [{179A861E-F329-4A6D-8701-C927C1A1B735}] => (Allow) D:\SteamLibrary\steamapps\common\Legend of Grimrock\grimrock.exe () [File not signed]
FirewallRules: [{0A44EA2A-3DEF-4FB8-A861-0BD923267140}] => (Allow) D:\SteamLibrary\steamapps\common\Legend of Grimrock\grimrock.exe () [File not signed]
FirewallRules: [{D0E9542F-8740-4A1C-AFA8-90DC8FBC996C}] => (Allow) D:\SteamLibrary\steamapps\common\WormsXHD\Launcher.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [{1B239EC4-4995-4157-B5F8-B6891B7574E4}] => (Allow) D:\SteamLibrary\steamapps\common\WormsXHD\Launcher.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [{AE0D69FE-50C3-481D-A2F2-EC2DAF95AC46}] => (Allow) D:\SteamLibrary\steamapps\common\Alien Breed 2 Assault\Binaries\AlienBreed2Assault.exe () [File not signed]
FirewallRules: [{E00A8793-6993-4655-A2A2-3A03DC1FAC60}] => (Allow) D:\SteamLibrary\steamapps\common\Alien Breed 2 Assault\Binaries\AlienBreed2Assault.exe () [File not signed]
FirewallRules: [{2B055912-9644-4811-89B4-AF0293769FE9}] => (Allow) D:\SteamLibrary\steamapps\common\Deponia The Complete Journey\deponia.exe (Daedalic Entertainment GmbH) [File not signed]
FirewallRules: [{05C8B95D-74E9-4985-BB68-D578A915B285}] => (Allow) D:\SteamLibrary\steamapps\common\Deponia The Complete Journey\deponia.exe (Daedalic Entertainment GmbH) [File not signed]
FirewallRules: [{7FD7BDF1-FD76-4F0C-9B99-17DAA2A582D5}] => (Allow) D:\SteamLibrary\steamapps\common\Deponia The Complete Journey\VisionaireConfigurationTool.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [{75584431-2E32-4849-84DE-6DED45525AEC}] => (Allow) D:\SteamLibrary\steamapps\common\Deponia The Complete Journey\VisionaireConfigurationTool.exe (Daedalic Entertainment) [File not signed]
FirewallRules: [TCP Query User{9E3614F5-1813-44E0-8A22-3D5FB5652B1B}D:\steamlibrary\steamapps\common\state of mind\stateofmind\binaries\win64\stateofmind-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\state of mind\stateofmind\binaries\win64\stateofmind-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{B4FD00A7-4135-43D0-9831-436D23402A5E}D:\steamlibrary\steamapps\common\state of mind\stateofmind\binaries\win64\stateofmind-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\state of mind\stateofmind\binaries\win64\stateofmind-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{AA028E58-31A3-4578-847D-8295A200142C}] => (Allow) D:\SteamLibrary\steamapps\common\RESIDENT EVIL REVELATIONS\rerev.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{368E8E94-5A3D-4D83-981A-50B443377E26}] => (Allow) D:\SteamLibrary\steamapps\common\RESIDENT EVIL REVELATIONS\rerev.exe (CAPCOM CO., LTD. -> )
FirewallRules: [{B32A22D6-1621-4867-8FFA-02650171548B}] => (Allow) D:\SteamLibrary\steamapps\common\Port Royale 3\PortRoyale3.exe (Gaming Minds Studios GmbH) [File not signed]
FirewallRules: [{F14128A6-9118-40F2-8E39-089DADD68508}] => (Allow) D:\SteamLibrary\steamapps\common\Port Royale 3\PortRoyale3.exe (Gaming Minds Studios GmbH) [File not signed]
FirewallRules: [{62651262-8780-4B9F-AC2F-B9E2EB72BE1E}] => (Allow) C:\Users\efilr\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{A5DD080F-F9AD-4BA0-B73E-7F38005FA5A2}] => (Allow) D:\SteamLibrary\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe (Valve Corp. -> Day 1 Studios, LLC) [File not signed]
FirewallRules: [{B77860C6-752E-40BB-A8CF-41508689630E}] => (Allow) D:\SteamLibrary\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe (Valve Corp. -> Day 1 Studios, LLC) [File not signed]
FirewallRules: [{EB2F27D3-D85D-4AED-8AC0-797DAAE0A58A}] => (Allow) D:\SteamLibrary\steamapps\common\FEAR2\FEAR2.exe (Monolith Productions, Inc. -> Monolith Productions, Inc.)
FirewallRules: [{30BAF60A-EBC3-43C7-8A12-E4BE9346B0DA}] => (Allow) D:\SteamLibrary\steamapps\common\FEAR2\FEAR2.exe (Monolith Productions, Inc. -> Monolith Productions, Inc.)
FirewallRules: [{CB949AE1-0F7D-4B21-AAB5-7589AD405DDC}] => (Allow) D:\SteamLibrary\steamapps\common\Capitalism 2\Cap2.exe (Enlight Software Limited -> ) [File not signed]
FirewallRules: [{E60950E2-56FB-4E65-ACB1-8F5F2CB7DEA0}] => (Allow) D:\SteamLibrary\steamapps\common\Capitalism 2\Cap2.exe (Enlight Software Limited -> ) [File not signed]
FirewallRules: [{BC27DB11-E225-444E-8A9A-1E61E6D59B30}] => (Allow) D:\SteamLibrary\steamapps\common\This Is the Police 2\Police2.exe () [File not signed]
FirewallRules: [{141A1CD8-4C87-4271-A4E6-DA1334C6580A}] => (Allow) D:\SteamLibrary\steamapps\common\This Is the Police 2\Police2.exe () [File not signed]
FirewallRules: [{5E59EB3F-F5E5-4F39-B292-C24D1E33C77A}] => (Allow) D:\SteamLibrary\steamapps\common\WormsGolf2010\WormsCrazyGolf.exe (Team17 Software Ltd.) [File not signed]
FirewallRules: [{24C2BE89-9511-4E27-BBB6-B222BDA896B8}] => (Allow) D:\SteamLibrary\steamapps\common\WormsGolf2010\WormsCrazyGolf.exe (Team17 Software Ltd.) [File not signed]
FirewallRules: [{F732BF64-968D-4BFA-9809-8B917C8525FA}] => (Allow) D:\SteamLibrary\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe () [File not signed]
FirewallRules: [{0B4B0B59-6957-40F2-A428-DA19454FE9E4}] => (Allow) D:\SteamLibrary\steamapps\common\Sniper Elite 3\Launcher\Sniper3Launcher.exe () [File not signed]
FirewallRules: [TCP Query User{C8C6C4BE-9302-4521-838C-422BA26FA848}D:\steamlibrary\steamapps\common\sniper elite 3\bin\sniperelite3.exe] => (Allow) D:\steamlibrary\steamapps\common\sniper elite 3\bin\sniperelite3.exe () [File not signed]
FirewallRules: [UDP Query User{43AF7905-3DE8-41FA-98D0-4074D640C7D5}D:\steamlibrary\steamapps\common\sniper elite 3\bin\sniperelite3.exe] => (Allow) D:\steamlibrary\steamapps\common\sniper elite 3\bin\sniperelite3.exe () [File not signed]
FirewallRules: [{D93055A8-AB32-4805-B553-D311432F1797}] => (Block) D:\steamlibrary\steamapps\common\sniper elite 3\bin\sniperelite3.exe () [File not signed]
FirewallRules: [{783B489F-2E02-4F3E-BD8C-BC66D4CE1C7F}] => (Block) D:\steamlibrary\steamapps\common\sniper elite 3\bin\sniperelite3.exe () [File not signed]
FirewallRules: [{D7B66F8A-5E62-41F5-962F-1EB855A72CE2}] => (Allow) D:\SteamLibrary\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe (CryoFall Client) [File not signed]
FirewallRules: [{787251B3-1AD6-4DAF-AB92-58EAE4E02708}] => (Allow) D:\SteamLibrary\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe (CryoFall Client) [File not signed]
FirewallRules: [{62A53E5B-5AF3-4815-B42F-2FE662EC5EDF}] => (Allow) D:\SteamLibrary\steamapps\common\ChromaSquad\chromasquad.exe () [File not signed]
FirewallRules: [{8ECA94AA-79F7-4FFF-BC45-67832889B01D}] => (Allow) D:\SteamLibrary\steamapps\common\ChromaSquad\chromasquad.exe () [File not signed]
FirewallRules: [{5CD75BB0-C890-492A-B536-CF8B88A6F42E}] => (Allow) D:\SteamLibrary\steamapps\common\Snake Pass\SnakePass.exe () [File not signed]
FirewallRules: [{D5DA93E3-C1FF-448A-9511-72D690C3E0DF}] => (Allow) D:\SteamLibrary\steamapps\common\Snake Pass\SnakePass.exe () [File not signed]
FirewallRules: [TCP Query User{29C8E076-C931-49FE-A91B-34698156ABB3}D:\steamlibrary\steamapps\common\snake pass\snakesimulator\binaries\win64\snakepass-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\snake pass\snakesimulator\binaries\win64\snakepass-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{8B57DCC2-A6D4-4C0A-A478-28FE185B2901}D:\steamlibrary\steamapps\common\snake pass\snakesimulator\binaries\win64\snakepass-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\snake pass\snakesimulator\binaries\win64\snakepass-win64-shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{B7CF041B-121F-41F5-95B2-0963A9A01C49}] => (Allow) D:\SteamLibrary\steamapps\common\Etherborn\Etherborn\Etherborn.exe () [File not signed]
FirewallRules: [{2F979488-D9DD-4A84-8389-6B01AA7AECD1}] => (Allow) D:\SteamLibrary\steamapps\common\Etherborn\Etherborn\Etherborn.exe () [File not signed]
FirewallRules: [{11ACF1B3-A9BE-4103-A316-A2436D9CE37E}] => (Allow) D:\SteamLibrary\steamapps\common\The Stillness of the Wind\StillnessWin.exe () [File not signed]
FirewallRules: [{314716F9-B5A3-4780-BC3E-87F0D5D99B5B}] => (Allow) D:\SteamLibrary\steamapps\common\The Stillness of the Wind\StillnessWin.exe () [File not signed]
FirewallRules: [{B7373AF7-AE06-4269-8EB6-211230C441E2}] => (Allow) D:\SteamLibrary\steamapps\common\Stygian Reign of the Old Ones\STYGIAN.exe () [File not signed]
FirewallRules: [{D88883D1-07EC-4F0F-81AD-87B5E0BBD6B4}] => (Allow) D:\SteamLibrary\steamapps\common\Stygian Reign of the Old Ones\STYGIAN.exe () [File not signed]
FirewallRules: [TCP Query User{765443B5-272D-42F9-ADC0-149C212E9508}C:\users\efilr\downloads\when_ski_lifts_go_wrong__windows_\when ski lifts go wrong\when ski lifts go wrong.exe] => (Allow) C:\users\efilr\downloads\when_ski_lifts_go_wrong__windows_\when ski lifts go wrong\when ski lifts go wrong.exe () [File not signed]
FirewallRules: [UDP Query User{7A6383C4-A4AB-4E2A-98C8-35B4CF52DF5F}C:\users\efilr\downloads\when_ski_lifts_go_wrong__windows_\when ski lifts go wrong\when ski lifts go wrong.exe] => (Allow) C:\users\efilr\downloads\when_ski_lifts_go_wrong__windows_\when ski lifts go wrong\when ski lifts go wrong.exe () [File not signed]
FirewallRules: [TCP Query User{1B98141B-F630-4007-8CCF-C7A40D8B9EF2}C:\laragon\bin\apache\httpd-2.4.35-win64-vc15\bin\httpd.exe] => (Allow) C:\laragon\bin\apache\httpd-2.4.35-win64-vc15\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{12AC4543-C334-4E1F-B576-B70F079731E7}C:\laragon\bin\apache\httpd-2.4.35-win64-vc15\bin\httpd.exe] => (Allow) C:\laragon\bin\apache\httpd-2.4.35-win64-vc15\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{689BB273-AC7B-4C65-9F29-92BCA4237027}C:\laragon\bin\mysql\mysql-5.7.24-winx64\bin\mysqld.exe] => (Allow) C:\laragon\bin\mysql\mysql-5.7.24-winx64\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{817E0C8C-B28E-41B8-B005-9E60E51D3389}C:\laragon\bin\mysql\mysql-5.7.24-winx64\bin\mysqld.exe] => (Allow) C:\laragon\bin\mysql\mysql-5.7.24-winx64\bin\mysqld.exe () [File not signed]
FirewallRules: [{C46D0F86-C3A9-4118-8636-AB8C11D9175B}] => (Allow) C:\Program Files (x86)\ParseHub\parsehub.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{F4451655-8770-4683-8DE5-5DA3D428B59C}] => (Allow) C:\Program Files (x86)\ParseHub\parsehub.exe (Mozilla Corporation) [File not signed]
FirewallRules: [{8CBC4048-EB49-4F6B-A8AF-77DAD7D6BC01}] => (Allow) D:\SteamLibrary\steamapps\common\SEUM Speedrunners from Hell\Seum.exe () [File not signed]
FirewallRules: [{E8DE9249-2424-48C3-B3C8-64651DD92921}] => (Allow) D:\SteamLibrary\steamapps\common\SEUM Speedrunners from Hell\Seum.exe () [File not signed]
FirewallRules: [{880316BD-0A87-4368-91EA-1A01D76DA581}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9A1F0E0A-C4FF-45C9-B860-7A911B10CEFB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EBF4C06D-48AF-48F8-B64E-B41425000658}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{075C9FFC-212D-4830-9824-AA73B6A390C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A4467053-2FFB-459E-837F-1E7321F74DB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BE6A6F34-572F-417D-A6D4-CDE4230C3FC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AE9B01B5-BC0C-43F0-8581-6DCF2D635F39}] => (Allow) D:\SteamLibrary\steamapps\common\Tomb Raider Anniversary\tra.exe (Eidos Inc.) [File not signed]
FirewallRules: [{300104FE-C509-44BB-AB03-B36924148E15}] => (Allow) D:\SteamLibrary\steamapps\common\Tomb Raider Anniversary\tra.exe (Eidos Inc.) [File not signed]
FirewallRules: [{AFA98DD3-74F9-4D8E-9727-445B6A2120B3}] => (Allow) D:\SteamLibrary\steamapps\common\SMLaunch\SteamLauncher.exe () [File not signed]
FirewallRules: [{FA8F7195-70E7-4857-AB7A-E87CD52B27D8}] => (Allow) D:\SteamLibrary\steamapps\common\SMLaunch\SteamLauncher.exe () [File not signed]
FirewallRules: [TCP Query User{49C01DB7-6E71-4202-A215-68C6B654D5A0}C:\laragon\bin\memcached\memcached-1.4.5\memcached.exe] => (Allow) C:\laragon\bin\memcached\memcached-1.4.5\memcached.exe () [File not signed]
FirewallRules: [UDP Query User{D8776B94-A81A-44BB-8F6B-091801A87391}C:\laragon\bin\memcached\memcached-1.4.5\memcached.exe] => (Allow) C:\laragon\bin\memcached\memcached-1.4.5\memcached.exe () [File not signed]
FirewallRules: [TCP Query User{2114037C-936A-4106-9B33-921CDA750247}C:\laragon\bin\nginx\nginx-1.16.0\nginx.exe] => (Allow) C:\laragon\bin\nginx\nginx-1.16.0\nginx.exe () [File not signed]
FirewallRules: [UDP Query User{16BA7D2C-7CBF-4070-B072-1CA46814B65E}C:\laragon\bin\nginx\nginx-1.16.0\nginx.exe] => (Allow) C:\laragon\bin\nginx\nginx-1.16.0\nginx.exe () [File not signed]
FirewallRules: [TCP Query User{D7FC8A4E-ED06-45A5-9DDD-5DC77554011E}C:\users\efilr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\efilr\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A1753398-0274-4574-AC8A-3D69CD7B6A06}C:\users\efilr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\efilr\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FF03D81C-97B8-42F3-8306-D4F1E1048DDA}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{B6E79EBA-0E6E-42B6-91A8-4B0FB1B8FF89}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [TCP Query User{219F9B5A-37FE-4911-8E83-BEDCEB0C6813}C:\program files (x86)\pinegrow web editor\pinegrow.exe] => (Allow) C:\program files (x86)\pinegrow web editor\pinegrow.exe (Pinegrow Pte. Ltd. -> The NW.js Community)
FirewallRules: [UDP Query User{84525FB7-85C0-4609-8010-A8E3BE055C3D}C:\program files (x86)\pinegrow web editor\pinegrow.exe] => (Allow) C:\program files (x86)\pinegrow web editor\pinegrow.exe (Pinegrow Pte. Ltd. -> The NW.js Community)
FirewallRules: [{6D5DEA4B-D1D3-4955-A15B-AD9C5BCAE338}] => (Allow) D:\SteamLibrary\steamapps\common\Overload\Overload.exe () [File not signed]
FirewallRules: [{859C2C7C-D247-4CE6-9EFF-444CDC8CE64F}] => (Allow) D:\SteamLibrary\steamapps\common\Overload\Overload.exe () [File not signed]
FirewallRules: [{7A3F8A6B-1187-429C-9D3C-43A4111BAF16}] => (Allow) D:\SteamLibrary\steamapps\common\Darkwood\Darkwood.exe () [File not signed]
FirewallRules: [{C3DC9721-E199-4E4D-B204-0AD6DE92382F}] => (Allow) D:\SteamLibrary\steamapps\common\Darkwood\Darkwood.exe () [File not signed]
FirewallRules: [TCP Query User{F99169B6-7108-4915-9903-D0BB969F067F}D:\steamlibrary\steamapps\common\mothergunship\towerofguns2\binaries\win64\towerofguns2-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\mothergunship\towerofguns2\binaries\win64\towerofguns2-win64-shipping.exe (Terrible Posture Games and Grip Digital) [File not signed]
FirewallRules: [UDP Query User{7052B0CC-0EF8-4685-9AF3-9E705A1F6BBE}D:\steamlibrary\steamapps\common\mothergunship\towerofguns2\binaries\win64\towerofguns2-win64-shipping.exe] => (Allow) D:\steamlibrary\steamapps\common\mothergunship\towerofguns2\binaries\win64\towerofguns2-win64-shipping.exe (Terrible Posture Games and Grip Digital) [File not signed]
FirewallRules: [{795DAAB8-DB1F-4DAC-95AE-262C928AC02B}] => (Allow) D:\SteamLibrary\steamapps\common\The Swords of Ditto\The_Swords_of_Ditto.exe (onebitbeyond Ltd) [File not signed]
FirewallRules: [{DF0D16B1-893E-46CC-B7FA-503F5890A33D}] => (Allow) D:\SteamLibrary\steamapps\common\The Swords of Ditto\The_Swords_of_Ditto.exe (onebitbeyond Ltd) [File not signed]
FirewallRules: [{AEF44E60-099F-480B-9F04-FF1585BEBD26}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B1ED289A-B4B3-459F-B100-618063D505A5}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{80AB053A-5108-4DDB-BBE6-6DAC52A55A7A}] => (Allow) D:\SteamLibrary\steamapps\common\Boundless\boundless.exe (Turbulenz Limited) [File not signed]
FirewallRules: [{E218AF3F-1184-4B61-BB63-8F153FC4B308}] => (Allow) D:\SteamLibrary\steamapps\common\Boundless\boundless.exe (Turbulenz Limited) [File not signed]
FirewallRules: [{3962056B-6E13-4DEF-A5D5-0E1559D8F6F7}] => (Allow) D:\SteamLibrary\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe (NeoCore Games) [File not signed]
FirewallRules: [{C86EB152-3C8F-4495-8B69-CDB69B6EB335}] => (Allow) D:\SteamLibrary\steamapps\common\The Incredible Adventures of Van Helsing\VanHelsing.exe (NeoCore Games) [File not signed]
FirewallRules: [{1F3B8B13-1BC1-41D5-A189-5AB45E5A3BDE}] => (Allow) D:\SteamLibrary\steamapps\common\Resonance\Resonance.exe () [File not signed]
FirewallRules: [{2F16C0F3-6B9E-47E3-90C7-A96F1E323D10}] => (Allow) D:\SteamLibrary\steamapps\common\Resonance\Resonance.exe () [File not signed]
FirewallRules: [{DBF7ECFD-27ED-4200-8432-F11342FDE6D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6E1D44E2-0A9F-4D65-9559-0030C71F4484}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5CF9BE7F-BEE7-4A4F-BA73-A109872BD215}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{30AFD58B-E1CC-44FE-A4B0-70C0992CF7A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{360D3213-9C1B-4ACF-BEC2-F5D73CD6F56F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B240329-1511-43C4-B17C-839D6200BA7B}] => (Allow) D:\SteamLibrary\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe (CryoFall Client) [File not signed]
FirewallRules: [{F09D1361-89BB-418B-BA86-B8DD70659886}] => (Allow) D:\SteamLibrary\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe (CryoFall Client) [File not signed]
FirewallRules: [{41E27DE4-A7B2-4B84-9563-B6604D4C6480}] => (Allow) D:\SteamLibrary\steamapps\common\DontEscape\dontescape.exe () [File not signed]
FirewallRules: [{2B25788C-C21C-4AA1-B360-EA33418221E4}] => (Allow) D:\SteamLibrary\steamapps\common\DontEscape\dontescape.exe () [File not signed]
FirewallRules: [{8962A795-D38F-4544-8756-833AB7BC53C8}] => (Allow) D:\SteamLibrary\steamapps\common\Train Valley 2\TrainValley2.exe () [File not signed]
FirewallRules: [{485EE9EF-1B14-45AA-A73C-0FA2271D181D}] => (Allow) D:\SteamLibrary\steamapps\common\Train Valley 2\TrainValley2.exe () [File not signed]
FirewallRules: [{0BE3BA7F-3E90-43D8-97EC-AD765EE9825F}] => (Allow) D:\SteamLibrary\steamapps\common\YuppiePsycho\yuppiepsycho.exe () [File not signed]
FirewallRules: [{1B383C2C-C22F-4F42-A65E-38732DDE3B40}] => (Allow) D:\SteamLibrary\steamapps\common\YuppiePsycho\yuppiepsycho.exe () [File not signed]
FirewallRules: [{112D77E5-779C-4193-BE11-E6A4C2099BE7}] => (Allow) D:\SteamLibrary\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{A9D78195-5664-44D1-88F7-C4C05A5F7221}] => (Allow) D:\SteamLibrary\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{8205D45B-A729-47AB-958A-1BACC11BF75D}] => (Allow) D:\SteamLibrary\steamapps\common\Basingstoke\Basingstoke.exe () [File not signed]
FirewallRules: [{ADC26005-DE1D-439E-B3B5-D4F273BB40B4}] => (Allow) D:\SteamLibrary\steamapps\common\Basingstoke\Basingstoke.exe () [File not signed]
FirewallRules: [{369F93B7-491C-4BEF-BCA7-68F67E0B3AAA}] => (Allow) D:\SteamLibrary\steamapps\common\Metal Unit\MetalUnit.exe () [File not signed]
FirewallRules: [{B709E043-4935-4049-B776-B427B85D1329}] => (Allow) D:\SteamLibrary\steamapps\common\Metal Unit\MetalUnit.exe () [File not signed]
FirewallRules: [{2A9C974F-4EC1-494F-B409-82BD24D94DDC}] => (Allow) D:\SteamLibrary\steamapps\common\The Adventure Pals\Adventure Pals.exe () [File not signed]
FirewallRules: [{BCA30EE2-29BC-4879-A5C0-BC359E79B716}] => (Allow) D:\SteamLibrary\steamapps\common\The Adventure Pals\Adventure Pals.exe () [File not signed]
FirewallRules: [{F9873DA6-51E8-41D4-BDB9-84C29BC2BA20}] => (Allow) D:\SteamLibrary\steamapps\common\Bleed 2\Bleed2.exe (Ian Campbell) [File not signed]
FirewallRules: [{53E4C6F7-0A19-4116-8056-231AD0155B7C}] => (Allow) D:\SteamLibrary\steamapps\common\Bleed 2\Bleed2.exe (Ian Campbell) [File not signed]
FirewallRules: [{201A80C4-5969-4E50-9463-F20C150454DC}] => (Allow) D:\SteamLibrary\steamapps\common\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{B3B412F5-8379-4BAE-8D3A-5247ECFA5807}] => (Allow) D:\SteamLibrary\steamapps\common\Star Wars - The Old Republic\launcher.exe (Electronic Arts, Inc. -> BioWare)
FirewallRules: [{344AC0A0-3CDC-46AF-BFAA-EBD7F6CEF8C1}] => (Allow) D:\SteamLibrary\steamapps\common\Barotrauma\Barotrauma.exe (FakeFish, Undertow Games) [File not signed]
FirewallRules: [{6AA0FEB9-98A4-4EF6-841A-309B13BA556B}] => (Allow) D:\SteamLibrary\steamapps\common\Barotrauma\Barotrauma.exe (FakeFish, Undertow Games) [File not signed]
FirewallRules: [{AEC467F1-A458-4FB6-8639-7D41F9B9B6E1}] => (Allow) D:\SteamLibrary\steamapps\common\Obscure\Obscure.exe (Mighty Rocket Studio) [File not signed]
FirewallRules: [{4B6784FB-2C0D-4258-B15B-9B897F56F7F8}] => (Allow) D:\SteamLibrary\steamapps\common\Obscure\Obscure.exe (Mighty Rocket Studio) [File not signed]
FirewallRules: [{AE959C85-1112-43C2-BC69-EB7D96651B79}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{08CFB1A2-F0F8-4A95-8F56-D5C2586F8D62}C:\program files (x86)\pinegrow web editor\pinegrow.exe] => (Allow) C:\program files (x86)\pinegrow web editor\pinegrow.exe (Pinegrow Pte. Ltd. -> The NW.js Community)
FirewallRules: [UDP Query User{07107E97-0B8C-4838-B990-5190F990EB20}C:\program files (x86)\pinegrow web editor\pinegrow.exe] => (Allow) C:\program files (x86)\pinegrow web editor\pinegrow.exe (Pinegrow Pte. Ltd. -> The NW.js Community)

==================== Restore Points =========================

13-08-2020 00:02:16 Windows Update
19-08-2020 18:09:46 Installed DirectX
21-08-2020 14:58:04 Windows Modules Installer
28-08-2020 18:34:06 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (08/31/2020 04:06:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453

Error: (08/31/2020 04:06:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1453

Error: (08/31/2020 04:06:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2020 08:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1453

Error: (08/30/2020 08:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1453

Error: (08/30/2020 08:15:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/30/2020 05:14:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1437

Error: (08/30/2020 05:14:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1437


System errors:
=============
Error: (08/30/2020 11:55:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (08/30/2020 12:30:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (08/29/2020 10:54:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HAJGTG6)
Description: The server Microsoft.Office.OneNote_16001.12827.20182.0_x64__8wekyb3d8bbwe!microsoft.onenoteim did not register with DCOM within the required timeout.

Error: (08/28/2020 07:29:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (08/27/2020 12:26:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (08/25/2020 02:38:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.

Error: (08/25/2020 02:33:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:08:14 on ‎22/‎08/‎2020 was unexpected.

Error: (08/20/2020 11:49:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706d9: 9WZDNCRFHVJL-MICROSOFT.OFFICE.ONENOTE.


Windows Defender:
===================================
Date: 2020-08-30 05:04:14.674
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:PHP/Dirtelti.MTF&threatid=2147761230&enterprise=0
Name: Backdoor:PHP/Dirtelti.MTF
ID: 2147761230
Severity: Severe
Category: Backdoor
Path: file:_C:\Users\efilr\AppData\Local\Temp\tmpp0eax5\working\example.php
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Sublime Text 3\plugin_host.exe
Security intelligence Version: AV: 1.323.90.0, AS: 1.323.90.0, NIS: 1.323.90.0
Engine Version: AM: 1.1.17400.5, NIS: 1.1.17400.5

Date: 2020-07-27 17:07:29.051
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {9F9CD49D-CF86-4947-B7F5-2593A7D566A7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-07-31 19:03:43.198
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.319.2400.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2020-07-31 19:03:43.198
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.319.2400.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2020-07-31 19:03:43.198
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.319.2400.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2020-07-31 19:03:43.191
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.319.2400.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

Date: 2020-07-31 19:03:43.191
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.319.2400.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17200.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 

CodeIntegrity:
===================================

Date: 2020-09-01 06:36:58.679
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-01 06:36:58.678
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-01 06:34:07.851
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-01 06:34:07.850
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-01 06:23:57.021
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-01 06:23:57.018
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-01 06:04:07.809
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2020-09-01 06:04:07.807
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 0303 12/30/2009
Motherboard: ASUSTeK Computer INC. P6TD DELUXE
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Percentage of memory in use: 84%
Total physical RAM: 10231.11 MB
Available physical RAM: 1578.6 MB
Total Virtual: 23543.11 MB
Available Virtual: 7807.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.19 GB) (Free:254.51 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:466.06 GB) NTFS
Drive p: (pCloud Drive) (Removable) (Total:2048 GB) (Free:1427.86 GB) exFAT

\\?\Volume{b1c9491d-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B1C9491D)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 138FD8CC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Link to post
Share on other sites

  • Root Admin

Are you still using this mouse and driver from 2012?

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)

You also have the following drivers from Logitech from 2012 and 2013 (if you are using them then okay, just asking as they are so old and generally speak most basic mice require no special drivers)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech -> Logitech, Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

Up to you but I would suggest removing this entry and not using the Logitech downloader. It has been problematic off and on for many computers
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)

Again, up to you but most Experts no longer recommend using this software.
CCleaner


Please uninstall Bonjour
Go to Control Panel, Programs, uninstall

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

NOTE: Attachments are now working again. Please attach all logs. Do not copy/paste directly to the forums.

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.