nastyemu Posted March 23, 2021 ID:1446723 Share Posted March 23, 2021 Got an RTP detection notification today and I'm not sure what caused it and if there is something else I should do to find out what caused it to happen. Log attached. RTPBlock.txt Link to post Share on other sites More sharing options...
kevinf80 Posted March 23, 2021 ID:1446730 Share Posted March 23, 2021 Hello nastyemu and welcome to Malwarebytes, Continue with the following: Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab. Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... If English is not your native tongue rename FRST to FRSTEnglish. Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... 1 Link to post Share on other sites More sharing options...
nastyemu Posted March 23, 2021 Author ID:1446731 Share Posted March 23, 2021 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/23/21 Scan Time: 6:18 PM Log File: b25a741c-8c25-11eb-9fb2-10c37b6f5c03.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38599 License: Premium -System Information- OS: Windows 10 (Build 19042.804) CPU: x64 File System: NTFS User: mb-desktop\mbryce -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 453487 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 3 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
nastyemu Posted March 23, 2021 Author ID:1446733 Share Posted March 23, 2021 # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-03-22.1 (Local) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 03-23-2021 # Duration: 00:00:16 # OS: Windows 10 Pro # Scanned: 31985 # Detected: 20 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.MalwareProtection C:\Users\mbryce\AppData\Local\MalwareProtectionLive ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Settings Manager PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com PUP.Optional.Legacy HKLM\Software\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} PUP.Optional.Legacy HKLM\Software\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} PUP.Optional.SafeFinder HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\csnphilly.com PUP.Optional.SafeFinder HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.csnphilly.com PUP.Optional.SafeFinder HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\csnphilly.com PUP.Optional.SafeFinder HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.csnphilly.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Link to post Share on other sites More sharing options...
nastyemu Posted March 23, 2021 Author ID:1446734 Share Posted March 23, 2021 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-03-2021 Ran by mbryce (administrator) on MB-DESKTOP (ASUS All Series) (23-03-2021 18:36:23) Running from C:\Users\mbryce\Downloads Loaded Profiles: mbryce Platform: Windows 10 Pro Version 20H2 19042.804 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2> (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2> (Adobe Inc. -> Adobe Incorporated) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\RemoteComponents\UPI\ExManCoreLib\AdobeExtensionsService.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360732.inf_amd64_9670f7ad3c9807e5\B360768\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360732.inf_amd64_9670f7ad3c9807e5\B360768\atiesrxx.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe (Backblaze, Inc -> ) C:\Program Files (x86)\Backblaze\bzbui.exe (Backblaze, Inc -> ) C:\Program Files (x86)\Backblaze\bzfilelist.exe (Backblaze, Inc -> ) C:\Program Files (x86)\Backblaze\bzserv.exe (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotification.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (DEVGURU CO LTD -> DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (DTS, Inc. -> DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (Logitech -> Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7> (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Plex, Inc. -> ) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe (Plex, Inc. -> Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe <2> (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (The CefSharp Authors) [File not signed] C:\Program Files (x86)\personalVPN\CefSharp.BrowserSubprocess.exe <3> (Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) D:\Steam\steam.exe (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (WiTopia, Inc. -> ) C:\Program Files (x86)\personalVPN\personalVPN.exe (WiTopia, Inc. -> ) C:\Program Files (x86)\personalVPN\personalVPNService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.) HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2019-11-27] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.) [File not signed] HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-03-04] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed] HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [480176 2019-06-07] (Schneider Electric -> Schneider Electric) [File not signed] HKLM-x32\...\Run: [M17A] => C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [94752 2019-08-06] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-04] (Adobe Inc. -> ) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [GoogleChromeAutoLaunch_A6BDCC523FB8E9D51123C89847CEA6F5] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [Steam] => D:\Steam\steam.exe [4087528 2021-03-23] (Valve -> Valve Corporation) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [updateMgr] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21445744 2021-02-15] (Plex, Inc. -> Plex, Inc.) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\mbryce\AppData\Local\WhatsApp\Update.exe [2206648 2018-11-30] (WhatsApp, Inc. -> ) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [1169248 2020-10-30] (Backblaze, Inc -> ) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680720 2021-03-02] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [personalVPN] => C:\Program Files (x86)\personalVPN\personalVPN.exe [709344 2020-10-05] (WiTopia, Inc. -> ) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [Snap Camera] => C:\Program Files\Snap Inc\Snap Camera\Snap Camera.exe [64597024 2020-04-15] (Snapchat Inc. (Snap Inc.) -> ) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31046640 2020-08-27] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-25378543-2701485168-1019906018-1003\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680720 2021-03-02] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-25378543-2701485168-1019906018-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-25378543-2701485168-1019906018-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-25378543-2701485168-1019906018-1003\...\RunOnce: [Uninstall 20.201.1005.0009\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64" HKU\S-1-5-21-25378543-2701485168-1019906018-1003\...\RunOnce: [Uninstall 20.201.1005.0009] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Melissa\AppData\Local\Microsoft\OneDrive\20.201.1005.0009" HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [21445744 2021-02-15] (Plex, Inc. -> Plex, Inc.) HKLM\...\Windows x64\Print Processors\Canon MP280 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAA.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP280 series: C:\WINDOWS\system32\CNMLMAA.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\EPSON WorkForce 545 Series 64MonitorBA: C:\WINDOWS\system32\E_YLMHWA.DLL [120320 2015-06-17] (SEIKO EPSON CORPORATION) [File not signed] HKLM\Software\...\AppCompatFlags\Custom\H3Blade.exe: [{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb] -> HoMM III Compatibility Database HKLM\Software\...\AppCompatFlags\Custom\Heroes3.exe: [{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb] -> HoMM III Compatibility Database HKLM\Software\...\AppCompatFlags\InstalledSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb [2019-07-08] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-17] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2016-01-14] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2019-07-17] ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric -> Schneider Electric) [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B520BA0-17DB-4881-8FA4-39297AFE7CA1} - System32\Tasks\AdobeAAMUpdater-1.0-MB-DESKTOP-mbryce => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {127CF8E1-D32A-49F6-9AC9-044C3F7DC498} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {18A3E32E-F9D9-473E-8359-CB6FB645E20E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1A03D69E-3ABB-4D3F-ADFA-0A5AEB6D574A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {1B22A5AB-A3A6-4AA4-84DA-B734DE893AFD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {22F91BA7-5AE7-48D5-BEAB-66CA88225055} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {25F699DA-BDC8-45CF-A789-40924F847E77} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {26C9A070-A2F2-4170-8802-97908A9A96EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2C1F5520-2D7E-4F90-B7E9-D1A0AF8A502C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {320198DF-ECAF-4B21-BDFC-2FBBDA9E61B9} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645440 2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {33EFF9D6-B035-4AB3-9613-29C058F95580} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {370EF978-FF24-41E9-B9EB-8F85484A313D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3730D243-0E94-4CCE-9AB2-69BF0412B4C5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3EA0BD80-FA38-4D9C-B896-8FDF3026730E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {403064AE-4293-4FC7-B355-F127CDCFFCCB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4A25FC4F-6BC0-4292-95A7-B9774C7BB8DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {4DA9592B-6D2A-4D6A-8E2C-E84B1E40B692} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {4E8AAB42-5BB4-4FB2-BABC-2374D90C2233} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {50DBF7B6-7679-4795-B5AA-F9B9B0CE9033} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {54FA135C-2FBC-4547-A016-54CD8D380AFE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {57B5B780-6ED7-4FBD-B192-A9E22F715C0B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {585C560A-BC06-4067-AF63-82692FAC3F30} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5B272C86-DA54-4B7D-9A31-E4F54B707D25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {62C44B7C-7F32-4962-97A9-900CDFB1CEA1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {63C16786-08EE-448B-B016-383CC7DCCFC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {664D4EFF-A098-45DE-9345-B3BCD24D1D8E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {68B3929D-2147-4B2E-A60C-F998035E68D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {6BAD67F9-F462-4451-A8F2-6FC4EEB248E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {6C380986-7F28-4500-BE33-88B52CC6B1AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {6F315B50-1BB6-47AE-B8F2-A4311498D337} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {747F4300-F7BA-4AC2-9A94-B4456915011D} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645440 2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {7964C7E4-4D1B-453A-9946-6F003FFA91EE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {7AB8027F-B97F-4C91-998F-E1364645FAE1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {82751210-CD8B-4E82-80D2-6372AAF18199} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {89992BF9-391C-4B02-9A26-B8E77953374C} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {8C3194C5-B975-41ED-BD4B-1C00E583740F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-08-27] (Garmin International, Inc. -> ) Task: {95A21D99-1994-4F0D-A711-F9341B664855} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9A28F5EA-4373-4C65-A67B-D1EC9E829771} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {9B0FD08C-74DE-4031-9A31-C62FC22ED05D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {9BD59695-6587-4DDD-AE3C-91937F602D7F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {9E73CE20-327E-4FCE-9702-A0F49479D170} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [868 2019-01-22] () [File not signed] Task: {A32F1477-FC42-436A-8374-D8534826D6CC} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696816 2021-03-23] (Mozilla Corporation -> Mozilla Foundation) Task: {A7811DD7-DA80-42E9-B3EA-855BAE81FBC9} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\mbryce\Start Workspace Runtime at logon => {4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C} C:\WINDOWS\system32\wksprt.exe [450048 2021-01-13] (Microsoft Windows -> Microsoft Corporation) Task: {A9B83B9D-DA7D-4315-9E98-2302B507DACD} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {AB874B78-FC29-40C2-9783-DF44EF9893DE} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn Task: {AB874B78-FC29-40C2-9783-DF44EF9893DE} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run Task: {ABC6DAB0-74D0-48D1-8A8B-4644CEE7CAC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {B0A01318-01A6-4A4E-9B61-1C943B9AC2C7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B6335FE2-5B71-4924-897E-69896B82BD88} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1124744 2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {BBA08D92-EE59-4D77-BA23-F923F3E70D2C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C0D6452A-302C-482F-858C-8744B025249F} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {C5888CD9-61A9-41AA-96FD-92A97EB8BDC9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {CD7F3BB8-9C24-4D4B-ABDF-F7D9346C4A35} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645440 2020-11-05] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {CF0FDD06-2E01-476E-87E2-65B0C9E18FF5} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\mbryce\Report update status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify2 Task: {D3BFB645-C973-40CE-8E11-4854F7CDF73B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation) Task: {D95F48A3-A441-4703-A06E-62046A18FE2B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DC217936-B273-4B4D-B733-085F6FF61AFD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {DC557E81-2D15-457E-BB61-608A00732DDD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {DD775855-681D-4891-8080-74CA00C6C1D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {ED271FB4-4E56-415B-8985-1B3D2CC744FE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EF19DE42-60AF-4613-9921-9CB8DE266FB3} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {F18AEEE4-E1D6-41CA-8503-725065C48D1B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MpCmdRun.exe [566368 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {F1E12F03-A5C6-4260-93DB-0951598DB4EC} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {F202F0B3-9888-4163-91D3-A656739093E5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {F78EB437-FEC1-4299-B247-CFD4125A9569} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F7D12133-8DEB-4790-AB81-0C07518FB77E} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\mbryce\Update connections => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces2 Task: {F8D64EC4-3EEE-4CA3-9846-091AE6BB8ADA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FBFDAAD2-A8DC-420F-BF5B-5911EBE47B75} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-25378543-2701485168-1019906018-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{184078fe-f1c5-4329-a9ff-9f0abebc4f19}: [DhcpNameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{ad4f5418-9cfa-49d4-8938-a816234cf3ba}: [DhcpNameServer] 192.168.1.1 Edge: ======= DownloadDir: C:\Users\mbryce\Downloads Edge DefaultProfile: Default Edge Profile: C:\Users\mbryce\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-17] Edge DownloadDir: C:\Users\mbryce\Downloads FireFox: ======== FF DefaultProfile: 6molrr0h.default-1490191642265 FF ProfilePath: C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265 [2021-03-23] FF Homepage: Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265 -> www.google.com FF Extension: (Facebook Container) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\@contain-facebook.xpi [2020-09-29] FF Extension: (Cisco Webex Extension) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\ciscowebexstart1@cisco.com.xpi [2020-06-08] FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\firefox@ghostery.com.xpi [2021-03-02] FF Extension: (Reddit Enhancement Suite) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2021-03-17] FF Extension: (LastPass: Free Password Manager) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\support@lastpass.com.xpi [2021-03-16] FF Extension: (uBlock Origin) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\uBlock0@raymondhill.net.xpi [2021-03-15] FF Extension: (Google Search \) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\{23cc126f-bd98-4a53-807a-cbc9af2cfe89}.xpi [2018-05-24] FF Extension: (Bitwarden - Free Password Manager) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2021-03-19] FF Extension: (Eno® from Capital One®) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2021-03-09] FF Extension: (Logitech SetPoint) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2019-06-16] FF Extension: (Greasemonkey) - C:\Users\mbryce\AppData\Roaming\Mozilla\Firefox\Profiles\6molrr0h.default-1490191642265\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2021-01-27] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-03-04] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google Inc -> Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-21] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-21] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-03-06] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-03-04] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: BYOND -> d:\BYOND\bin\npbyond.dll [2008-07-08] (BYOND) [File not signed] FF Plugin HKU\S-1-5-21-25378543-2701485168-1019906018-1000: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\mbryce\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-11-23] (Nagravision) [File not signed] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default [2021-03-23] CHR Notifications: Default -> hxxps://g.bettercloud.com; hxxps://mail.google.com; hxxps://meet.google.com; hxxps://messages.android.com; hxxps://messages.google.com CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Extension: (YouTube) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (uBlock Origin) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-03-23] CHR Extension: (Google Search) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12] CHR Extension: (Gmail Offline) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-02-25] CHR Extension: (Google Play Music) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-11-24] CHR Extension: (Google Docs Offline) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-23] CHR Extension: (LastPass: Free Password Manager) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-03-15] CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-02-02] CHR Extension: (Google Keep Chrome Extension) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-03-23] CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-02-28] CHR Extension: (Google Hangouts) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02] CHR Extension: (TeamViewer) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\oooiobdokpcfdlahlmcddobejikcmkfo [2020-11-08] CHR Extension: (Gmail) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03] CHR Extension: (Chrome Media Router) - C:\Users\mbryce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15] CHR HKU\S-1-5-21-25378543-2701485168-1019906018-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\mbryce\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found> CHR HKU\S-1-5-21-25378543-2701485168-1019906018-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-03-19] (Adobe Systems) [File not signed] R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-03-04] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated) R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [14256 2019-06-07] (Schneider Electric -> Schneider Electric) [File not signed] R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [4261808 2019-06-07] (Schneider Electric -> Schneider Electric) [File not signed] R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2020-02-05] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.25\aaHMSvc.exe [963544 2016-08-05] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [61824 2020-11-05] (Advanced Micro Devices, Inc. -> AMD) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1494024 2018-01-31] (BattlEye Innovations e.K. -> ) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed] R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [606048 2020-10-30] (Backblaze, Inc -> ) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc. -> DTS, Inc) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-02-06] (FUTUREMARK INC -> Futuremark) S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-04] (GOG Sp. z o.o. -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-12-04] (GOG Sp. z o.o. -> GOG.com) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-15] (Malwarebytes Inc -> Malwarebytes) R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1439856 2021-02-15] (Plex, Inc. -> Plex, Inc.) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2015-11-27] (Even Balance, Inc. -> ) S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1352832 2020-11-24] (Rockstar Games, Inc. -> Rockstar Games) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU CO LTD -> DEVGURU Co., LTD.) R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed] R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-16] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WitopiaPersonalVPN; C:\Program Files (x86)\personalVPN\personalVPNService.exe [100576 2020-10-01] (WiTopia, Inc. -> ) R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2020-02-05] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-12-15] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-15] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-23] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-23] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-15] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-03-23] (Malwarebytes Inc -> Malwarebytes) R3 NAL; C:\WINDOWS\system32\Drivers\iqvw64e.sys [34568 2014-02-26] (Intel Corporation -> Intel Corporation) S3 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [83264 2019-03-24] (Insecure.Com LLC -> Insecure.Com LLC.) R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2015-04-09] (Bruce James -> Scarlet.Crush Productions) R3 SnapCameraVirtualDevice; C:\WINDOWS\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-03-21] (Snap Inc. -> Windows (R) Win 7 DDK provider) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2018-06-08] (Valve Corp. -> ) R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2018-06-08] (Valve Corp. -> ) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [37360 2019-11-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) R3 TSVAD_PCM; C:\WINDOWS\system32\drivers\tsvadpcm.sys [33552 2015-05-26] (Telestream Inc. -> Windows (R) Win 7 DDK provider) R3 vjoy; C:\WINDOWS\System32\drivers\vjoy.sys [67448 2019-07-14] (On-site Dental Systems (Justin Shafer) -> Shaul Eizikovich) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-03-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420072 2021-03-16] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-16] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-23 18:36 - 2021-03-23 18:37 - 000049048 _____ C:\Users\mbryce\Downloads\FRST.txt 2021-03-23 18:35 - 2021-03-23 18:36 - 000000000 ____D C:\FRST 2021-03-23 18:34 - 2021-03-23 18:34 - 002300928 _____ (Farbar) C:\Users\mbryce\Downloads\FRST64.exe 2021-03-23 18:29 - 2021-03-23 18:29 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-03-23 18:29 - 2021-03-23 18:29 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-03-23 18:29 - 2021-03-23 18:29 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-03-23 18:26 - 2021-03-23 18:28 - 000000000 ____D C:\AdwCleaner 2021-03-23 18:26 - 2021-03-23 18:26 - 008534696 _____ (Malwarebytes) C:\Users\mbryce\Downloads\adwcleaner_8.2.exe 2021-03-23 17:06 - 2021-03-23 17:06 - 000000579 _____ C:\Users\mbryce\Desktop\RTP2.txt 2021-03-23 17:06 - 2021-03-23 17:06 - 000000579 _____ C:\Users\mbryce\Desktop\RTP3.txt 2021-03-23 15:56 - 2021-03-23 15:56 - 000001032 _____ C:\Users\mbryce\Desktop\RTPBlock.txt 2021-03-23 10:10 - 2021-03-23 10:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-03-20 10:19 - 2021-03-20 10:19 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2021.lnk 2021-03-20 10:18 - 2021-03-20 10:18 - 000001085 _____ C:\Users\mbryce\Desktop\Adobe Lightroom Classic.lnk 2021-03-20 10:18 - 2021-03-20 10:18 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk 2021-03-20 10:16 - 2021-03-20 10:16 - 000001026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2021.lnk 2021-03-20 10:14 - 2021-03-20 10:14 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk 2021-03-19 22:17 - 2021-03-19 22:17 - 000406063 _____ C:\Users\mbryce\Downloads\messages_0.jpeg 2021-03-19 14:46 - 2021-03-19 14:46 - 029269194 _____ (EDDiscovery Team (Robby) ) C:\Users\mbryce\Downloads\EDDiscovery-11.10.2.exe 2021-03-19 13:05 - 2021-03-19 13:05 - 000039564 _____ C:\Users\mbryce\Desktop\w224s2f8bd161.webp 2021-03-12 05:37 - 2021-03-12 05:38 - 001896165 _____ C:\Users\mbryce\Downloads\lazystream-v1.11.4-x86_64-pc-windows-msvc.zip 2021-03-09 18:35 - 2021-03-09 18:35 - 000000000 ____D C:\WINDOWS\PCHEALTH 2021-03-03 03:29 - 2021-03-03 03:29 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini 2021-02-26 09:36 - 2021-02-26 09:36 - 029271697 _____ (EDDiscovery Team (Robby) ) C:\Users\mbryce\Downloads\EDDiscovery-11.10.1.exe 2021-02-25 09:15 - 2021-02-25 09:17 - 000000000 ____D C:\Users\mbryce\Desktop\Elite_Dangerous_Bindings 2021-02-22 12:19 - 2021-02-22 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server 2021-02-22 12:19 - 2021-02-22 12:19 - 000000000 ____D C:\Program Files (x86)\Plex 2021-02-21 09:50 - 2021-02-21 09:50 - 015471880 _____ (VoiceAttack.com ) C:\Users\mbryce\Downloads\VoiceAttackInstaller(1).exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-03-23 18:34 - 2021-01-13 06:45 - 000974350 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-03-23 18:34 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF 2021-03-23 18:33 - 2015-02-25 12:45 - 000000000 ____D C:\ProgramData\Mozilla 2021-03-23 18:32 - 2016-11-24 09:52 - 000000000 ____D C:\Users\mbryce\AppData\LocalLow\Mozilla 2021-03-23 18:31 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-03-23 18:30 - 2016-11-08 12:48 - 000000000 ____D C:\Users\mbryce\AppData\Local\Plex Media Server 2021-03-23 18:30 - 2015-04-22 08:17 - 000000000 ___RD C:\Users\mbryce\Creative Cloud Files 2021-03-23 18:29 - 2021-01-13 06:47 - 000003118 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher 2021-03-23 18:29 - 2021-01-13 06:47 - 000003104 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate 2021-03-23 18:29 - 2021-01-13 06:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-03-23 18:29 - 2021-01-13 06:38 - 000008192 ___SH C:\DumpStack.log.tmp 2021-03-23 18:29 - 2020-11-09 13:25 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-03-23 18:29 - 2020-02-03 15:55 - 000000000 ____D C:\Users\mbryce\AppData\LocalLow\IGDump 2021-03-23 18:29 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-03-23 18:29 - 2017-04-16 09:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2021-03-23 18:29 - 2015-02-25 12:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-03-23 17:50 - 2021-01-29 14:54 - 000000000 ____D C:\Users\mbryce\AppData\Local\EDDiscovery 2021-03-23 15:55 - 2020-02-03 15:55 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE 2021-03-23 13:21 - 2019-10-01 05:03 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-03-23 10:10 - 2015-02-25 12:45 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-03-22 21:35 - 2015-06-08 09:19 - 000000000 ____D C:\Users\mbryce\AppData\Roaming\vlc 2021-03-22 20:57 - 2019-12-19 17:41 - 000000000 ____D C:\Users\mbryce\AppData\Local\Frontier_Developments 2021-03-22 19:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-03-22 13:49 - 2017-03-07 19:15 - 000000000 ____D C:\Users\mbryce\AppData\Roaming\qBittorrent 2021-03-20 18:50 - 2020-12-03 10:36 - 000000000 ____D C:\Users\mbryce\AppData\Local\Spotify 2021-03-20 18:36 - 2020-12-03 10:35 - 000000000 ____D C:\Users\mbryce\AppData\Roaming\Spotify 2021-03-20 10:20 - 2015-04-22 08:23 - 000000000 ____D C:\Program Files\Adobe 2021-03-20 10:16 - 2015-04-22 08:29 - 000000000 ____D C:\Program Files\Common Files\Adobe 2021-03-20 10:12 - 2014-10-15 14:52 - 000000000 ____D C:\ProgramData\Adobe 2021-03-20 02:37 - 2020-06-20 08:35 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-03-20 02:37 - 2020-06-20 08:35 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-03-20 02:37 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-03-19 22:35 - 2020-10-09 12:51 - 000000000 ____D C:\Users\mbryce\Downloads\kissel 2021-03-19 14:47 - 2021-01-29 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EDDiscovery 2021-03-17 20:17 - 2014-10-15 09:57 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-03-16 12:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-03-16 08:14 - 2018-02-23 20:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-03-15 16:41 - 2021-01-13 06:47 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-25378543-2701485168-1019906018-1000 2021-03-15 16:41 - 2021-01-13 06:40 - 000002406 _____ C:\Users\mbryce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-03-15 16:41 - 2018-07-26 09:23 - 000000000 ___RD C:\Users\mbryce\OneDrive - Generations Home Care 2021-03-15 16:41 - 2015-11-26 22:37 - 000000000 ___RD C:\Users\mbryce\OneDrive 2021-03-15 16:21 - 2017-12-29 16:15 - 000000000 ____D C:\Users\mbryce\AppData\Local\Packages 2021-03-15 13:05 - 2021-02-03 11:36 - 000000000 ____D C:\Users\mbryce\Desktop\Resume 2021 2021-03-13 01:34 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-03-12 02:06 - 2014-10-15 11:12 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-03-12 02:00 - 2014-10-15 11:12 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-03-12 01:59 - 2018-03-30 14:31 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2021-03-11 14:59 - 2016-01-08 14:29 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-03-09 18:35 - 2009-07-13 22:34 - 000000478 _____ C:\WINDOWS\win.ini 2021-03-04 21:32 - 2021-01-19 14:45 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6e99918807562 2021-03-04 21:32 - 2021-01-13 06:47 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-03-04 17:14 - 2018-09-16 09:58 - 000001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2021-03-04 17:14 - 2016-09-24 03:41 - 000000000 ____D C:\ProgramData\Package Cache 2021-03-04 17:14 - 2014-10-15 14:51 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-03-03 03:29 - 2021-01-13 06:40 - 000000000 ____D C:\Users\DefaultAppPool 2021-03-02 17:25 - 2021-01-13 06:47 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0 2021-02-28 17:26 - 2015-06-12 08:12 - 000000000 ____D C:\ProgramData\boost_interprocess 2021-02-28 17:22 - 2021-01-13 06:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-02-21 15:31 - 2020-09-30 23:23 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-02-21 14:20 - 2018-05-21 18:59 - 000000000 ____D C:\Users\mbryce\AppData\Local\D3DSCache 2021-02-21 09:50 - 2020-01-04 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoiceAttack ==================== Files in the root of some directories ======== 2015-08-20 23:32 - 2016-04-28 23:12 - 000031366 _____ () C:\Users\mbryce\AppData\Roaming\net.telestream.wirecast.xml 2018-06-24 17:22 - 2018-06-24 17:22 - 000004721 _____ () C:\Users\mbryce\AppData\Roaming\XAddonManager.plist 2016-06-02 05:50 - 2017-04-21 21:39 - 000001456 _____ () C:\Users\mbryce\AppData\Local\Adobe Save for Web 13.0 Prefs 2018-09-26 13:07 - 2018-09-26 13:07 - 000000000 _____ () C:\Users\mbryce\AppData\Local\oobelibMkey.log 2018-01-16 18:28 - 2018-03-29 14:39 - 000000600 _____ () C:\Users\mbryce\AppData\Local\PUTTY.RND 2017-04-20 09:19 - 2020-11-24 15:57 - 000007594 _____ () C:\Users\mbryce\AppData\Local\Resmon.ResmonCfg 2018-06-21 19:53 - 2018-06-21 19:53 - 000000056 _____ () C:\Users\mbryce\AppData\Local\X-Plane 11 Preferences.prf 2018-06-21 19:54 - 2018-06-25 14:26 - 000000015 _____ () C:\Users\mbryce\AppData\Local\X-Plane_drm_11.prf 2018-06-21 19:53 - 2018-06-21 19:53 - 000000039 _____ () C:\Users\mbryce\AppData\Local\x-plane_install_11.txt ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Link to post Share on other sites More sharing options...
kevinf80 Posted March 23, 2021 ID:1446737 Share Posted March 23, 2021 Do you also have the secondary log from FRST "Addition.txt" Also are you aware of and trust the following proxy server: ProxyServer: [S-1-5-21-25378543-2701485168-1019906018-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888 Link to post Share on other sites More sharing options...
nastyemu Posted March 24, 2021 Author ID:1446787 Share Posted March 24, 2021 I'm honestly not sure about that proxy. Here is the text from Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021 Ran by mbryce (23-03-2021 18:39:13) Running from C:\Users\mbryce\Downloads Windows 10 Pro Version 20H2 19042.804 (X64) (2021-01-13 10:47:55) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-25378543-2701485168-1019906018-500 - Administrator - Disabled) ASPNET (S-1-5-21-25378543-2701485168-1019906018-1008 - Limited - Enabled) DefaultAccount (S-1-5-21-25378543-2701485168-1019906018-503 - Limited - Disabled) Guest (S-1-5-21-25378543-2701485168-1019906018-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-25378543-2701485168-1019906018-1006 - Limited - Enabled) mbryce (S-1-5-21-25378543-2701485168-1019906018-1000 - Administrator - Enabled) => C:\Users\mbryce Melissa (S-1-5-21-25378543-2701485168-1019906018-1003 - Limited - Enabled) => C:\Users\Melissa RDV GRAPHICS SERVICE (S-1-5-21-25378543-2701485168-1019906018-1009 - Limited - Disabled) => C:\Users\RDV GRAPHICS SERVICE WDAGUtilityAccount (S-1-5-21-25378543-2701485168-1019906018-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.1.0 - Adobe Systems) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe) Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0_1) (Version: 11.0.1 - Adobe Inc.) Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.1.534 - Adobe Inc.) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_2) (Version: 10.2 - Adobe Inc.) Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_0) (Version: 15.0 - Adobe Inc.) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_3) (Version: 22.3.0.49 - Adobe Inc.) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.84 - Hulubulu Software) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.11.1 - Advanced Micro Devices, Inc.) ANT Drivers Installer x64 (HKLM\...\{998DF7E5-262F-4391-A117-8D9E383B8C0A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden AutoHotkey 1.1.30.03 (HKLM\...\AutoHotkey) (Version: 1.1.30.03 - Lexikos) Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc) Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden Brother BR-Script3 Printer Driver (HKLM-x32\...\{9784BB29-D5DC-4225-8983-00B5951E8FE4}) (Version: 1.0.0.0 - Brother Industries Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden Brother PCFax Driver (HKLM-x32\...\{79262B43-9E15-4732-A034-BFD29D9BD077}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.) Brother Printer Driver (HKLM-x32\...\{DFDF4BFA-1551-47EC-93BF-EBC1C305CD47}) (Version: 1.6.0.0 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{49F15DD6-D83B-4756-BB57-66E00570C186}) (Version: 1.0.22.1 - Brother Industries Ltd.) Hidden BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden BYOND (HKLM-x32\...\BYOND) (Version: 511.1385 - BYOND) calibre 64bit (HKLM\...\{55ED30CB-7EEB-401C-B9E3-D9A5925D24C5}) (Version: 4.15.0 - Kovid Goyal) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - Canon Inc.) Carmageddon TDR 2000 (HKLM-x32\...\1146738698_is1) (Version: 1.0 - GOG.com) CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.) Cheat Engine 7.1 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine) Cisco Webex Meetings (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\ActiveTouchMeetingClient) (Version: 40.2.8 - Cisco Webex LLC) ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden CPUID CPU-Z 1.86 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.86 - CPUID, Inc.) CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DCS World (HKLM\...\DCS World_is1) (Version: 2 - Eagle Dynamics) Discord (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Discord) (Version: 0.0.309 - Discord Inc.) DISH Anywhere Player Installer (HKLM-x32\...\{50CFCCE7-F224-45B4-AB00-4565917DD991}) (Version: 2.1.6.429 - Sling Media) Hidden DISH Anywhere Video Player (HKLM-x32\...\{19A59152-3EA7-4631-9A11-5D2DBEF29780}) (Version: 2.29.3 - DISH Anywhere) DishAnywherePlayer (HKLM-x32\...\{24f1791c-8ea2-4330-bd4e-38fc77ae3931}) (Version: 2.1.6.429 - Sling Media) DiskCheckup v3.4 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.4.1003 - PassMark Software) Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version: 3.6.69.4648 - GOG.com) Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) EDDiscovery 11.10.2 (HKLM\...\{66D786F5-B09D-F1B4-6910-DE98F4475083}_is1) (Version: 11.10.2 - EDDiscovery Team (Robby)) Elevated Installer (HKLM-x32\...\{5053832D-D695-4E6A-A777-8CC79DF61A85}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden Elite Dangerous Market Connector (HKLM-x32\...\{EDEDEAEC-0443-489B-B76C-876A16A3E224}) (Version: 4.1.6.0 - EDCD) Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.2.3 - Telerik) Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version: - ) FileZilla Client 3.30.0 (HKLM-x32\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse) Futuremark SystemInfo (HKLM-x32\...\{8AD048D8-1975-47F5-800F-15028E84F2C5}) (Version: 5.5.646.0 - Futuremark) Garmin Express (HKLM-x32\...\{040c11a0-b209-4b21-b861-163f52e01d88}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{F8609938-A6C9-4796-87BC-471F62EA4F0E}) (Version: 7.1.3.0 - Garmin Ltd or its subsidiaries) Hidden GIANTS Editor 7.0.0 64-bit (HKLM-x32\...\giants_editor_7.0.0_win64_is1) (Version: 7.0.0 - GIANTS Software GmbH) GIANTS Editor 7.0.3 64-bit (HKLM-x32\...\giants_editor_7.0.3_win64_is1) (Version: 7.0.3 - GIANTS Software GmbH) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Git version 2.14.0.2 (HKLM\...\Git_is1) (Version: 2.14.0.2 - The Git Development Community) GitHub Desktop (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\GitHubDesktop) (Version: 0.7.2 - GitHub, Inc.) GlassFish Server Open Source Edition 4.1.1 (HKLM\...\nbi-glassfish-mod-4.1.1.0.1) (Version: - ) GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Golden Cheetah v3.5 (64bit) (HKLM-x32\...\Golden Cheetah) (Version: v3.5 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient) Heroes of Might and Magic 3 Complete (HKLM-x32\...\1207658787_is1) (Version: 4.0 - GOG.com) HoMM III Compatibility Database (HKLM\...\{62a24b39-0106-4990-90ea-3a09e9dda7a6}.sdb) (Version: - ) HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden ImageMagick 7.0.8-2 Q16 (64-bit) (2018-06-18) (HKLM\...\ImageMagick 7.0.8 Q16 (64-bit)_is1) (Version: 7.0.8 - ImageMagick Studio LLC) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation) Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation) IrfanView 4.52 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.52 - Irfan Skiljan) Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation) Joystick Gremlin (HKLM-x32\...\{0DAD4221-C8CF-4424-8DCD-3886274E89EF}) (Version: 13.1.0 - H2IK) Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\...\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-CA) (HKLM-x32\...\{9C5505DA-F9C1-46CB-9F8F-AC38F8EA518A}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-GB) (HKLM-x32\...\{A0186231-0A8B-455A-8A25-B64AABCC11A6}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-IE) (HKLM-x32\...\{998D5259-3BED-4710-98FF-D63387B5429E}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-NZ) (HKLM-x32\...\{07FC9CAD-FCEC-4186-BB83-EF7CCC9372BA}) (Version: 11.0.7400.336 - Microsoft Corporation) Kinect for Windows Speech Recognition Language Pack (en-US) (HKLM-x32\...\{8AAA44BB-487E-4D01-AF76-484ACB90DBFE}) (Version: 11.0.7400.336 - Microsoft Corporation) Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.84 - Logitech) M64Py 0.2.4 (HKLM-x32\...\M64Py_is1) (Version: - ) Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes) Matroska Batch Merge (HKLM-x32\...\{69991FD3-25C8-4C33-B690-D68CEC9101CB}) (Version: 0.1.0 - Jiri Horner) Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.57 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-25378543-2701485168-1019906018-1003\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation) Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation) Microsoft Server Speech Recognition Language - TELE (en-IN) (HKLM-x32\...\{3B06AC90-DE68-44A9-95EB-0A3C1AF1514F}) (Version: 11.0.7400.335 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28808 (HKLM-x32\...\{78079cc3-1f6e-47f6-b4d6-105f08b89409}) (Version: 14.26.28808.1 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.6.2037.624 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) MKVToolNix 34.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 34.0.0 - Moritz Bunkus) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 87.0.0.7747 - Mozilla) mp3splt-gtk (HKLM-x32\...\mp3splt-gtk) (Version: - ) MyHarmony (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech) NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org) NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming) Niagara Web Launcher (HKLM\...\{E66007FB-EA83-440E-9531-A9E57BDEDC66}) (Version: 20.4.2 - Tridium, Inc.) Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team) Npcap 0.992 (HKLM-x32\...\NpcapInst) (Version: 0.992 - Nmap Project) NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive) PC-FAXReceive (HKLM-x32\...\{65EA2C86-30CD-444C-ADAB-8762BE4E2E8C}) (Version: 1.8.003.0 - Brother Insutries Ltd.) Hidden PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden personalVPN 3.1.2 (HKLM-x32\...\{4F546844-ED9C-4FF3-B75D-B394E4082446}_is1) (Version: 3.1.2 - Witopia, Inc) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plex Media Player (HKLM\...\{D211BF7C-D881-45EF-BD6B-E4BA979BC263}) (Version: 1.2.2 - Plex) Hidden Plex Media Player (HKLM-x32\...\{bfc9ba0b-92e5-432f-82ae-ee43753cb4f1}) (Version: 1.2.2 - Plex) Plex Media Server (HKLM-x32\...\{9306A601-35DC-45B2-831E-9A1D22CA6E0D}) (Version: 1.21.3046 - Plex, Inc.) Hidden Plex Media Server (HKLM-x32\...\{995ab7c9-3ca2-40ac-ac74-e0f5d7237cb7}) (Version: 1.21.3.4046 - Plex, Inc.) PowerChute Personal Edition (HKLM-x32\...\APC) (Version: 3.1.0 - Schneider Electric) PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden Project64 version 2.3.2.202 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.2.202 - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham) Python 2.7.13 (HKLM-x32\...\{4A656C6C-D24A-473F-9747-3A8D00907A03}) (Version: 2.7.13150 - Python Software Foundation) Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation) Python 3.6.5 (64-bit) (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\{9d1b786e-0fd4-4386-abc1-4b920ab32da9}) (Version: 3.6.5150.0 - Python Software Foundation) Python 3.6.5 Add to Path (64-bit) (HKLM\...\{AFD7261B-BD27-40C3-B59A-1F2F5CF571FC}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Core Interpreter (64-bit) (HKLM\...\{CCE23D38-AE4C-41EE-867C-7DF7DCB52E7F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Development Libraries (64-bit) (HKLM\...\{6A7E897E-3F28-41DE-8EA7-FD3325FA881A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Documentation (64-bit) (HKLM\...\{B85E198A-D267-47DB-8F8C-1E5A95F77305}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Executables (64-bit) (HKLM\...\{B145D381-BCBE-408A-BDFA-0871790EC59D}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 pip Bootstrap (64-bit) (HKLM\...\{E828E9CB-111D-4185-AA7E-DD61923A61ED}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Standard Library (64-bit) (HKLM\...\{1A3684F6-CDA3-461A-83BA-186C525DA86F}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Tcl/Tk Support (64-bit) (HKLM\...\{20DE5A77-9F46-44D8-BB87-A10325DC493A}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Test Suite (64-bit) (HKLM\...\{C1BE25E2-19E0-4148-AE98-7A576D1E1528}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python 3.6.5 Utility Scripts (64-bit) (HKLM\...\{97CD25CA-B289-442B-96F9-D0F17B2617E9}) (Version: 3.6.5150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{8A66FEC2-E443-4219-B9AC-F9B10607B57C}) (Version: 3.6.6295.0 - Python Software Foundation) qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project) QModManager (Subnautica) (HKLM-x32\...\{52CC87AA-645D-40FB-8411-510142191678}_is1) (Version: 4.0.2.3 - QModManager) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) R for Windows 3.5.2 (HKLM\...\R for Windows 3.5.2_is1) (Version: 3.5.2 - R Core Team) Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) Rayman Legends (HKLM-x32\...\Uplay Install 410) (Version: - Ubisoft) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7233 - Realtek Semiconductor Corp.) Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) RemoteSetup (HKLM-x32\...\{FAB8A30A-B074-48F9-9D73-5E9A757403F8}) (Version: 3.10.2.0 - Brother Industries Ltd.) Hidden RetroArch 1.7.5 (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\RetroArch) (Version: 1.7.5 - libretro) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.31.304 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.4 - Rockstar Games) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.) ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden SDK Debuggers (HKLM-x32\...\{9274C832-3D8A-A294-FDE8-8B9272357098}) (Version: 8.100.26898 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Snap Camera 1.7.1 (HKLM-x32\...\{024A6CF5-627D-497F-980B-B9A6EC5C40AF}_is1) (Version: 1.7.1 - Snap Inc.) SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden Spotify (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\Spotify) (Version: 1.1.54.592.gc0b20638 - Spotify AB) StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stopping Plex (HKLM-x32\...\{E3D65375-EDA8-4B0B-987F-788EE54D6551}) (Version: 1.21.3046 - Plex, Inc.) Hidden Streamlink (HKLM-x32\...\Streamlink) (Version: 1.3.1 - Streamlink) StreetSmart Edge® (HKLM-x32\...\{5646676A-5A97-4B66-BE71-1B1770AD982B}) (Version: 1.64.64.0 - Schwab) Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer) TrainerRoad 2020.42.52 (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\8ae2f982-73fc-5153-87dd-e211deab97b0) (Version: 2020.42.52 - TrainerRoad LLC) Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 47.0 - Ubisoft) UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden vJoy Device Driver 2.1.9.1 (HKLM\...\{8E31F76F-74C3-47F1-9550-E041EEDC5FBB}_is1) (Version: 2.1.9.1 - Shaul Eizikovich) VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN) VMware Remote Console (HKLM-x32\...\{063EACD8-64EF-4A7F-9397-36CAF48B22D9}) (Version: 11.0.0 - VMware, Inc.) VNC Viewer 6.20.529 (HKLM\...\{DCF5BBEA-3BDB-4E03-BF06-03836F320CA6}) (Version: 6.20.529.42646 - RealVNC Ltd) VoiceAttack version 1.8.7 (HKLM-x32\...\{D6EDF6DB-029E-4A34-A3A0-D960CB0FCB2A}_is1) (Version: 1.8.7 - VoiceAttack.com) VPC Software Suite version 20210102 (HKLM-x32\...\{2D922289-8AA1-49FF-9CCF-F2833A69D857}_is1) (Version: 20210102 - VIRPIL Controls) Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-4) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden WinDirStat 1.1.2 (HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\WinDirStat) (Version: - ) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - RemoteControl (RemoteControlUSBLAN) Net (06/02/2016 02.04.10.001) (HKLM\...\A14D4158722037A4DD816446D7339B41F11276D9) (Version: 06/02/2016 02.04.10.001 - RemoteControl) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}) (Version: 8.100.26898 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Wirecast (HKLM\...\{6F7D626B-6BBF-4C7A-9B09-0915E0E54B97}) (Version: 6.0.6 - Telestream LLC) Wireshark 3.0.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.1 - The Wireshark developer community, hxxps://www.wireshark.org) WorkoutCreator (HKLM-x32\...\{EC893F4F-C2BE-07DC-5B37-9D904BFEDC0E}) (Version: 1.5.0 - Trainer Road LLC) Hidden WorkoutCreator (HKLM-x32\...\com.trainerroad.tools.WorkoutCreator) (Version: 1.5.0 - Trainer Road LLC) Yubico Authenticator (HKLM\...\{37F312A5-47E7-465D-8728-4B5E8DFC5159}) (Version: 5.0.4 - Yubico AB) YubiKey Manager (HKLM-x32\...\yubikey-manager) (Version: 1.1.5 - Yubico AB) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated) ASUS Welcome -> C:\Program Files\WindowsApps\B9ECED6F.ASUSWelcome_1.0.1.0_x64__qmba6cd70vzyy [2015-11-26] (ASUSTeK COMPUTER INC.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-17] (Microsoft Studios) [MS Ad] Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10208.5605.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation) Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21005.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Studios) MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.) Sling TV -> C:\Program Files\WindowsApps\SlingTVLLC.SlingTV_7.0.8.0_x86__vgszm6stshdqy [2019-01-09] (Sling TV LLC) Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-12] (Twitter Inc.) WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2021-02-24] (Microsoft Corporation) Xbox Accessories -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_300.2103.5001.0_x64__8wekyb3d8bbwe [2021-03-11] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0 CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{04271989-C4D2-6CE3-E5D9-3EBAAABAC74E} -> [OneDrive - Generations Home Care] => C:\Users\mbryce\OneDrive - Generations Home Care [2018-07-26 09:23] CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-587690A3A7AD} -> [Creative Cloud Files] => C:\Users\mbryce\Creative Cloud Files [2015-04-22 08:17] CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\mbryce\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mbryce\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\mbryce\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-25378543-2701485168-1019906018-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-03-01] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-03-01] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-03-01] (Adobe Inc. -> ) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed] ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-03-01] (Adobe Inc. -> ) ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [2006-01-12] (Adobe Systems Inc.) [File not signed] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] () [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed] ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov) [File not signed] ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-03-01] (Adobe Inc. -> ) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\mbryce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:\Users\mbryce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TeamViewer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=oooiobdokpcfdlahlmcddobejikcmkfo ShortcutWithArgument: C:\Users\mbryce\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\fd4d8e7501576f3f\Pushbullet.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=chlffgpmiacpedhhbkiomidkjlcfhogd ShortcutWithArgument: C:\Users\mbryce\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd ==================== Loaded Modules (Whitelisted) ============= 2019-09-09 08:13 - 2019-09-09 08:13 - 001364992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll 2020-08-27 14:45 - 2020-08-27 14:45 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll 2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll 2020-02-03 14:38 - 2019-09-09 08:13 - 000915456 _____ () [File not signed] [File is in use] C:\Program Files (x86)\personalVPN\CefSharp.BrowserSubprocess.Core.dll 2020-02-03 14:38 - 2019-09-09 08:13 - 001364992 _____ () [File not signed] [File is in use] C:\Program Files (x86)\personalVPN\CefSharp.Core.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000629760 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\aac_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000336896 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\ac3_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000394752 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\ac3_encoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000608256 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\dca_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 001559040 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\h264_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000818688 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\hevc_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000351232 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\libmp3lame_encoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 001800704 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\libx264_encoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000579072 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\mp2_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000579072 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\mp3_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 000561152 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\mpeg2video_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 001268224 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\mpeg4_decoder.dll 2021-01-28 13:24 - 2021-01-28 13:24 - 001497600 _____ () [File not signed] \\?\C:\Users\mbryce\AppData\Local\Plex Media Server\Codecs\367b3d4-3673-windows-x86\msmpeg4v3_decoder.dll 2015-02-25 13:58 - 2006-01-12 22:20 - 000019968 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.DEU 2015-02-25 13:58 - 2006-01-12 22:13 - 000019968 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA 2020-02-05 21:16 - 2021-03-23 18:29 - 000033280 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll 2016-11-25 11:18 - 2016-11-25 11:18 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2017-03-22 18:21 - 2018-01-18 16:39 - 000519168 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2016-10-04 15:25 - 2018-01-18 16:39 - 001720832 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2019-07-27 09:57 - 2019-07-27 09:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll 2015-04-15 16:13 - 2015-04-15 16:13 - 000222720 _____ () [File not signed] C:\Program Files (x86)\Notepad++\NppShell_06.dll 2020-02-03 14:38 - 2019-07-27 09:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\personalVPN\libcef.dll 2020-02-03 14:38 - 2019-07-27 09:57 - 000317440 _____ () [File not signed] C:\Program Files (x86)\personalVPN\libegl.dll 2020-02-03 14:38 - 2019-07-27 09:57 - 004876288 _____ () [File not signed] C:\Program Files (x86)\personalVPN\libglesv2.dll 2020-10-09 13:10 - 2019-08-15 18:13 - 000989184 _____ () [File not signed] C:\Program Files (x86)\personalVPN\runtimes\win-x86\native\e_sqlite3.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll 2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll 2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll 2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll 2020-02-03 15:52 - 2005-04-22 14:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll 2020-08-27 14:45 - 2020-08-27 14:45 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll 2020-02-05 03:41 - 2015-06-05 20:00 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.25\ASACPI.DLL 2020-02-03 15:52 - 2016-11-01 12:27 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll 2020-08-27 14:51 - 2020-08-27 14:51 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll 2020-08-27 14:45 - 2020-08-27 14:45 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll 2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll 2020-08-27 14:45 - 2020-08-27 14:45 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll 2015-01-03 22:24 - 2015-01-03 22:24 - 000080384 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll 2014-04-11 09:31 - 2014-04-11 09:31 - 000297984 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll 2014-04-11 09:31 - 2014-04-11 09:31 - 000523264 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll 2021-01-13 06:41 - 2021-01-13 06:41 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL 2021-01-13 06:41 - 2021-01-13 06:41 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\MFC80ENU.DLL 2019-06-07 17:26 - 2019-06-07 17:26 - 000136112 _____ (Schneider Electric -> Schneider Electric) [File not signed] [File is in use] C:\Program Files (x86)\APC\PowerChute Personal Edition\UIControl.dll 2019-06-07 17:25 - 2019-06-07 17:25 - 000479152 _____ (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\drvutil.dll 2019-06-07 17:26 - 2019-06-07 17:26 - 000915376 _____ (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\pdcdll.dll 2019-06-07 17:26 - 2019-06-07 17:26 - 000016816 _____ (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\rdp.dll 2019-06-07 17:26 - 2019-06-07 17:26 - 000574896 _____ (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\UpsControl.dll 2019-06-07 17:26 - 2019-06-07 17:26 - 000534960 _____ (Schneider Electric -> Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\UpsDevice.dll 2019-06-07 12:01 - 2019-06-07 12:01 - 002200576 _____ (Schneider Electric) [File not signed] C:\Program Files (x86)\APC\PowerChute Personal Edition\res.dll 2015-06-17 18:46 - 2015-06-17 22:46 - 000120320 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_YLMHWA.DLL 2020-08-27 14:47 - 2020-08-27 14:47 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL 2019-07-27 09:57 - 2019-07-27 09:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll 2020-02-03 14:38 - 2019-07-27 09:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\personalVPN\chrome_elf.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll 2020-11-04 22:33 - 2020-11-04 22:33 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2020-07-27 11:18 - 2020-07-27 11:18 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2020-11-04 22:33 - 2020-11-04 22:33 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll 2020-02-03 14:38 - 2020-05-22 17:44 - 001930240 _____ (winsparkle.org) [File not signed] C:\Program Files (x86)\personalVPN\WinSparkle.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation) BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-12-21] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-21] (Oracle America, Inc. -> Oracle Corporation) DPF: HKLM-x32 {4838DDF0-AEEE-46B4-9D91-E46479CB9EFF} hxxp://66.166.90.197:13013/WatSearCtrl.cab (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\sharepoint.com -> hxxps://ghcde.sharepoint.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2020-05-19 13:21 - 000000902 _____ C:\WINDOWS\system32\drivers\etc\hosts 165.22.201.101 mf.svc.nhl.com 165.22.201.101 playback.svcs.mlb.com 165.22.201.101 mlb-ws-mf.media.mlb.com 2018-01-10 17:48 - 2020-02-26 08:44 - 000000700 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.17.98.225 mb-desktop.mshome.net # 2025 2 1 24 12 44 52 27 24.226.185 WIN-A1Q2NNVLMMO.mshome.net # 2019 6 2 4 13 51 28 400 26.180 linux-se2y.mshome.net # 2019 4 2 16 13 41 10 601 172.24.226.177 mb-desktop.mshome.net # 2024 4 5 12 22 47 50 646 172.24.226.185 WIN-A1Q2NNVLMMO.mshome.net # 2019 4 2 16 22 26 48 556 ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\ImageMagick-7.0.8-Q16;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Users\mbryce\AppData\Local\Programs\Python\Python36;C:\Users\mbryce\AppData\Local\Programs\Python\Python36\scripts;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\QuickTime\QTSystem\;d:\Git\cmd;C:\Program Files\Calibre2\;C:\Program Files\PuTTY\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\VideoLAN\VLC;d:\streamlink\bin; HKU\S-1-5-21-25378543-2701485168-1019906018-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-25378543-2701485168-1019906018-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-25378543-2701485168-1019906018-1009\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) Windows Firewall is enabled. Network Binding: ============= Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) Local Area Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\Run: => "XboxStat" HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\StartupApproved\StartupFolder: => "DishAnywherePlayerShortcut.lnk" HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-25378543-2701485168-1019906018-1000\...\StartupApproved\Run: => "Snap Camera" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{21528E61-965F-4FE7-B25E-DC8BD27066D6}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{B7A9F6D0-3924-4488-B99E-8EC469D9B160}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{BB5E4EFE-AFBF-4DEA-9F02-9F661BC491AB}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{A801A46F-32B6-433F-AE54-06EFD24BB586}] => (Allow) D:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [UDP Query User{A2837F79-7AC0-4B88-9D49-59749CF56951}D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe (Frontier Developments plc) [File not signed] FirewallRules: [TCP Query User{DF3AF564-B00B-4DA1-A3E9-5952BE50A9AD}D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) D:\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe (Frontier Developments plc) [File not signed] FirewallRules: [UDP Query User{4600964D-4ACD-4B49-8E98-5683BAD63BEC}C:\users\mbryce\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mbryce\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{F4EE9B18-96B0-4693-A3AB-543A0BBB2CF2}C:\users\mbryce\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mbryce\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7FC17FE4-93A0-4D0B-B90B-37AABF64425D}] => (Allow) D:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{8F382447-B5EB-4B9E-A67C-A1C3FEBF6C60}] => (Allow) D:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{E0FC8FAF-4064-4B66-82F4-2147984EC945}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{1F9A47B4-5B34-4006-876E-32B51DAFCED9}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{1EB28D52-68FC-4739-8D9C-4E26F7EA21B6}] => (Allow) D:\Steam\steamapps\common\DiRT 4\dirt4.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [{CD6EB478-67D4-44F3-B76C-582850EA0E87}] => (Allow) D:\Steam\steamapps\common\DiRT 4\dirt4.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [{9C2DEA1F-E73F-475B-9C6F-4B9112E9D31D}] => (Allow) D:\Steam\steamapps\common\F1 2018\F1_2018.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [{CB3217F8-F195-43AB-9BBB-86F57AC2E242}] => (Allow) D:\Steam\steamapps\common\F1 2018\F1_2018.exe (Codemasters Software Company Limited) [File not signed] FirewallRules: [{D69A4E12-BBB6-48F3-99A9-3C2DBEB3938D}] => (Allow) C:\Program Files (x86)\personalVPN\personalVPN.exe (WiTopia, Inc. -> ) FirewallRules: [{671ABF14-D807-4839-8117-C882A11E6CB8}] => (Allow) D:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{9013CC60-D2FE-4B53-A403-B7D3F89EF29E}] => (Allow) D:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{18A6F74B-D1B7-46FE-9951-7E0274BC6DA1}] => (Allow) C:\Program Files (x86)\personalVPN\personalVPN.exe (WiTopia, Inc. -> ) FirewallRules: [{521D4208-0CA1-4875-B31A-F88A107CB3F3}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> ) FirewallRules: [{8B36B91A-C10E-4178-9F7D-7E6CFDF18185}] => (Allow) D:\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> ) FirewallRules: [UDP Query User{875C57DB-2328-40F5-A595-27080C8F5E4A}C:\users\mbryce\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\mbryce\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{E006B27D-520A-46D6-90FC-2CAA76F9845A}C:\users\mbryce\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\mbryce\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{210E79DD-B6DF-4741-925F-CFA79BD3DFAE}D:\lazyman\mlbamproxy\win\mlbamproxy.exe] => (Allow) D:\lazyman\mlbamproxy\win\mlbamproxy.exe () [File not signed] FirewallRules: [TCP Query User{EE7F653B-37A3-4AD7-BEC3-2F0D496AC846}D:\lazyman\mlbamproxy\win\mlbamproxy.exe] => (Allow) D:\lazyman\mlbamproxy\win\mlbamproxy.exe () [File not signed] FirewallRules: [{CD2F0995-BEEB-42AC-8B90-D33D5EB38F69}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6D4B1F59-D8F5-44EC-A26B-BFE9F242BB93}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{625CE24D-3591-460B-9011-4A3CBEDD2558}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A9C59A1C-FA3A-4013-8C72-06477BD2A1A2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{C614353D-33EA-4B23-AE57-87380AC7F1E7}E:\telly\telly-1.1.0.6.windows-amd64\telly.exe] => (Allow) E:\telly\telly-1.1.0.6.windows-amd64\telly.exe () [File not signed] FirewallRules: [TCP Query User{4E37229E-9775-4AC4-ACA5-A9DF1E5A9893}E:\telly\telly-1.1.0.6.windows-amd64\telly.exe] => (Allow) E:\telly\telly-1.1.0.6.windows-amd64\telly.exe () [File not signed] FirewallRules: [UDP Query User{15BFEE23-2F6C-4954-9878-8FE3EC9E56CC}E:\serviio\jre\bin\javaw.exe] => (Allow) E:\serviio\jre\bin\javaw.exe => No File FirewallRules: [TCP Query User{684B44B8-0893-4A6D-B5E4-2EFF5C6E3240}E:\serviio\jre\bin\javaw.exe] => (Allow) E:\serviio\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{52157294-AD46-4B15-BB43-E57DF9FE1C64}D:\lazystream\lazystream.exe] => (Allow) D:\lazystream\lazystream.exe () [File not signed] FirewallRules: [TCP Query User{12BF4FBA-FBC0-4EB3-9154-A4845BA851BF}D:\lazystream\lazystream.exe] => (Allow) D:\lazystream\lazystream.exe () [File not signed] FirewallRules: [UDP Query User{F53064A4-C3DF-4BED-A380-3386E172F531}E:\xteve\xteve.exe] => (Allow) E:\xteve\xteve.exe => No File FirewallRules: [TCP Query User{23CBCF12-F2BD-45DE-AFC2-37B379261F2A}E:\xteve\xteve.exe] => (Allow) E:\xteve\xteve.exe => No File FirewallRules: [UDP Query User{C2913F2A-B330-44A9-85A2-7CEE9B2C03FF}D:\program files (x86)\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) D:\program files (x86)\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed] FirewallRules: [TCP Query User{20ED8DE6-C243-44D8-B369-2E9AFD4D9FAF}D:\program files (x86)\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe] => (Allow) D:\program files (x86)\gog galaxy\games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed] FirewallRules: [{52B828E4-BB5D-44F0-9E43-473DB456E89A}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [{F2D4CE09-687E-4162-8000-C230F967F338}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [{E976088F-59B3-47FF-9AB2-A823ED997E27}] => (Allow) LPort=54955 FirewallRules: [{51BD0D04-59E0-486B-B3F8-F67E36B12324}] => (Allow) LPort=54950 FirewallRules: [{78A1FD18-3132-4A79-8374-1D2E34B1268E}] => (Allow) LPort=54925 FirewallRules: [{4E490515-713A-4C80-9128-73D4774AD7E4}] => (Allow) C:\Program Files (x86)\personalVPN\personalVPN.exe (WiTopia, Inc. -> ) FirewallRules: [{B1FF312A-37D4-4186-9BB4-C81E8BAC19AC}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.) FirewallRules: [UDP Query User{DDFD0D86-443B-4D3F-AB52-D7E55BD8FB38}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File FirewallRules: [TCP Query User{77F22BF3-CD04-436A-BCD1-B7B280437D02}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File FirewallRules: [{3EA333D9-BABC-47DA-A513-77895CCF9314}] => (Allow) D:\Steam\steamapps\common\Islanders\ISLANDERS.exe () [File not signed] FirewallRules: [{5BAC2A73-8B47-4AB7-B562-13E7C4EFFB8A}] => (Allow) D:\Steam\steamapps\common\Islanders\ISLANDERS.exe () [File not signed] FirewallRules: [{94DD14C9-C246-4525-82BF-E93FE8DFB1D9}] => (Allow) D:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments) FirewallRules: [{26A617DD-25D8-4B28-A088-B047CABDA601}] => (Allow) D:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments) FirewallRules: [{66F75491-2B2E-49D6-946A-0449E3AC823D}] => (Allow) D:\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed] FirewallRules: [{C76E04CE-8479-4CB8-9746-D20DA085F1AC}] => (Allow) D:\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed] FirewallRules: [{0D4C096D-B2C2-4AD3-B3E5-7E29446A3225}] => (Allow) D:\Steam\steamapps\common\Darkwood\Darkwood.exe () [File not signed] FirewallRules: [{0BE54783-0D0F-425A-ADB3-60728D4AD920}] => (Allow) D:\Steam\steamapps\common\Darkwood\Darkwood.exe () [File not signed] FirewallRules: [{2044448E-22C6-4D08-9742-370F9F9A47ED}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [{0605F0FC-B962-4626-8AA0-56C3C16AD092}] => (Allow) D:\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [File not signed] FirewallRules: [UDP Query User{023FDCE6-D5FE-4865-8258-2E0BEF3C3FE2}D:\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) D:\steam\steamapps\common\insurgency2\insurgency.exe => No File FirewallRules: [TCP Query User{02764F65-BA2C-4F7F-B78A-C8D3B4B984C0}D:\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) D:\steam\steamapps\common\insurgency2\insurgency.exe => No File FirewallRules: [UDP Query User{703D34C2-97E6-4E3C-8F4C-1BF6E033C932}D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe => No File FirewallRules: [TCP Query User{A4654473-1221-46AB-A1D8-1733DA135106}D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe => No File FirewallRules: [UDP Query User{E8CFF0C8-B864-4484-B550-AC7FA52BA3A2}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{AA587C59-B5DB-4449-873E-7E7DC1E21EB8}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{DFA4C7DE-7AB7-4CA0-AA19-46FF5ABEB225}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{6ABE30B7-287D-46E8-A94D-8C8901993FFB}D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{C7C638F7-D355-410C-A094-7A93EF95A1E3}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{084DC653-E6BE-4BD9-AF29-4B3C5ADE222D}D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{3A6BED7C-A72B-4546-B46D-524BD5181CAA}D:\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) D:\steam\steamapps\common\trine 2\trine2_32bit.exe => No File FirewallRules: [TCP Query User{F093F20B-0144-4C1F-B96F-AD00546D38DC}D:\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) D:\steam\steamapps\common\trine 2\trine2_32bit.exe => No File FirewallRules: [UDP Query User{4AAE71EB-7D0A-474D-8002-D5394E7D7DC7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{C11DB47F-290F-4F6E-8EBE-91D3E2D0F673}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{C88778B9-AE1A-4274-86F7-9FC5E3A4AB32}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D0299284-66B7-40F9-B6E9-0FB884737E7A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{231B2765-C51D-4E06-BD1B-F6D449FF15DC}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [TCP Query User{0D78C2E8-3F68-4F4A-BA7C-D8214610043B}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Block) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{629B6750-2558-46D2-AA12-A72A89532138}] => (Allow) D:\Plex\Plex Media Player\PMPHelper.exe () [File not signed] FirewallRules: [{242B9C72-4537-40CB-9592-CD7489C0022B}] => (Allow) D:\Plex\Plex Media Player\PlexMediaPlayer.exe (Plex, Inc -> ) FirewallRules: [{C53FEA02-A036-406F-A273-23F6D41CC1F9}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{64798C13-46F7-4EBC-9D6A-F8E7CB2D04A6}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{73F9CD1B-185A-4620-B40C-20CCCBC71291}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{3F52BFB0-CDD8-45B1-9D37-E19821D2F53E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{E0B45771-AAB0-4A5D-81E4-7D7F5E9E644A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe => No File FirewallRules: [{5B5B2B2F-D518-46BF-A7E3-E1A68E5E6FFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe => No File FirewallRules: [{8209823F-4978-43D1-9DBC-8C33C8D57555}] => (Allow) C:\Program Files\Vuze\Azureus.exe => No File FirewallRules: [{0FB2C0A4-A2F8-468F-99C9-3E7559693169}] => (Allow) C:\Program Files\Vuze\Azureus.exe => No File FirewallRules: [{410EC988-94A9-442D-8654-B64D05C21BB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe => No File FirewallRules: [{DA16C0DE-7D66-4577-B6D7-335BBA9B489A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe => No File FirewallRules: [UDP Query User{837E9180-850C-48E8-A6E0-EA6DB41A7528}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{B350990A-B501-4893-9874-DD19E39692F0}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BDFAC36B-B3B1-49E3-A5AB-DE05F1FD8677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe => No File FirewallRules: [{85F097C8-44CD-4B82-944A-2B5C54615E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe => No File FirewallRules: [{C4FBBA75-E374-4DF0-AF8F-9ADB04795C07}] => (Allow) LPort=1900 FirewallRules: [{B3D0E405-BC56-4872-A588-2ED91487C8C9}] => (Allow) LPort=2869 FirewallRules: [{79288319-0777-472E-9729-31D81A448F27}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BC0B760F-3BBB-4B78-BADE-B61EA6E57042}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe => No File FirewallRules: [{7C9103D7-9172-4BFC-83F7-E26B29FB547C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe => No File FirewallRules: [UDP Query User{2E346ECC-4C2C-4627-A4C7-A6F1AE58D66C}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [TCP Query User{9BAF7B5F-9255-49A7-B4EC-6A24EDC3B2B9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [UDP Query User{DA77B4A7-100F-4A7E-B1E0-F1DA188824A9}C:\users\mbryce\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\mbryce\appdata\local\logmein client\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [TCP Query User{DA9CAD2D-43F9-4A0B-80B9-A5D9CBF645B8}C:\users\mbryce\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\mbryce\appdata\local\logmein client\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [UDP Query User{5EBBCFD9-6179-4D50-A8A4-2F8FF5DEA928}C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe] => (Allow) C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe => No File FirewallRules: [TCP Query User{01440992-F2F1-4C28-950D-239F1C111647}C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe] => (Allow) C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe => No File FirewallRules: [{AB808A75-A2F3-4F2D-A1AD-8A358C9691E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [{439FAE2C-32BB-456D-BCDC-52CB72517139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [{8A61981C-F241-4E1A-BBEA-CCB83A9B688B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe => No File FirewallRules: [{05A28FA0-4EA1-413A-8CA1-B6299E0CC9ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe => No File FirewallRules: [{CB142CBA-D991-457B-A5C8-81D4D642F1C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe => No File FirewallRules: [{2828DE29-9B5B-41FC-9758-75959AC1F92B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe => No File FirewallRules: [{4DBE9A8D-028C-41B2-BE36-71973FA22CFC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{14B858D1-D4C0-4AF6-A2C8-562632F1B53B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{FC0278F9-97E4-4068-B9AC-A7C105893DF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{E58CADED-8C63-41BB-AB92-008DEE11D934}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{8CD5C0FD-24CE-4BA1-A67D-35CDDA274FD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{2695AA80-316C-4C74-B498-89ACD9633C78}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe => No File FirewallRules: [{24AD9EBD-7462-4DDC-9C9C-D8C8630FFC1F}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe => No File FirewallRules: [{1743B04D-9927-4707-8855-27FED9203497}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe => No File FirewallRules: [{A66D3107-CDB9-474F-8EE8-209ADAE3DFEA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe => No File FirewallRules: [{59EEAF3F-B0AA-4D0E-8778-9164BD6B47BE}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe => No File FirewallRules: [{103B3135-B952-4476-8F03-191A84B392AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe => No File FirewallRules: [{93AD3724-4DCE-4AC2-8FAD-87C049ECBE3C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe => No File FirewallRules: [{A2E9B1C3-C386-4C1E-8584-7AA87513A262}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe => No File FirewallRules: [{13AB7E3F-E2AC-45A4-8403-8D63EA04ECA0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{507795CD-BE8B-492E-8A52-D05714D2E668}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> ) FirewallRules: [{2B0A5F36-F9C8-41AF-B4E1-61A97E29FECC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{7B927F35-F80F-4722-8410-B8B7BB5ADFF1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> ) FirewallRules: [{8346291D-D91E-41B5-BAB2-7571AF5D4D05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe => No File FirewallRules: [{B32ECB45-522D-4F9F-A8A0-754E5C730349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe => No File FirewallRules: [TCP Query User{24864025-0997-401F-828D-27363F0B1AD2}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe => No File FirewallRules: [UDP Query User{AA4560BF-881A-427B-B522-9B8048C04608}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe => No File FirewallRules: [{8A745E2D-EF12-4109-B1E4-F3DEEEC96BC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (I)\dosbox.exe => No File FirewallRules: [{E3C05CCC-5961-4760-BD3C-D14AD23E3D4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (I)\dosbox.exe => No File FirewallRules: [{64A461CE-00BD-4ECB-8991-79A50B8A273E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File FirewallRules: [{78F0E6EA-953E-42EA-A0CC-B9C0029B51EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File FirewallRules: [{02B61059-DCB4-49D7-B0B6-44FAD68BF9B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File FirewallRules: [{AE110141-2D93-47B7-9550-C8B664798055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File FirewallRules: [{561FEC29-F980-4A39-B615-7F441EBDF584}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{7E5E2DFB-6558-45E8-BF56-99C4272C1BDC}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E22EF908-612D-4F1F-8280-3A4449C0653D}] => (Allow) D:\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{095C60F7-6895-4F8F-865B-4B66FC1F3EC4}] => (Allow) D:\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{AE8CFBA0-47D5-4CC0-AE6E-76054418477F}] => (Allow) D:\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [{C75C2293-BB0D-4AE3-AB08-48F6360EE47E}] => (Allow) D:\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [TCP Query User{8ED0698C-687C-40E5-8ADA-5810E1CC4B42}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [UDP Query User{A459B32D-7EF0-4ABC-820C-19475FBC8641}D:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) D:\steam\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{B71F2D9C-48F0-4AF3-89B9-EF0ACB6EDE0D}] => (Allow) D:\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive) FirewallRules: [{3378C29C-6812-42F3-AA23-94B8C7A67EA4}] => (Allow) D:\Steam\steamapps\common\Crusader Kings II\CK2game.exe (Paradox Interactive AB (publ) -> Paradox Interactive) FirewallRules: [{C5B4B7A7-5487-4D8F-B17C-186BCBDA1ADA}] => (Allow) D:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{E8678164-A7E1-4AEA-BA2E-374D848C4578}] => (Allow) D:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games) FirewallRules: [{5CDCA5FE-5E30-4C39-8FEB-A46B5C56D0B0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{2B5C8BC9-1B8A-43DD-9AE1-12E1BD5FE3B9}] => (Allow) D:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> ) FirewallRules: [{42EE8716-E528-4912-93CE-12D657E053CA}] => (Allow) D:\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> ) FirewallRules: [{7AEDCDC8-A245-4BDB-AC34-C02445489C4C}] => (Allow) d:\Program Files (x86)\Fiddler2\Fiddler.exe (TELERIK AD -> Telerik) FirewallRules: [{8C2DF998-7215-4778-BA47-7646335705C8}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [{86C07647-D279-41C7-B4AD-9E04F8F13DC4}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [{93950630-8214-4882-8414-511EBE235CF2}] => (Allow) D:\Steam\steamapps\common\Rise of Flight 2.0\bin_game\release\ROF.exe => No File FirewallRules: [{CCA18A2A-9CE1-45F0-9C36-5B0EA74387C9}] => (Allow) D:\Steam\steamapps\common\Rise of Flight 2.0\bin_game\release\ROF.exe => No File FirewallRules: [{A7CB014C-CFE9-4816-93C5-ED09314A794D}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe => No File FirewallRules: [{E922CC8E-3DFB-4E3F-89A1-FD3B4F29E15F}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe => No File FirewallRules: [{A0BE368A-4B71-4E2F-9598-B6CAE532207B}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [{E41DCBF0-0B10-4EF7-997C-C71AC7D07B4D}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [{FD2B53C3-D646-49EB-BE16-4D5AEBAF6B0B}] => (Allow) D:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [{3807D234-6865-4923-A755-D0E67C623046}] => (Allow) D:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe (FromSoftware,Inc. -> BANDAI NAMCO Entertainment Inc.) FirewallRules: [TCP Query User{AD48B14C-7437-4422-9054-35E03FF254C1}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{771B688E-94EA-49A4-84F5-5EAB517437AE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{A67A120C-92D1-43A8-B46D-127097AAE884}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [{0D19CD90-5365-4511-A482-C3825BAECAE8}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [TCP Query User{9359B8EB-C110-4B6C-AB91-CA84E998A2D1}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe (Sling Media Inc.) [File not signed] FirewallRules: [UDP Query User{032147FE-8C29-4844-8E8A-3478F5D33D5B}C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe] => (Allow) C:\program files (x86)\dishanywhereplayer\dishanywhereplayer.exe (Sling Media Inc.) [File not signed] FirewallRules: [TCP Query User{885140C4-05D7-4DE1-9924-7E12A4E210EE}D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe] => (Allow) D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe => No File FirewallRules: [UDP Query User{CC5CAF9A-356C-4595-9711-4317D648050F}D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe] => (Allow) D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe => No File FirewallRules: [{D53168FE-4809-4E59-AF3E-B6696136F081}] => (Allow) D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File FirewallRules: [{18F79495-E8C5-468E-8BFC-4D5D7E29B953}] => (Allow) D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File FirewallRules: [TCP Query User{8F791EBB-FE2A-448B-ACC0-D1F7857D3174}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\steam\steamapps\common\total war warhammer\warhammer.exe => No File FirewallRules: [UDP Query User{B08A79BA-76AA-40AF-A573-5E4FDDD54E93}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\steam\steamapps\common\total war warhammer\warhammer.exe => No File FirewallRules: [TCP Query User{505A1AAC-B16A-4078-954C-A85FDBD305F1}D:\byond\bin\byond.exe] => (Allow) D:\byond\bin\byond.exe () [File not signed] FirewallRules: [UDP Query User{7E3AFB28-9506-431D-A125-4D883F84471C}D:\byond\bin\byond.exe] => (Allow) D:\byond\bin\byond.exe () [File not signed] FirewallRules: [{889B04D1-8E8B-4AE8-B512-83CCBCF0A39F}] => (Allow) D:\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe () [File not signed] FirewallRules: [{F18EE88D-B552-49F2-9CA8-5046FC9D7A0B}] => (Allow) D:\Steam\steamapps\common\KentuckyRouteZero\KentuckyRouteZero.exe () [File not signed] FirewallRules: [{561F0C4F-366B-45DF-87CD-9849E4158563}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{928C7460-F535-4B4E-875F-6DADD96C8FE2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [TCP Query User{BC04C175-871B-478C-B696-B812E7BF1567}C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File FirewallRules: [UDP Query User{A39FE9AE-43F2-4514-9D0E-C29713BE2B27}C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File FirewallRules: [{686F33CA-BFDA-442F-A32C-5E1EBA87D764}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{81CBF9A7-34E8-45CF-A2B5-7BFC8C8E4A78}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [TCP Query User{0B874817-3906-4F94-9841-0B18E79CAE9F}C:\android\jre\bin\java.exe] => (Allow) C:\android\jre\bin\java.exe => No File FirewallRules: [UDP Query User{5491301D-CA17-4AD7-B1C9-85069F0CE20C}C:\android\jre\bin\java.exe] => (Allow) C:\android\jre\bin\java.exe => No File FirewallRules: [DNS Server Forward Rule - TCP - a80e7993-02be-4313-b3bb-45864e6e799a - 0] => (Allow) LPort=53 FirewallRules: [DNS Server Forward Rule - UDP - a80e7993-02be-4313-b3bb-45864e6e799a - 0] => (Allow) LPort=53 FirewallRules: [{A6BE0F22-B60C-40AD-A022-127DBF87EE1F}] => (Allow) D:\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{86607856-DC6E-462F-B212-304E5E522013}] => (Allow) D:\Steam\steamapps\common\TheLongDark\tld.exe () [File not signed] FirewallRules: [{2100C3FC-05A8-43BB-AAD1-CC823A2B1E6D}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{BFE278D8-698B-42DF-BBCC-61B6E1E929AD}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed] FirewallRules: [{3D926630-3317-4A69-9B21-C412525A42DC}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [{FB07D314-2784-4A53-A6B2-01136FBDE257}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [TCP Query User{94F56D7F-84B3-4C91-A620-87096234A8E8}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe => No File FirewallRules: [UDP Query User{AFE7EA43-333E-40C4-A9C8-60BB8616C3F5}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe => No File FirewallRules: [TCP Query User{0D15A715-1C43-4780-9345-D20C2C2949BE}D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe] => (Allow) D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe => No File FirewallRules: [UDP Query User{187654BA-15EB-4E05-8B73-6487871BC7BD}D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe] => (Allow) D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe => No File FirewallRules: [{6AAC8FDA-6088-427E-93E2-080C994A2C28}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File FirewallRules: [{8C23E012-E08D-4F6C-B11F-52621EB898D9}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File FirewallRules: [{67DFEB29-7EA3-4E36-A8D1-AC9ED64EFD75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{C07F9AD2-1DF1-4874-99C5-C028397525B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [TCP Query User{394D4C4C-32A1-466F-B07F-AD413A1FD520}D:\lazyman\old\mitm\win\mitmdump.exe] => (Block) D:\lazyman\old\mitm\win\mitmdump.exe => No File FirewallRules: [UDP Query User{F5D4AEE4-9718-4D6C-BBE9-BD95314FC376}D:\lazyman\old\mitm\win\mitmdump.exe] => (Block) D:\lazyman\old\mitm\win\mitmdump.exe => No File FirewallRules: [{51D318BC-CA3F-4042-B140-5187A538A966}] => (Allow) D:\Steam\steamapps\common\Ghost of a Tale\GoaT.exe () [File not signed] FirewallRules: [{0319914E-D8D2-440D-868A-57BC6588049C}] => (Allow) D:\Steam\steamapps\common\Ghost of a Tale\GoaT.exe () [File not signed] FirewallRules: [{9578CFAB-068E-460D-A5C5-79D7D4FA5877}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{F3D40721-5784-4372-8C9B-C9EA95AEC49C}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{2BB26426-F22F-477F-87F5-34BAEA57F409}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{8CF923DF-6380-4A78-9338-F07B423399FE}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{93F97ED2-7AB3-4D01-8829-716C1863BACA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8F336FD7-79CE-4048-9A24-F6C0E4945AC7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{732D95C3-4F37-48A0-B9A5-A4220565AD31}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F336C5B5-E1B8-4228-992E-9E93A314F0CC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C9B5327E-D7B8-461F-8849-679C4FD97968}] => (Allow) D:\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{E93BF1E4-DE96-47C2-859B-9199CC404C00}] => (Allow) D:\qBittorrent\qbittorrent.exe () [File not signed] FirewallRules: [{456D1292-8972-460C-8477-04380A31397C}] => (Allow) D:\Steam\steamapps\common\Slasta_COTM\Solasta.exe () [File not signed] FirewallRules: [{75F54EFD-4CC7-4D7C-BAA7-C0185ACE579D}] => (Allow) D:\Steam\steamapps\common\Slasta_COTM\Solasta.exe () [File not signed] FirewallRules: [{F1C6613A-B620-4467-852C-B93A3B6D3AEB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{A8128EED-AEA4-40F3-BB3A-29F1FB1FE430}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc. -> Python Software Foundation) FirewallRules: [{7D2084F5-9C7D-4937-A5D3-2FE0D61203C1}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc. -> Plex, Inc.) FirewallRules: [{4842374E-67C2-4788-8E34-981FF45B5A77}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc. -> ) FirewallRules: [{108B6599-35FA-4BD8-AA0C-3AD9E2F8A65E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Game Transcoder\Plex Game Transcoder.exe (Plex, Inc. -> ) FirewallRules: [{268AAA5C-AA69-4A4D-8BF7-ED2AF000AFEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{E3D08B33-1359-4D49-8681-C442CF10B470}] => (Allow) D:\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe () [File not signed] FirewallRules: [{FAC4F94A-20F0-44EB-BD8B-E772B108F876}] => (Allow) D:\Steam\steamapps\common\IL 2 Sturmovik 1946\il2fb.exe () [File not signed] FirewallRules: [{3FFB320C-0D9B-433D-BBAA-4844C69BE0A9}] => (Allow) D:\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{8FC7D952-A5E2-4AE7-9970-1E6F65934974}] => (Allow) D:\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> ) FirewallRules: [{8F34F724-8C4E-4CA3-AF4B-DED193D90327}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{664B8807-4532-4CD7-8202-4A9E3466E260}] => (Allow) D:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software) DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 ==================== Restore Points ========================= 13-03-2021 01:25:42 Windows Modules Installer ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/23/2021 06:29:40 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Wait Workflow Commands request from device. Error: (03/23/2021 06:29:40 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Broadcast Receiver Server... Error: (03/23/2021 06:29:40 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Server... Error: (03/23/2021 06:29:40 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Server... Error: (03/23/2021 06:29:40 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[1]: 127.0.0.1 Error: (03/23/2021 06:29:40 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[0]: ::1 Error: (03/23/2021 06:29:40 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList.Length: 2 Error: (03/23/2021 06:29:40 PM) (Source: USBAppControl) (EventID: 32767) (User: ) Description: Wait Workflow Commands request from device. System errors: ============= Error: (03/23/2021 06:31:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/23/2021 06:31:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (03/23/2021 06:28:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The APC Data Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/23/2021 06:28:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Witopia Personal VPN service terminated unexpectedly. It has done this 1 time(s). Error: (03/23/2021 06:28:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Genuine Monitor Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/23/2021 06:28:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s). Error: (03/23/2021 06:28:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s). Error: (03/23/2021 06:28:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =============== Date: 2021-03-23 18:21:29 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 1008 05/29/2014 Motherboard: ASUSTeK COMPUTER INC. Z97-A Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz Percentage of memory in use: 39% Total physical RAM: 16324.36 MB Available physical RAM: 9904.17 MB Total Virtual: 32708.36 MB Available Virtual: 24591.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:464.69 GB) (Free:192.18 GB) NTFS Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:258.48 GB) NTFS Drive e: (Plex) (Fixed) (Total:931.51 GB) (Free:125.24 GB) NTFS \\?\Volume{5a8378cd-54ef-11e4-a940-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS \\?\Volume{dc525a10-0000-0000-0000-c03274000000}\ () (Fixed) (Total:0.51 GB) (Free:0.07 GB) NTFS \\?\Volume{dc525a10-0000-0000-0000-295474000000}\ () (Fixed) (Total:0.44 GB) (Free:0.43 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: DC525A10) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=526 MB) - (Type=27) Partition 4: (Not Active) - (Size=455 MB) - (Type=07 NTFS) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 913D08B5) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 729AB5E5) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ======================= Link to post Share on other sites More sharing options...
kevinf80 Posted March 24, 2021 ID:1446839 Share Posted March 24, 2021 Hiya nastyemu, Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me see those logs inyour reply... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
nastyemu Posted March 24, 2021 Author ID:1446852 Share Posted March 24, 2021 Fix result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021 Ran by mbryce (24-03-2021 09:56:09) Run:1 Running from C:\Users\mbryce\Downloads Loaded Profiles: mbryce & Melissa & RDV GRAPHICS SERVICE Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION Task: {1B22A5AB-A3A6-4AA4-84DA-B734DE893AFD} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {33EFF9D6-B035-4AB3-9613-29C058F95580} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {4A25FC4F-6BC0-4292-95A7-B9774C7BB8DD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {62C44B7C-7F32-4962-97A9-900CDFB1CEA1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {63C16786-08EE-448B-B016-383CC7DCCFC0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {664D4EFF-A098-45DE-9345-B3BCD24D1D8E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {6BAD67F9-F462-4451-A8F2-6FC4EEB248E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {6C380986-7F28-4500-BE33-88B52CC6B1AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {7964C7E4-4D1B-453A-9946-6F003FFA91EE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9A28F5EA-4373-4C65-A67B-D1EC9E829771} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {DD775855-681D-4891-8080-74CA00C6C1D6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {F202F0B3-9888-4163-91D3-A656739093E5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION U3 idsvc; no ImagePath ProxyServer: [S-1-5-21-25378543-2701485168-1019906018-1000] => http=127.0.0.1:8888;https=127.0.0.1:8888 ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => -> No File BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File FirewallRules: [{E0FC8FAF-4064-4B66-82F4-2147984EC945}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [{1F9A47B4-5B34-4006-876E-32B51DAFCED9}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe => No File FirewallRules: [UDP Query User{15BFEE23-2F6C-4954-9878-8FE3EC9E56CC}E:\serviio\jre\bin\javaw.exe] => (Allow) E:\serviio\jre\bin\javaw.exe => No File FirewallRules: [TCP Query User{684B44B8-0893-4A6D-B5E4-2EFF5C6E3240}E:\serviio\jre\bin\javaw.exe] => (Allow) E:\serviio\jre\bin\javaw.exe => No File FirewallRules: [{E976088F-59B3-47FF-9AB2-A823ED997E27}] => (Allow) LPort=54955 FirewallRules: [{51BD0D04-59E0-486B-B3F8-F67E36B12324}] => (Allow) LPort=54950 FirewallRules: [{78A1FD18-3132-4A79-8374-1D2E34B1268E}] => (Allow) LPort=54925 FirewallRules: [UDP Query User{DDFD0D86-443B-4D3F-AB52-D7E55BD8FB38}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File FirewallRules: [TCP Query User{77F22BF3-CD04-436A-BCD1-B7B280437D02}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe] => (Allow) D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe => No File FirewallRules: [UDP Query User{703D34C2-97E6-4E3C-8F4C-1BF6E033C932}D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe => No File FirewallRules: [TCP Query User{A4654473-1221-46AB-A1D8-1733DA135106}D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe => No File FirewallRules: [UDP Query User{E8CFF0C8-B864-4484-B550-AC7FA52BA3A2}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File FirewallRules: [TCP Query User{AA587C59-B5DB-4449-873E-7E7DC1E21EB8}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File FirewallRules: [UDP Query User{3A6BED7C-A72B-4546-B46D-524BD5181CAA}D:\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) D:\steam\steamapps\common\trine 2\trine2_32bit.exe => No File FirewallRules: [TCP Query User{F093F20B-0144-4C1F-B96F-AD00546D38DC}D:\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Block) D:\steam\steamapps\common\trine 2\trine2_32bit.exe => No File FirewallRules: [{C53FEA02-A036-406F-A273-23F6D41CC1F9}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{64798C13-46F7-4EBC-9D6A-F8E7CB2D04A6}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File FirewallRules: [{73F9CD1B-185A-4620-B40C-20CCCBC71291}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{3F52BFB0-CDD8-45B1-9D37-E19821D2F53E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{E0B45771-AAB0-4A5D-81E4-7D7F5E9E644A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe => No File FirewallRules: [{5B5B2B2F-D518-46BF-A7E3-E1A68E5E6FFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe => No File FirewallRules: [{8209823F-4978-43D1-9DBC-8C33C8D57555}] => (Allow) C:\Program Files\Vuze\Azureus.exe => No File FirewallRules: [{0FB2C0A4-A2F8-468F-99C9-3E7559693169}] => (Allow) C:\Program Files\Vuze\Azureus.exe => No File FirewallRules: [{410EC988-94A9-442D-8654-B64D05C21BB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe => No File FirewallRules: [{DA16C0DE-7D66-4577-B6D7-335BBA9B489A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe => No File FirewallRules: [{BDFAC36B-B3B1-49E3-A5AB-DE05F1FD8677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe => No File FirewallRules: [{85F097C8-44CD-4B82-944A-2B5C54615E20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Savage Lands\SavageLands.exe => No File FirewallRules: [{C4FBBA75-E374-4DF0-AF8F-9ADB04795C07}] => (Allow) LPort=1900 FirewallRules: [{B3D0E405-BC56-4872-A588-2ED91487C8C9}] => (Allow) LPort=2869 FirewallRules: [{BC0B760F-3BBB-4B78-BADE-B61EA6E57042}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe => No File FirewallRules: [{7C9103D7-9172-4BFC-83F7-E26B29FB547C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe => No File FirewallRules: [UDP Query User{2E346ECC-4C2C-4627-A4C7-A6F1AE58D66C}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [TCP Query User{9BAF7B5F-9255-49A7-B4EC-6A24EDC3B2B9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File FirewallRules: [UDP Query User{5EBBCFD9-6179-4D50-A8A4-2F8FF5DEA928}C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe] => (Allow) C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe => No File FirewallRules: [TCP Query User{01440992-F2F1-4C28-950D-239F1C111647}C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe] => (Allow) C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe => No File FirewallRules: [{AB808A75-A2F3-4F2D-A1AD-8A358C9691E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [{439FAE2C-32BB-456D-BCDC-52CB72517139}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [{8A61981C-F241-4E1A-BBEA-CCB83A9B688B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe => No File FirewallRules: [{05A28FA0-4EA1-413A-8CA1-B6299E0CC9ED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe => No File FirewallRules: [{CB142CBA-D991-457B-A5C8-81D4D642F1C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe => No File FirewallRules: [{2828DE29-9B5B-41FC-9758-75959AC1F92B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crusader Kings II\CK2game.exe => No File FirewallRules: [{4DBE9A8D-028C-41B2-BE36-71973FA22CFC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{14B858D1-D4C0-4AF6-A2C8-562632F1B53B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{FC0278F9-97E4-4068-B9AC-A7C105893DF8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{E58CADED-8C63-41BB-AB92-008DEE11D934}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File FirewallRules: [{8CD5C0FD-24CE-4BA1-A67D-35CDDA274FD3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File FirewallRules: [{2695AA80-316C-4C74-B498-89ACD9633C78}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe => No File FirewallRules: [{24AD9EBD-7462-4DDC-9C9C-D8C8630FFC1F}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe => No File FirewallRules: [{1743B04D-9927-4707-8855-27FED9203497}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe => No File FirewallRules: [{A66D3107-CDB9-474F-8EE8-209ADAE3DFEA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe => No File FirewallRules: [{59EEAF3F-B0AA-4D0E-8778-9164BD6B47BE}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe => No File FirewallRules: [{103B3135-B952-4476-8F03-191A84B392AB}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe => No File FirewallRules: [{93AD3724-4DCE-4AC2-8FAD-87C049ECBE3C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe => No File FirewallRules: [{A2E9B1C3-C386-4C1E-8584-7AA87513A262}] => (Allow) C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe => No File FirewallRules: [{8346291D-D91E-41B5-BAB2-7571AF5D4D05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe => No File FirewallRules: [{B32ECB45-522D-4F9F-A8A0-754E5C730349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe => No File FirewallRules: [TCP Query User{24864025-0997-401F-828D-27363F0B1AD2}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe => No File FirewallRules: [UDP Query User{AA4560BF-881A-427B-B522-9B8048C04608}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe => No File FirewallRules: [{8A745E2D-EF12-4109-B1E4-F3DEEEC96BC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (I)\dosbox.exe => No File FirewallRules: [{E3C05CCC-5961-4760-BD3C-D14AD23E3D4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider (I)\dosbox.exe => No File FirewallRules: [{64A461CE-00BD-4ECB-8991-79A50B8A273E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File FirewallRules: [{78F0E6EA-953E-42EA-A0CC-B9C0029B51EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFSP.exe => No File FirewallRules: [{02B61059-DCB4-49D7-B0B6-44FAD68BF9B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File FirewallRules: [{AE110141-2D93-47B7-9550-C8B664798055}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Assassin's Creed IV Black Flag\AC4BFMP.exe => No File FirewallRules: [{E22EF908-612D-4F1F-8280-3A4449C0653D}] => (Allow) D:\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{095C60F7-6895-4F8F-865B-4B66FC1F3EC4}] => (Allow) D:\Steam\bin\steamwebhelper.exe => No File FirewallRules: [{AE8CFBA0-47D5-4CC0-AE6E-76054418477F}] => (Allow) D:\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [{C75C2293-BB0D-4AE3-AB08-48F6360EE47E}] => (Allow) D:\Steam\steamapps\common\Kerbal Space Program\KSP.exe => No File FirewallRules: [{8C2DF998-7215-4778-BA47-7646335705C8}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [{86C07647-D279-41C7-B4AD-9E04F8F13DC4}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [{93950630-8214-4882-8414-511EBE235CF2}] => (Allow) D:\Steam\steamapps\common\Rise of Flight 2.0\bin_game\release\ROF.exe => No File FirewallRules: [{CCA18A2A-9CE1-45F0-9C36-5B0EA74387C9}] => (Allow) D:\Steam\steamapps\common\Rise of Flight 2.0\bin_game\release\ROF.exe => No File FirewallRules: [{A7CB014C-CFE9-4816-93C5-ED09314A794D}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe => No File FirewallRules: [{E922CC8E-3DFB-4E3F-89A1-FD3B4F29E15F}] => (Allow) D:\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe => No File FirewallRules: [{A0BE368A-4B71-4E2F-9598-B6CAE532207B}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [{E41DCBF0-0B10-4EF7-997C-C71AC7D07B4D}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [{A67A120C-92D1-43A8-B46D-127097AAE884}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [{0D19CD90-5365-4511-A482-C3825BAECAE8}] => (Allow) D:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe => No File FirewallRules: [TCP Query User{885140C4-05D7-4DE1-9924-7E12A4E210EE}D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe] => (Allow) D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe => No File FirewallRules: [UDP Query User{CC5CAF9A-356C-4595-9711-4317D648050F}D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe] => (Allow) D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe => No File FirewallRules: [{D53168FE-4809-4E59-AF3E-B6696136F081}] => (Allow) D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File FirewallRules: [{18F79495-E8C5-468E-8BFC-4D5D7E29B953}] => (Allow) D:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File FirewallRules: [TCP Query User{8F791EBB-FE2A-448B-ACC0-D1F7857D3174}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\steam\steamapps\common\total war warhammer\warhammer.exe => No File FirewallRules: [UDP Query User{B08A79BA-76AA-40AF-A573-5E4FDDD54E93}D:\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) D:\steam\steamapps\common\total war warhammer\warhammer.exe => No File FirewallRules: [{561F0C4F-366B-45DF-87CD-9849E4158563}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{928C7460-F535-4B4E-875F-6DADD96C8FE2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [TCP Query User{BC04C175-871B-478C-B696-B812E7BF1567}C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File FirewallRules: [UDP Query User{A39FE9AE-43F2-4514-9D0E-C29713BE2B27}C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe] => (Allow) C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe => No File FirewallRules: [TCP Query User{0B874817-3906-4F94-9841-0B18E79CAE9F}C:\android\jre\bin\java.exe] => (Allow) C:\android\jre\bin\java.exe => No File FirewallRules: [UDP Query User{5491301D-CA17-4AD7-B1C9-85069F0CE20C}C:\android\jre\bin\java.exe] => (Allow) C:\android\jre\bin\java.exe => No File FirewallRules: [{3D926630-3317-4A69-9B21-C412525A42DC}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [{FB07D314-2784-4A53-A6B2-01136FBDE257}] => (Allow) D:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe => No File FirewallRules: [TCP Query User{94F56D7F-84B3-4C91-A620-87096234A8E8}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe => No File FirewallRules: [UDP Query User{AFE7EA43-333E-40C4-A9C8-60BB8616C3F5}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe => No File FirewallRules: [TCP Query User{0D15A715-1C43-4780-9345-D20C2C2949BE}D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe] => (Allow) D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe => No File FirewallRules: [UDP Query User{187654BA-15EB-4E05-8B73-6487871BC7BD}D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe] => (Allow) D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe => No File FirewallRules: [{6AAC8FDA-6088-427E-93E2-080C994A2C28}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File FirewallRules: [{8C23E012-E08D-4F6C-B11F-52621EB898D9}] => (Allow) D:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe => No File FirewallRules: [{67DFEB29-7EA3-4E36-A8D1-AC9ED64EFD75}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe => No File FirewallRules: [{C07F9AD2-1DF1-4874-99C5-C028397525B8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe => No File FirewallRules: [TCP Query User{394D4C4C-32A1-466F-B07F-AD413A1FD520}D:\lazyman\old\mitm\win\mitmdump.exe] => (Block) D:\lazyman\old\mitm\win\mitmdump.exe => No File FirewallRules: [UDP Query User{F5D4AEE4-9718-4D6C-BBE9-BD95314FC376}D:\lazyman\old\mitm\win\mitmdump.exe] => (Block) D:\lazyman\old\mitm\win\mitmdump.exe => No File cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: dism /online /cleanup-image /restorehealth cmd: sfc /scannow C:\Windows\Temp\*.* RemoveProxy: EmptyTemp: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\ProgramData\NTUSER.pol => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B22A5AB-A3A6-4AA4-84DA-B734DE893AFD}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B22A5AB-A3A6-4AA4-84DA-B734DE893AFD}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{33EFF9D6-B035-4AB3-9613-29C058F95580}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33EFF9D6-B035-4AB3-9613-29C058F95580}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A25FC4F-6BC0-4292-95A7-B9774C7BB8DD}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A25FC4F-6BC0-4292-95A7-B9774C7BB8DD}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62C44B7C-7F32-4962-97A9-900CDFB1CEA1}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C44B7C-7F32-4962-97A9-900CDFB1CEA1}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63C16786-08EE-448B-B016-383CC7DCCFC0}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63C16786-08EE-448B-B016-383CC7DCCFC0}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{664D4EFF-A098-45DE-9345-B3BCD24D1D8E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664D4EFF-A098-45DE-9345-B3BCD24D1D8E}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BAD67F9-F462-4451-A8F2-6FC4EEB248E5}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BAD67F9-F462-4451-A8F2-6FC4EEB248E5}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C380986-7F28-4500-BE33-88B52CC6B1AB}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C380986-7F28-4500-BE33-88B52CC6B1AB}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7964C7E4-4D1B-453A-9946-6F003FFA91EE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7964C7E4-4D1B-453A-9946-6F003FFA91EE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A28F5EA-4373-4C65-A67B-D1EC9E829771}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A28F5EA-4373-4C65-A67B-D1EC9E829771}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD775855-681D-4891-8080-74CA00C6C1D6}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD775855-681D-4891-8080-74CA00C6C1D6}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F202F0B3-9888-4163-91D3-A656739093E5}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F202F0B3-9888-4163-91D3-A656739093E5}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully HKLM\System\CurrentControlSet\Services\idsvc => removed successfully idsvc => service removed successfully "HKU\S-1-5-21-25378543-2701485168-1019906018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\PowerISO => removed successfully HKLM\Software\Classes\CLSID\{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\PowerISO => removed successfully HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0FC8FAF-4064-4B66-82F4-2147984EC945}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F9A47B4-5B34-4006-876E-32B51DAFCED9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{15BFEE23-2F6C-4954-9878-8FE3EC9E56CC}E:\serviio\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{684B44B8-0893-4A6D-B5E4-2EFF5C6E3240}E:\serviio\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E976088F-59B3-47FF-9AB2-A823ED997E27}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51BD0D04-59E0-486B-B3F8-F67E36B12324}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78A1FD18-3132-4A79-8374-1D2E34B1268E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DDFD0D86-443B-4D3F-AB52-D7E55BD8FB38}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{77F22BF3-CD04-436A-BCD1-B7B280437D02}D:\steam\steamapps\common\divinity original sin 2\defed\bin\eocapp.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{703D34C2-97E6-4E3C-8F4C-1BF6E033C932}D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A4654473-1221-46AB-A1D8-1733DA135106}D:\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E8CFF0C8-B864-4484-B550-AC7FA52BA3A2}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AA587C59-B5DB-4449-873E-7E7DC1E21EB8}D:\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3A6BED7C-A72B-4546-B46D-524BD5181CAA}D:\steam\steamapps\common\trine 2\trine2_32bit.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F093F20B-0144-4C1F-B96F-AD00546D38DC}D:\steam\steamapps\common\trine 2\trine2_32bit.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C53FEA02-A036-406F-A273-23F6D41CC1F9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64798C13-46F7-4EBC-9D6A-F8E7CB2D04A6}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73F9CD1B-185A-4620-B40C-20CCCBC71291}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F52BFB0-CDD8-45B1-9D37-E19821D2F53E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0B45771-AAB0-4A5D-81E4-7D7F5E9E644A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B5B2B2F-D518-46BF-A7E3-E1A68E5E6FFC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8209823F-4978-43D1-9DBC-8C33C8D57555}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FB2C0A4-A2F8-468F-99C9-3E7559693169}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{410EC988-94A9-442D-8654-B64D05C21BB0}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA16C0DE-7D66-4577-B6D7-335BBA9B489A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDFAC36B-B3B1-49E3-A5AB-DE05F1FD8677}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85F097C8-44CD-4B82-944A-2B5C54615E20}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4FBBA75-E374-4DF0-AF8F-9ADB04795C07}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3D0E405-BC56-4872-A588-2ED91487C8C9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC0B760F-3BBB-4B78-BADE-B61EA6E57042}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C9103D7-9172-4BFC-83F7-E26B29FB547C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2E346ECC-4C2C-4627-A4C7-A6F1AE58D66C}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BAF7B5F-9255-49A7-B4EC-6A24EDC3B2B9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5EBBCFD9-6179-4D50-A8A4-2F8FF5DEA928}C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{01440992-F2F1-4C28-950D-239F1C111647}C:\users\mbryce\appdata\local\temp\ign43d2.tmp\lmiignition.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB808A75-A2F3-4F2D-A1AD-8A358C9691E3}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{439FAE2C-32BB-456D-BCDC-52CB72517139}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A61981C-F241-4E1A-BBEA-CCB83A9B688B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05A28FA0-4EA1-413A-8CA1-B6299E0CC9ED}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB142CBA-D991-457B-A5C8-81D4D642F1C5}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2828DE29-9B5B-41FC-9758-75959AC1F92B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4DBE9A8D-028C-41B2-BE36-71973FA22CFC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14B858D1-D4C0-4AF6-A2C8-562632F1B53B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC0278F9-97E4-4068-B9AC-A7C105893DF8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E58CADED-8C63-41BB-AB92-008DEE11D934}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8CD5C0FD-24CE-4BA1-A67D-35CDDA274FD3}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2695AA80-316C-4C74-B498-89ACD9633C78}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24AD9EBD-7462-4DDC-9C9C-D8C8630FFC1F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1743B04D-9927-4707-8855-27FED9203497}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A66D3107-CDB9-474F-8EE8-209ADAE3DFEA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59EEAF3F-B0AA-4D0E-8778-9164BD6B47BE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{103B3135-B952-4476-8F03-191A84B392AB}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93AD3724-4DCE-4AC2-8FAD-87C049ECBE3C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2E9B1C3-C386-4C1E-8584-7AA87513A262}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8346291D-D91E-41B5-BAB2-7571AF5D4D05}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B32ECB45-522D-4F9F-A8A0-754E5C730349}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{24864025-0997-401F-828D-27363F0B1AD2}C:\program files (x86)\mirc\mirc.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AA4560BF-881A-427B-B522-9B8048C04608}C:\program files (x86)\mirc\mirc.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A745E2D-EF12-4109-B1E4-F3DEEEC96BC1}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3C05CCC-5961-4760-BD3C-D14AD23E3D4C}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64A461CE-00BD-4ECB-8991-79A50B8A273E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78F0E6EA-953E-42EA-A0CC-B9C0029B51EA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02B61059-DCB4-49D7-B0B6-44FAD68BF9B9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE110141-2D93-47B7-9550-C8B664798055}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E22EF908-612D-4F1F-8280-3A4449C0653D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{095C60F7-6895-4F8F-865B-4B66FC1F3EC4}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE8CFBA0-47D5-4CC0-AE6E-76054418477F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C75C2293-BB0D-4AE3-AB08-48F6360EE47E}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C2DF998-7215-4778-BA47-7646335705C8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{86C07647-D279-41C7-B4AD-9E04F8F13DC4}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{93950630-8214-4882-8414-511EBE235CF2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCA18A2A-9CE1-45F0-9C36-5B0EA74387C9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7CB014C-CFE9-4816-93C5-ED09314A794D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E922CC8E-3DFB-4E3F-89A1-FD3B4F29E15F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0BE368A-4B71-4E2F-9598-B6CAE532207B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E41DCBF0-0B10-4EF7-997C-C71AC7D07B4D}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A67A120C-92D1-43A8-B46D-127097AAE884}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D19CD90-5365-4511-A482-C3825BAECAE8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{885140C4-05D7-4DE1-9924-7E12A4E210EE}D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CC5CAF9A-356C-4595-9711-4317D648050F}D:\steam\steamapps\common\dayofinfamy\dayofinfamy.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D53168FE-4809-4E59-AF3E-B6696136F081}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18F79495-E8C5-468E-8BFC-4D5D7E29B953}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8F791EBB-FE2A-448B-ACC0-D1F7857D3174}D:\steam\steamapps\common\total war warhammer\warhammer.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B08A79BA-76AA-40AF-A573-5E4FDDD54E93}D:\steam\steamapps\common\total war warhammer\warhammer.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{561F0C4F-366B-45DF-87CD-9849E4158563}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{928C7460-F535-4B4E-875F-6DADD96C8FE2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BC04C175-871B-478C-B696-B812E7BF1567}C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A39FE9AE-43F2-4514-9D0E-C29713BE2B27}C:\users\mbryce\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.242\pluginhost.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0B874817-3906-4F94-9841-0B18E79CAE9F}C:\android\jre\bin\java.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5491301D-CA17-4AD7-B1C9-85069F0CE20C}C:\android\jre\bin\java.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D926630-3317-4A69-9B21-C412525A42DC}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB07D314-2784-4A53-A6B2-01136FBDE257}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{94F56D7F-84B3-4C91-A620-87096234A8E8}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AFE7EA43-333E-40C4-A9C8-60BB8616C3F5}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{0D15A715-1C43-4780-9345-D20C2C2949BE}D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{187654BA-15EB-4E05-8B73-6487871BC7BD}D:\lazyman beta\mlbamproxy\win\mlbamproxy.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AAC8FDA-6088-427E-93E2-080C994A2C28}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C23E012-E08D-4F6C-B11F-52621EB898D9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67DFEB29-7EA3-4E36-A8D1-AC9ED64EFD75}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C07F9AD2-1DF1-4874-99C5-C028397525B8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{394D4C4C-32A1-466F-B07F-AD413A1FD520}D:\lazyman\old\mitm\win\mitmdump.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5D4AEE4-9718-4D6C-BBE9-BD95314FC376}D:\lazyman\old\mitm\win\mitmdump.exe" => removed successfully ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Error: Unable to rebuild performance counter setting from system backup store, error code is 2 ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= "%WINDIR%\SysWOW64\lodctr.exe" /R ========= Info: Successfully rebuilt performance counter setting from system backup store ========= End of CMD: ========= ========= dism /online /cleanup-image /restorehealth ========= Deployment Image Servicing and Management tool Version: 10.0.19041.746 Image Version: 10.0.19042.804 [== 3.8% ] [== 4.5% ] [=== 5.5% ] [=== 6.5% ] [==== 7.4% ] [==== 8.4% ] [===== 9.1% ] [===== 10.0% ] [====== 11.0% ] [====== 12.0% ] [======= 13.0% ] [======== 14.0% ] [======== 14.9% ] [========= 15.9% ] [========= 16.9% ] [========== 17.9% ] [========== 18.9% ] [=========== 19.8% ] [=========== 20.3% ] [============ 21.1% ] [============ 21.7% ] [============ 21.8% ] [============ 22.0% ] [============= 22.9% ] [============= 23.9% ] [============== 24.9% ] [=============== 25.9% ] [=============== 26.9% ] [================ 27.8% ] [================ 28.8% ] [================= 29.8% ] [================= 30.8% ] [================== 31.3% ] [================== 32.3% ] [=================== 33.1% ] [=================== 33.7% ] [=================== 34.3% ] [==================== 35.3% ] [==================== 36.0% ] [===================== 36.6% ] [===================== 36.9% ] [===================== 37.2% ] [===================== 37.3% ] [===================== 37.7% ] [====================== 38.4% ] [====================== 39.1% ] [====================== 39.5% ] [======================= 39.8% ] [======================= 40.2% ] [======================= 40.8% ] [======================== 41.7% ] [======================== 42.5% ] [======================== 43.1% ] [========================= 44.1% ] [========================== 45.1% ] [========================== 46.0% ] [===========================47.0% ] [===========================48.0% ] [===========================49.0% ] [===========================49.4% ] [===========================49.5% ] [===========================49.5% ] [===========================49.7% ] [===========================49.8% ] [===========================49.9% ] [===========================50.0% ] [===========================50.0% ] [===========================50.0% ] [===========================50.0% ] [===========================50.1% ] [===========================50.2% ] [===========================50.3% ] [===========================50.4% ] [===========================50.4% ] [===========================50.6% ] [===========================50.7% ] [===========================50.8% ] [===========================51.0% ] [===========================51.1% ] [===========================51.2% ] [===========================51.2% ] [===========================51.3% ] [===========================51.3% ] [===========================51.4% ] [===========================51.5% ] [===========================51.6% ] [===========================51.6% ] [===========================51.7% ] [===========================51.8% ] [===========================51.8% ] [===========================51.8% ] [===========================51.9% ] [===========================52.0% ] [===========================52.1% ] [===========================52.1% ] [===========================52.2% ] [===========================52.2% ] [===========================52.4% ] [===========================52.5% ] [===========================52.5% ] [===========================52.8% ] [===========================53.1% ] [===========================53.1% ] [===========================53.2% ] [===========================53.4% ] [===========================53.6% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================54.7% ] [===========================55.7% ] [===========================55.8% ] [===========================56.8% ] [===========================57.7%= ] [===========================58.7%== ] [===========================59.7%== ] [===========================62.3%==== ] [===========================84.9%================= ] [==========================100.0%==========================] The restore operation completed successfully. The operation completed successfully. ========= End of CMD: ========= ========= sfc /scannow ========= Beginning system scan. This process will take some time. There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again. ========= End of CMD: ========= =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\.ses => moved successfully C:\Windows\Temp\AdobeARM.log => moved successfully C:\Windows\Temp\AdobeARM_Helper.log => moved successfully C:\Windows\Temp\adobegc.log => moved successfully C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses => moved successfully C:\Windows\Temp\ArmReport.ini => moved successfully C:\Windows\Temp\ArmUI.ini => moved successfully C:\Windows\Temp\ASPNETSetup_00000.log => moved successfully C:\Windows\Temp\ASPNETSetup_00001.log => moved successfully C:\Windows\Temp\chrome_installer.log => moved successfully C:\Windows\Temp\dd_vcredist_x86_20210128122236.log => moved successfully C:\Windows\Temp\dd_vcredist_x86_20210211084917.log => moved successfully C:\Windows\Temp\dd_vcredist_x86_20210222111837.log => moved successfully C:\Windows\Temp\JET1.tmp => moved successfully C:\Windows\Temp\JET10.tmp => moved successfully C:\Windows\Temp\JET11.tmp => moved successfully C:\Windows\Temp\JET12.tmp => moved successfully C:\Windows\Temp\JET13.tmp => moved successfully C:\Windows\Temp\JET14.tmp => moved successfully C:\Windows\Temp\JET15.tmp => moved successfully C:\Windows\Temp\JET16.tmp => moved successfully C:\Windows\Temp\JET17.tmp => moved successfully C:\Windows\Temp\JET18.tmp => moved successfully C:\Windows\Temp\JET19.tmp => moved successfully C:\Windows\Temp\JET2.tmp => moved successfully C:\Windows\Temp\JET24.tmp => moved successfully C:\Windows\Temp\JET25.tmp => moved successfully C:\Windows\Temp\JET26.tmp => moved successfully C:\Windows\Temp\JET27.tmp => moved successfully C:\Windows\Temp\JET28.tmp => moved successfully C:\Windows\Temp\JET29.tmp => moved successfully C:\Windows\Temp\JET2A.tmp => moved successfully C:\Windows\Temp\JET2B.tmp => moved successfully C:\Windows\Temp\JET2C.tmp => moved successfully C:\Windows\Temp\JET3.tmp => moved successfully C:\Windows\Temp\JET4.tmp => moved successfully C:\Windows\Temp\JET5.tmp => moved successfully C:\Windows\Temp\JET6.tmp => moved successfully C:\Windows\Temp\JET7.tmp => moved successfully C:\Windows\Temp\JET8.tmp => moved successfully C:\Windows\Temp\JET9.tmp => moved successfully C:\Windows\Temp\JETA.tmp => moved successfully C:\Windows\Temp\JETB.tmp => moved successfully C:\Windows\Temp\JETC.tmp => moved successfully C:\Windows\Temp\JETD.tmp => moved successfully C:\Windows\Temp\JETE.tmp => moved successfully C:\Windows\Temp\JETF.tmp => moved successfully C:\Windows\Temp\mat-debug-10080.log => moved successfully C:\Windows\Temp\mat-debug-11364.log => moved successfully C:\Windows\Temp\mat-debug-11440.log => moved successfully C:\Windows\Temp\mat-debug-11788.log => moved successfully C:\Windows\Temp\mat-debug-11912.log => moved successfully C:\Windows\Temp\mat-debug-12192.log => moved successfully C:\Windows\Temp\mat-debug-12648.log => moved successfully C:\Windows\Temp\mat-debug-13172.log => moved successfully C:\Windows\Temp\mat-debug-13300.log => moved successfully C:\Windows\Temp\mat-debug-13832.log => moved successfully C:\Windows\Temp\mat-debug-13940.log => moved successfully C:\Windows\Temp\mat-debug-14440.log => moved successfully C:\Windows\Temp\mat-debug-14496.log => moved successfully C:\Windows\Temp\mat-debug-15228.log => moved successfully C:\Windows\Temp\mat-debug-15716.log => moved successfully C:\Windows\Temp\mat-debug-16216.log => moved successfully C:\Windows\Temp\mat-debug-16776.log => moved successfully C:\Windows\Temp\mat-debug-17040.log => moved successfully C:\Windows\Temp\mat-debug-18552.log => moved successfully C:\Windows\Temp\mat-debug-18644.log => moved successfully C:\Windows\Temp\mat-debug-19448.log => moved successfully C:\Windows\Temp\mat-debug-19624.log => moved successfully C:\Windows\Temp\mat-debug-21424.log => moved successfully C:\Windows\Temp\mat-debug-21904.log => moved successfully C:\Windows\Temp\mat-debug-24324.log => moved successfully C:\Windows\Temp\mat-debug-24836.log => moved successfully C:\Windows\Temp\mat-debug-24952.log => moved successfully C:\Windows\Temp\mat-debug-27000.log => moved successfully C:\Windows\Temp\mat-debug-27116.log => moved successfully C:\Windows\Temp\mat-debug-27164.log => moved successfully C:\Windows\Temp\mat-debug-27940.log => moved successfully C:\Windows\Temp\mat-debug-28088.log => moved successfully C:\Windows\Temp\mat-debug-28292.log => moved successfully C:\Windows\Temp\mat-debug-29056.log => moved successfully C:\Windows\Temp\mat-debug-30028.log => moved successfully C:\Windows\Temp\mat-debug-320.log => moved successfully C:\Windows\Temp\mat-debug-33688.log => moved successfully C:\Windows\Temp\mat-debug-3436.log => moved successfully C:\Windows\Temp\mat-debug-3824.log => moved successfully C:\Windows\Temp\mat-debug-39688.log => moved successfully C:\Windows\Temp\mat-debug-4012.log => moved successfully C:\Windows\Temp\mat-debug-4656.log => moved successfully C:\Windows\Temp\mat-debug-5048.log => moved successfully C:\Windows\Temp\mat-debug-5892.log => moved successfully C:\Windows\Temp\mat-debug-600.log => moved successfully C:\Windows\Temp\mat-debug-6232.log => moved successfully C:\Windows\Temp\mat-debug-6360.log => moved successfully C:\Windows\Temp\mat-debug-7516.log => moved successfully C:\Windows\Temp\mat-debug-8788.log => moved successfully C:\Windows\Temp\MpCmdRun.log => moved successfully C:\Windows\Temp\MpSigStub.log => moved successfully C:\Windows\Temp\msedge_installer.log => moved successfully C:\Windows\Temp\Plex Media Server_20210128122220.log => moved successfully C:\Windows\Temp\Plex Media Server_20210128122220_000_pmsshutdown.log => moved successfully C:\Windows\Temp\Plex Media Server_20210128122220_002_pms.log => moved successfully C:\Windows\Temp\Plex Media Server_20210128122407.log => moved successfully C:\Windows\Temp\Plex Media Server_20210211084901.log => moved successfully C:\Windows\Temp\Plex Media Server_20210211084901_000_pmsshutdown.log => moved successfully C:\Windows\Temp\Plex Media Server_20210211084901_002_pms.log => moved successfully C:\Windows\Temp\Plex Media Server_20210211085033.log => moved successfully C:\Windows\Temp\Plex Media Server_20210222111821.log => moved successfully C:\Windows\Temp\Plex Media Server_20210222111821_000_pmsshutdown.log => moved successfully C:\Windows\Temp\Plex Media Server_20210222111821_002_pms.log => moved successfully C:\Windows\Temp\Plex Media Server_20210222111945.log => moved successfully C:\Windows\Temp\tem1785.tmp => moved successfully C:\Windows\Temp\tem446B.tmp => moved successfully C:\Windows\Temp\UpdHealthTools.msi => moved successfully C:\Windows\Temp\{670DA5FA-428A-4F20-91F6-00EF0F564892}-MicrosoftEdge_X64_88.0.705.56_88.0.705.53.exe5375b0e1 => moved successfully ========= End -> "C:\Windows\Temp\*.*" ======== ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-25378543-2701485168-1019906018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-25378543-2701485168-1019906018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-25378543-2701485168-1019906018-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-25378543-2701485168-1019906018-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-25378543-2701485168-1019906018-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-25378543-2701485168-1019906018-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 11821056 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 226720150 B Java, Flash, Steam htmlcache => 538481690 B Windows/system/drivers => 663257039 B Edge => 145363749 B Chrome => 318748511 B Firefox => 1561885822 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 23330 B ProgramData => 23330 B Public => 23330 B systemprofile => 23330 B systemprofile32 => 23330 B LocalService => 23330 B NetworkService => 286188 B mbryce => 705511477 B Melissa => 811013273 B RDV GRAPHICS SERVICE => 811036603 B DefaultAppPool => 811076317 B RecycleBin => 8381 B EmptyTemp: => 6.2 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 10:07:14 ==== Link to post Share on other sites More sharing options...
kevinf80 Posted March 24, 2021 ID:1446891 Share Posted March 24, 2021 Thanks for that log..... Link to post Share on other sites More sharing options...
nastyemu Posted March 24, 2021 Author ID:1446915 Share Posted March 24, 2021 Sophos completed without finding any threats. Logs attached. SophosVirusRemovalTool.log SophosVirusRemovalTool_cloud4.log 1 Link to post Share on other sites More sharing options...
kevinf80 Posted March 24, 2021 ID:1446922 Share Posted March 24, 2021 Hiya nastyemu, Thanks for those logs. How is your PC currently responding, any known issues or concerns... Thank you, Kevin.. Link to post Share on other sites More sharing options...
nastyemu Posted March 24, 2021 Author ID:1446925 Share Posted March 24, 2021 It's been running fine. Only issues are the original RTP notification that started this thread, and I don't know where that proxy would have come from. Link to post Share on other sites More sharing options...
kevinf80 Posted March 24, 2021 ID:1446928 Share Posted March 24, 2021 Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\WINDOWS\sysnative\cmd.exe Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Link to post Share on other sites More sharing options...
kevinf80 Posted March 26, 2021 ID:1447236 Share Posted March 26, 2021 Any progress...? Link to post Share on other sites More sharing options...
kevinf80 Posted March 29, 2021 ID:1447592 Share Posted March 29, 2021 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks Link to post Share on other sites More sharing options...
Recommended Posts