Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Downloading issues, suspected malware

Solved 
13K views 94 replies 2 participants last post by  DR.M 
#1 ·
Hello,
I am trying to help my son fix his computer. A little while back we installed a new cpu and attempted to install a new graphics card. The graphics card install crashed near the end and we gave up on that.
Recently he lost the Creative Cloud desktop app, and we can not reinstall or repair, or run the uninstaller. It asks if this program can make changes to the computer click yes and nothing happens.

Here is the system info from your app.

Tech Support Guy System Info Utility version 1.0.0.9
OS Version:
Processor: , CPU Count:
Total Physical RAM:
Graphics Card:
Hard Drives:
Motherboard:
System:
Antivirus: None

this is all I get when I run it.

this is the system info from settings.

Device name LightspeedMagic
Processor Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz 3.00 GHz
Installed RAM 12.0 GB
Device ID 3C9DA116-2E0C-46AE-B77C-4D27850E8C6D
Product ID 00325-80903-85640-AAOEM
System type 64-bit operating system, x64-based processor
Pen and touch Pen support

Edition Windows 10 Home
Version 20H2
Installed on ‎8/‎13/‎2020
OS build 19042.804
Experience Windows Feature Experience Pack 120.2212.551.0

Here is the FRST file

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-02-2021
Ran by maste (administrator) on LIGHTSPEEDMAGIC (Acer Aspire TC-780) (13-02-2021 12:49:01)
Running from C:\Users\maste\OneDrive\Desktop
Loaded Profiles: maste
Platform: Windows 10 Home Version 20H2 19042.804 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acer Incorporated -> ) C:\OEM\Preload\FUBService\FUBService.exe
(Acer Incorporated -> ) C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(Cermak Technologies, Inc. -> Cermak Technologies, Inc.) C:\Users\maste\Downloads\SysInfo.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <28>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a086f01cc7be643a\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\maste\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.165.0.28\OverwolfHelper64.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe <3>
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Overwolf Ltd -> Overwolf LTD) C:\Users\maste\AppData\Local\Overwolf\ProcessCache\0.165.0.28\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\x64\TabletDriverCore.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\maste\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16709128 2016-10-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PicstreamAgent] => C:\Program Files (x86)\Acer\AOP Framework\uwplauncher.exe [106712 2017-05-17] (Acer Incorporated -> )
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [TabletDriver] => C:\Huion Tablet\Huion Tablet.exe [240360 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-12] (Adobe Inc. -> )
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-03] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\maste\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [AcerPortal] => C:\ProgramData\acer\Acer Portal\launchPortal.exe [25816 2017-05-17] (Acer Incorporated -> )
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [GoogleChromeAutoLaunch_649DB5DA76989C5D1E48F43CAEF8330D] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680712 2021-01-12] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [7BAC650F2FE93794DC00E8EE27EDAE98A74B8DBB._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [TabletDriver] => C:\Huion Tablet\x64\TabletDriverCore.exe [321256 2020-06-29] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2021-01-24] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Run: [Discord] => C:\Users\maste\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: []
HKLM\...\Print\Monitors\HP B011 Status Monitor: C:\WINDOWS\system32\hpinkstsB011LM.dll [328552 2012-01-11] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2020-12-12]
ShortcutTarget: Huion Tablet.lnk -> C:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {038E180F-AAD3-4C14-8238-80F8DA9BFFB5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {084B8FAC-9272-493C-BC35-BB738668D614} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-03] (Google Inc -> Google Inc.)
Task: {0985F6E4-BFE0-4E48-B8C3-4ACA02F8C872} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0A5C28AC-842C-4EFE-967D-E9A72A992F0C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0DA72D10-6DBC-4A22-B81B-E3C11661C777} - System32\Tasks\App Explorer => C:\Users\maste\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7968424 2020-12-02] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {13542A40-A597-4AB1-A427-0AC157DCAE52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {158D9422-FC0B-43B4-8CB0-E0DAA357E360} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115056 2021-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2344109C-4DBD-45C8-BFD4-AFB8B0CAD9E5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115056 2021-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2430E803-B811-4973-A3AD-EE04EF0D889D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {3842674F-18DB-45B2-980D-36B4434D49CD} - System32\Tasks\User Boot Experience Task => C:\OEM\Preload\FUBService\FUBService.exe [30976 2015-05-13] (Acer Incorporated -> )
Task: {458DB9FD-97C5-49FE-A7AD-FAD97CDA4E47} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B41C04E-E232-4C45-B101-8A771496C00F} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [64320 2019-07-11] (Acer Incorporated -> Acer)
Task: {4F729288-3DAC-4780-B212-F7EB72DAC6D4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {53164ECF-A965-40AB-BC25-AEBB02A3A028} - System32\Tasks\Acer Collection Monitor Application => C:\Program Files (x86)\Acer\Acer Collection\ACEMon.exe [417072 2017-12-13] (Acer Incorporated -> Acer Incorporated)
Task: {5538FC51-33DF-45BC-B106-649D644842DA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {587ECF4D-0243-4DAB-89FF-2CAE9156276A} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {5CC9B486-35F7-4923-BFFC-BBC5004FD07F} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2017-02-21] (Acer Incorporated -> Acer Incorporated)
Task: {5D76023C-ED9C-4914-BD05-D5777B74CB47} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {63A144B5-1C5A-46C4-B836-849E4B0A74AB} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6A26167B-39CB-44B2-938E-8203DECE21C6} - System32\Tasks\Acer Collection Application => C:\Program Files (x86)\Acer\Acer Collection\ACEStd.exe [479024 2017-12-14] (Acer Incorporated -> )
Task: {737F0D81-0A46-4175-A561-BE63CF2701AF} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {789407BA-DEDF-44E8-9F9B-E850B9ADFFA3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {8A4FAD79-3F38-4BCC-AB65-47EA161B6F9F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B7DB483-A745-445F-B785-3ACF11CFBC75} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
Task: {974BD263-DD37-4C31-BB6F-58446322C762} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A5D4B322-79CF-43E4-B565-24DD306214E3} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-masterofpikmin@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {AEDB6896-7F2C-4AD8-9BD5-E4C494F4567C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BEA6042C-5B78-43D7-9FA9-94B2C488C707} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {CEE10D1E-8EE9-45BD-83C8-AECDCBC5C5C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D3F1F8D2-4A23-4DBA-9EDD-826CA37D0FE7} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [152880 2016-09-20] (Acer Incorporated -> )
Task: {DBCF583F-49C3-408F-8A54-2DDD3238C9D1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E203F715-C3B2-4131-97DE-F7DD9472A7A0} - System32\Tasks\AcerCloud => C:\ProgramData\acer\Acer Portal\launchPortal.exe [25816 2017-05-17] (Acer Incorporated -> )
Task: {E4A94BEE-6202-4778-8F6A-402601CB23A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5E12ECF-686C-48F5-8E2B-17C648560495} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1126296 2021-02-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {E5E74CBD-90A5-43B4-877A-1652AFBBECEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-03] (Google Inc -> Google Inc.)
Task: {FDE1E647-8AC9-45CA-8C00-D8DABA6B037D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FE70C9A3-50CF-49D6-AB88-4AE026C5DA67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 63.135.49.18 8.8.8.8
Tcpip\..\Interfaces\{5413129f-a941-4428-964b-85de71386189}: [DhcpNameServer] 63.135.49.18 8.8.8.8
Tcpip\..\Interfaces\{d3a5be22-a921-4fec-9158-07677d470c28}: [DhcpNameServer] 63.135.49.18 8.8.8.8

Edge:
=======
DownloadDir: C:\Users\maste\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\maste\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-13]

FireFox:
========
FF DefaultProfile: mn0wlhq0.default
FF ProfilePath: C:\Users\maste\AppData\Roaming\Mozilla\Firefox\Profiles\mn0wlhq0.default [2020-11-28]
FF Extension: (Amazon Assistant for Firefox) - C:\Users\maste\AppData\Roaming\Mozilla\Firefox\Profiles\mn0wlhq0.default\Extensions\abb-acer@amazon.com [2018-09-15] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Users\maste\AppData\Roaming\Mozilla\Firefox\Profiles\mn0wlhq0.default\Extensions\langpack-en-US@firefox.mozilla.org [2018-09-15] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Users\maste\AppData\Roaming\Mozilla\Firefox\Profiles\mn0wlhq0.default\Extensions\partnerdefaults@mozilla.com [2018-09-15] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-09-13] [Legacy]
FF Extension: (English (US) Language Pack) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\langpack-en-US@firefox.mozilla.org [2017-09-13] [Legacy]
FF Extension: (Mozilla Partner Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\partnerdefaults@mozilla.com [2017-09-13] [Legacy]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-4020477547-3387407824-3974748319-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\maste\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-13] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default [2021-02-13]
CHR Notifications: Default -> hxxps://findmedia.biz; hxxps://forums.techguy.org; hxxps://mail.google.com; hxxps://outlook.office.com; hxxps://play.pokemonshowdown.com; hxxps://www.facebook.com; hxxps://www.wvc.edu; hxxps://zmusic-online.com
CHR DefaultSearchURL: Default -> hxxps://pony.town/android-chrome-192x192.png
CHR Extension: (Slides) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-03]
CHR Extension: (Docs) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-03]
CHR Extension: (Google Drive) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-03]
CHR Extension: (Sheets) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Pony Town) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbgbhaephgcjdmeaeabdooicbnjfmico [2021-01-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]
CHR Profile: C:\Users\maste\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-17]
CHR Profile: C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-01-20]
CHR Extension: (Slides) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-16]
CHR Extension: (Relay) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adkcpkpghahmbopkjchobieckeoaoeem [2020-01-20] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/chrome-filter/27050dae444708fd9ad752716f9e27fa1230b1164ec5f8ddc850ba7f67cb4844/ChromeFilter.xml] <==== ATTENTION
CHR Extension: (Docs) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-16]
CHR Extension: (Google Drive) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-05-16]
CHR Extension: (YouTube) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-16]
CHR Extension: (GeoGebra Classic) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee [2020-01-20]
CHR Extension: (Kami Extension - PDF and Document Annotation) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2020-01-20]
CHR Extension: (Sheets) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-20]
CHR Extension: (Tracker for Chrome) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmgjiknkpcfkhgajgmpkkehdjmidlgl [2020-01-20] [UpdateUrl:hxxps://lightspeed-apps.s3.amazonaws.com/chrome-monitor/auto-update.xml] <==== ATTENTION
CHR Extension: (Classroom) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkbmdgjggcdajckdlbngdjonpchpaiea [2020-01-20] [UpdateUrl:hxxps://lsrelay-extensions-production.s3.amazonaws.com/classroom/27050dae444708fd9ad752716f9e27fa1230b1164ec5f8ddc850ba7f67cb4844/Classroom.xml] <==== ATTENTION
CHR Extension: (Google Classroom) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfhehppjhmmnlfbbopchdfldgimhfhfk [2019-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-20]
CHR Extension: (Cite This For Me: Web Citer) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nnnmhgkokpalnmbeighfomegjfkklkle [2020-01-20]
CHR Extension: (Gmail) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-16]
CHR Extension: (Chrome Media Router) - C:\Users\maste\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-01-20]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-03] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-10-09] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2017-08-23] (Dashlane -> Dashlane, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-07-24] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410424 2020-12-16] (NVIDIA Corporation -> NVIDIA)
R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-07-01] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2489176 2021-01-24] (Overwolf Ltd -> Overwolf LTD)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [508208 2019-09-26] (Acer Incorporated -> Acer Incorporated)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1676416 2020-07-27] (Rockstar Games, Inc. -> Rockstar Games)
S3 TwitchService; C:\Program Files\Common Files\Twitch\TwitchService.exe [331648 2021-01-01] (Twitch Interactive, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-07-05] (Bluestack Systems, Inc. -> Bluestack System Inc.)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.7\dbk64.sys [123104 2017-05-29] (Cheat Engine -> )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 Larmkanal; C:\WINDOWS\System32\drivers\Larmkanal.sys [33112 2015-09-02] (ADORIASOFT LLC -> Adoriasoft LLC)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319192 2019-09-21] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R3 Phosgene; C:\WINDOWS\system32\DRIVERS\Phosgene.sys [34136 2015-09-02] (ADORIASOFT LLC -> Adoriasoft LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-13 12:46 - 2021-02-13 12:49 - 000000000 ____D C:\FRST
2021-02-13 12:46 - 2021-02-13 12:47 - 000021479 _____ C:\Users\maste\Downloads\FRST.txt
2021-02-13 12:27 - 2021-02-13 12:27 - 003219792 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up (2).exe
2021-02-13 12:13 - 2021-02-13 12:13 - 003219808 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up (1).exe
2021-02-12 20:10 - 2021-02-12 20:10 - 003217256 _____ (Adobe Inc.) C:\Users\maste\Downloads\Illustrator_Set-Up.exe
2021-02-12 20:05 - 2021-02-12 20:05 - 003219808 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up.exe
2021-02-12 19:26 - 2021-02-12 19:26 - 000000000 ___HD C:\temp
2021-02-11 13:29 - 2021-02-11 13:29 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-11 13:28 - 2021-02-11 13:28 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-10 18:55 - 2021-02-10 18:55 - 000000000 ___HD C:\$SysReset
2021-02-10 14:41 - 2021-02-10 14:50 - 001983700 _____ C:\WINDOWS\Minidump\021021-28421-01.dmp
2021-02-07 18:43 - 2021-02-07 18:43 - 000001487 _____ C:\Users\maste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord.lnk
2021-02-07 12:12 - 2021-02-07 12:22 - 000572324 _____ C:\WINDOWS\Minidump\020721-31984-01.dmp
2021-02-07 11:25 - 2021-02-07 11:25 - 000000112 ___SH C:\bootTel.dat
2021-02-07 11:08 - 2021-02-07 11:09 - 000000000 ____D C:\Users\maste\AppData\Local\Intel
2021-02-07 11:08 - 2021-02-07 11:08 - 000000000 ____D C:\Users\maste\AppData\LocalLow\Intel
2021-02-07 11:06 - 2020-09-11 11:36 - 000305992 _____ C:\WINDOWS\system32\libmfxhw64.dll
2021-02-07 11:06 - 2020-09-11 11:36 - 000254520 _____ C:\WINDOWS\SysWOW64\libmfxhw32.dll
2021-02-07 11:06 - 2020-09-11 11:36 - 000171472 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2021-02-07 11:06 - 2020-09-11 11:36 - 000146752 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2021-02-07 11:06 - 2020-09-11 11:35 - 026676016 _____ (Intel Corporation) C:\WINDOWS\system32\mfxplugin64_hw.dll
2021-02-07 11:06 - 2020-09-11 11:35 - 013519664 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\mfxplugin32_hw.dll
2021-02-07 11:06 - 2020-09-11 11:35 - 000507696 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-02-07 11:06 - 2020-09-11 11:35 - 000462640 _____ C:\WINDOWS\system32\ze_loader.dll
2021-02-07 11:06 - 2020-09-11 11:35 - 000370480 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-02-07 11:06 - 2020-09-11 11:35 - 000148784 _____ C:\WINDOWS\system32\ze_validation_layer.dll
2021-02-07 11:01 - 2021-02-07 11:06 - 000572364 _____ C:\WINDOWS\Minidump\020721-23875-01.dmp
2021-02-07 10:50 - 2021-02-07 10:50 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2021-02-07 10:46 - 2021-02-07 10:52 - 000728564 _____ C:\WINDOWS\Minidump\020721-30187-01.dmp
2021-02-07 10:26 - 2021-02-07 10:35 - 000693844 _____ C:\WINDOWS\Minidump\020721-32609-01.dmp
2021-02-07 10:08 - 2021-02-07 10:08 - 000001560 _____ C:\Users\maste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\461.40-desktop-win10-64bit-international-dch-whql.lnk
2021-02-07 09:27 - 2021-02-07 09:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-02-07 09:12 - 2021-02-07 09:12 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-02-07 09:05 - 2021-02-07 09:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-07 09:05 - 2021-02-07 09:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-07 09:05 - 2021-02-07 09:05 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-06 17:33 - 2021-02-06 17:33 - 000000000 ____D C:\NVIDIA
2021-02-06 13:42 - 2021-02-06 13:42 - 000000337 _____ C:\UBT_UninstallLog.txt
2021-02-02 22:03 - 2021-02-13 12:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-02-02 22:02 - 2021-02-13 12:36 - 001110642 _____ C:\WINDOWS\ntbtlog.txt
2021-02-02 21:04 - 2021-02-13 12:45 - 000000000 ____D C:\Users\maste\AppData\Local\CrashDumps
2021-02-02 20:56 - 2021-01-23 00:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-02-02 20:56 - 2021-01-23 00:15 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-02-02 20:56 - 2021-01-23 00:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-02-02 20:56 - 2021-01-23 00:14 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-02-02 20:56 - 2021-01-23 00:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-02-02 20:56 - 2021-01-23 00:14 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-02-02 20:56 - 2021-01-23 00:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-02-02 20:56 - 2021-01-23 00:14 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-02-02 20:56 - 2021-01-23 00:12 - 001512096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-02-02 20:56 - 2021-01-23 00:12 - 001164960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-02-02 20:56 - 2021-01-23 00:12 - 000689312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-02-02 20:56 - 2021-01-23 00:12 - 000680096 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-02-02 20:56 - 2021-01-23 00:12 - 000672928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-02-02 20:56 - 2021-01-23 00:12 - 000613536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-02-02 20:56 - 2021-01-23 00:12 - 000558240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-02-02 20:56 - 2021-01-23 00:12 - 000547488 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 008262304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 007392928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 005637792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 004611744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 002731168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 002103456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 001589408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 000813216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 000657056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-02-02 20:56 - 2021-01-23 00:11 - 000446624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-02-02 20:56 - 2021-01-23 00:10 - 007116680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-02-02 20:56 - 2021-01-23 00:10 - 006070848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-02-02 20:56 - 2021-01-23 00:10 - 000850080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-02-02 20:56 - 2021-01-22 14:59 - 000084264 _____ C:\WINDOWS\system32\nvinfo.pb
2021-02-02 20:48 - 2021-02-06 17:14 - 000000000 ____D C:\Users\maste\AppData\Local\NVIDIA
2021-02-02 20:48 - 2021-02-06 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-02-02 20:48 - 2021-02-02 20:48 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:48 - 2021-02-02 20:48 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:48 - 2021-02-02 20:48 - 000001451 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2021-02-02 20:48 - 2021-02-02 20:48 - 000000000 ____D C:\Users\maste\ansel
2021-02-02 20:48 - 2021-01-20 10:09 - 002797808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-02-02 20:48 - 2021-01-20 10:09 - 002154224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-02-02 20:48 - 2021-01-20 10:09 - 001295088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-02-02 20:48 - 2020-12-16 10:08 - 000070456 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-02-02 20:48 - 2020-12-16 10:08 - 000059192 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-02-02 20:47 - 2021-02-13 12:39 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-02 20:47 - 2021-02-06 17:14 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-02-02 20:47 - 2021-02-02 20:47 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-02-02 20:47 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-02-02 20:47 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-02-02 20:47 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-02-02 20:47 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-02-02 20:47 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-02-02 20:47 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-02-02 20:47 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-02-02 20:47 - 2021-01-11 08:26 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-02-02 20:47 - 2020-12-01 22:48 - 000169272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2021-02-02 20:47 - 2020-12-01 22:48 - 000145208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2021-02-02 20:47 - 2020-03-11 11:26 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2021-02-02 20:47 - 2020-03-06 02:03 - 000069840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2021-02-02 20:47 - 2020-03-04 04:54 - 000050592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-02-02 20:46 - 2021-02-02 20:46 - 127218536 _____ (NVIDIA Corporation New) C:\Users\maste\Downloads\GeForce_Experience_v3.21.0.33.exe
2021-02-02 20:09 - 2021-02-06 17:24 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-02-02 20:09 - 2021-02-06 17:14 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-02-02 20:07 - 2020-10-07 13:33 - 000230720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-02-02 20:07 - 2020-10-07 13:33 - 000047232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-01-27 01:45 - 2021-01-27 01:45 - 000182055 _____ C:\Users\maste\Downloads\Xs_5E_Sheet_Front.pdf
2021-01-24 21:13 - 2021-01-24 21:13 - 000000000 ____D C:\Users\maste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2021-01-20 16:31 - 2021-01-20 16:31 - 000008125 _____ C:\Users\maste\Downloads\GH-JohnBass.xmp
2021-01-20 16:27 - 2021-01-20 16:27 - 014191965 _____ C:\Users\maste\Downloads\GH-JohnBass.CR2
2021-01-15 12:32 - 2021-01-15 12:32 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-15 12:32 - 2021-01-15 12:32 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-15 12:32 - 2021-01-15 12:32 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-15 12:32 - 2021-01-15 12:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-15 12:31 - 2021-01-15 12:31 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-15 12:31 - 2021-01-15 12:31 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-15 12:31 - 2021-01-15 12:31 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-15 12:31 - 2021-01-15 12:31 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-15 12:31 - 2021-01-15 12:31 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-15 12:31 - 2021-01-15 12:31 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-15 12:31 - 2021-01-15 12:31 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-15 12:30 - 2021-01-15 12:30 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-15 12:30 - 2021-01-15 12:30 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-15 12:30 - 2021-01-15 12:30 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-15 12:30 - 2021-01-15 12:30 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-15 12:30 - 2021-01-15 12:30 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-15 12:30 - 2021-01-15 12:30 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-15 12:29 - 2021-01-15 12:29 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-15 12:29 - 2021-01-15 12:29 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-15 12:29 - 2021-01-15 12:29 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-15 12:28 - 2021-01-15 12:28 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 12:28 - 2021-01-15 12:28 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-15 12:28 - 2021-01-15 12:28 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-15 12:28 - 2021-01-15 12:28 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-15 12:28 - 2021-01-15 12:28 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-15 12:28 - 2021-01-15 12:28 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-15 12:27 - 2021-01-15 12:27 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-15 12:27 - 2021-01-15 12:27 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-15 12:27 - 2021-01-15 12:27 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-15 12:27 - 2021-01-15 12:27 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-15 12:27 - 2021-01-15 12:27 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-15 12:26 - 2021-01-15 12:26 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-15 12:26 - 2021-01-15 12:26 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-15 12:26 - 2021-01-15 12:26 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-15 12:25 - 2021-01-15 12:25 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-15 12:25 - 2021-01-15 12:25 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-15 12:25 - 2021-01-15 12:25 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-15 12:25 - 2021-01-15 12:25 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-15 12:25 - 2021-01-15 12:25 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-13 12:45 - 2020-08-16 15:57 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D1FB622E-B52A-43BA-BD63-6F666783E63D}
2021-02-13 12:38 - 2020-12-19 13:10 - 000000000 ____D C:\Users\maste\AppData\Local\Overwolf
2021-02-13 12:38 - 2017-12-25 17:29 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-13 12:37 - 2020-08-12 23:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-13 12:37 - 2020-08-12 23:04 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-13 12:37 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-13 12:37 - 2017-12-25 12:24 - 000000000 __SHD C:\Users\maste\IntelGraphicsProfiles
2021-02-13 12:37 - 2017-09-13 11:04 - 000000000 ___HD C:\Intel
2021-02-13 12:36 - 2019-12-07 01:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-13 11:20 - 2018-05-10 21:21 - 000000000 ____D C:\Users\maste\AppData\Local\Host App Service
2021-02-13 10:08 - 2018-01-17 20:36 - 000000000 ____D C:\Users\maste\AppData\Local\Adobe
2021-02-12 22:40 - 2019-10-21 11:59 - 000000000 ____D C:\Users\maste\AppData\Roaming\Discord
2021-02-12 21:43 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-12 20:00 - 2018-05-17 05:43 - 000000000 ____D C:\Users\maste\AppData\Local\D3DSCache
2021-02-12 19:26 - 2018-01-17 20:37 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-02-12 19:18 - 2018-01-20 10:23 - 000000000 ____D C:\Program Files\Adobe
2021-02-12 19:16 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-12 19:01 - 2020-08-12 23:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-12 17:25 - 2017-09-13 11:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-02-11 18:45 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-11 17:41 - 2018-02-17 08:25 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 17:39 - 2020-08-12 23:23 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-11 17:39 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-11 17:32 - 2020-08-12 23:05 - 000533960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-11 17:30 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-11 17:30 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-11 17:30 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-11 13:32 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-11 13:17 - 2020-08-11 22:54 - 000000000 ___HD C:\$WinREAgent
2021-02-11 13:15 - 2017-12-25 16:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-11 13:08 - 2017-12-25 16:20 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 19:31 - 2020-12-19 13:12 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-02-10 14:51 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-10 14:50 - 2020-10-10 12:35 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-10 14:41 - 2020-10-10 12:35 - 1464822431 _____ C:\WINDOWS\MEMORY.DMP
2021-02-07 12:25 - 2018-08-08 12:31 - 000000000 ____D C:\Users\maste\AppData\Local\NVIDIA Corporation
2021-02-07 11:55 - 2017-09-13 11:07 - 000000000 ____D C:\ProgramData\Intel
2021-02-07 11:10 - 2018-06-13 21:04 - 000000000 ____D C:\ProgramData\Packages
2021-02-07 11:10 - 2017-12-25 14:08 - 000000000 ____D C:\Users\maste\AppData\Local\Packages
2021-02-07 11:10 - 2017-12-25 12:24 - 000000000 ____D C:\Users\maste\AppData\Local\Publishers
2021-02-07 09:41 - 2017-12-25 16:26 - 000000000 ____D C:\Users\maste\AppData\Local\ElevatedDiagnostics
2021-02-07 09:15 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-07 09:15 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-07 09:15 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-07 09:15 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-07 09:15 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-07 09:15 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-07 09:15 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-06 23:30 - 2020-08-12 23:08 - 000000000 ____D C:\Users\maste
2021-02-06 17:21 - 2021-01-09 12:32 - 000000000 ___RD C:\Users\maste\Creative Cloud Files
2021-02-06 17:20 - 2020-08-12 23:31 - 000003508 _____ C:\WINDOWS\system32\Tasks\DashlaneUpgradeCheck
2021-02-06 17:14 - 2020-08-12 23:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2021-02-06 17:14 - 2018-08-10 02:14 - 000000000 ____D C:\Users\maste\AppData\Local\OEM
2021-02-06 17:14 - 2018-08-10 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2021-02-06 17:14 - 2017-09-13 11:29 - 000000000 ____D C:\Program Files (x86)\Acer
2021-02-06 17:14 - 2017-09-13 11:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2021-02-06 17:14 - 2017-09-13 11:28 - 000000000 ____D C:\Program Files\Acer
2021-02-06 17:14 - 2017-09-13 11:10 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2021-02-06 16:53 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\registration
2021-02-06 13:42 - 2017-09-13 11:28 - 000000000 ____D C:\ProgramData\OEM
2021-02-06 11:42 - 2020-08-12 23:31 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4020477547-3387407824-3974748319-1001
2021-02-06 11:42 - 2020-08-12 23:08 - 000002371 _____ C:\Users\maste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-06 11:42 - 2017-12-25 12:27 - 000000000 ___RD C:\Users\maste\OneDrive
2021-02-05 15:57 - 2019-07-10 21:27 - 000000000 ____D C:\Users\maste\AppData\Local\User Data
2021-02-05 15:49 - 2020-06-26 00:31 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-05 15:36 - 2019-07-10 21:16 - 000000000 ____D C:\Users\maste\OneDrive\Documents\Games I made
2021-02-05 15:31 - 2020-04-05 22:06 - 000000000 ____D C:\Users\maste\AppData\Roaming\audacity
2021-02-05 06:14 - 2020-08-12 23:31 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-05 06:14 - 2020-08-12 23:31 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-04 14:46 - 2018-03-03 15:27 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-04 14:10 - 2018-12-01 10:03 - 000000000 ____D C:\Users\maste\OneDrive\Documents\Hacking
2021-02-04 12:07 - 2017-12-31 15:58 - 000000000 ____D C:\Users\maste\AppData\Roaming\.minecraft
2021-02-03 13:28 - 2018-08-21 16:33 - 000000000 ___HD C:\adobeTemp
2021-02-02 22:22 - 2017-09-13 11:29 - 000000000 ____D C:\ProgramData\Acer
2021-02-02 22:22 - 2017-04-04 22:41 - 000000000 ___HD C:\OEM
2021-02-02 18:09 - 2020-09-18 17:57 - 000000000 ____D C:\Users\maste\AppData\Local\Game Dev Tycoon - Steam
2021-02-02 00:06 - 2019-12-19 13:18 - 000000000 ____D C:\Users\maste\OneDrive\Documents\Reaction Videos
2021-02-01 12:14 - 2020-12-30 17:55 - 000000000 ____D C:\Users\maste\OneDrive\Documents\Forvaln Side B
2021-01-27 18:19 - 2021-01-11 10:03 - 000000000 ____D C:\Users\maste\AppData\Roaming\substancelinkopentcp
2021-01-27 18:19 - 2021-01-11 09:22 - 000000000 ____D C:\Users\maste\OneDrive\Documents\3ds Max 2021
2021-01-26 12:17 - 2018-06-02 13:45 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-25 23:07 - 2020-06-27 09:52 - 000000000 ____D C:\Users\maste\OneDrive\Documents\Its a secret to everyone
2021-01-23 22:36 - 2020-04-14 10:19 - 000000000 ____D C:\Users\maste\OneDrive\Documents\My Kindle Content
2021-01-21 23:41 - 2017-12-31 17:52 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-19 11:14 - 2020-08-12 23:31 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-19 11:14 - 2020-08-12 23:31 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-18 14:13 - 2021-01-11 07:52 - 000000000 ____D C:\Users\maste\OneDrive\Documents\engr
2021-01-18 13:34 - 2020-12-30 13:28 - 000002175 _____ C:\ProgramData\Desktop\AutoCAD 2021 - English.lnk
2021-01-18 13:34 - 2020-12-30 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2021 - English
2021-01-18 00:28 - 2020-12-30 13:30 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-01-16 02:28 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-16 02:28 - 2019-12-07 01:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-16 02:28 - 2019-12-07 01:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-15 12:25 - 2020-08-12 23:08 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-14 23:36 - 2020-02-21 20:30 - 000000000 ____D C:\Users\maste\AppData\Roaming\WeMod
2021-01-14 23:34 - 2019-07-19 20:24 - 000000000 ____D C:\Users\maste\AppData\Local\Battle.net

==================== Files in the root of some directories ========

2018-02-26 16:56 - 2019-10-21 16:08 - 000000033 _____ () C:\Users\maste\AppData\Roaming\AdobeWLCMCache.dat
2019-02-14 21:35 - 2019-06-15 20:16 - 000001456 _____ () C:\Users\maste\AppData\Local\Adobe Save for Web 13.0 Prefs
2018-10-05 21:40 - 2018-10-05 21:40 - 000000000 _____ () C:\Users\maste\AppData\Local\oobelibMkey.log
2020-12-12 17:37 - 2020-12-12 17:37 - 000001313 _____ () C:\Users\maste\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
See less See more
#2 ·
Here is the Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2021
Ran by maste (13-02-2021 12:53:40)
Running from C:\Users\maste\OneDrive\Desktop
Windows 10 Home Version 20H2 19042.804 (X64) (2020-08-13 07:32:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4020477547-3387407824-3974748319-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4020477547-3387407824-3974748319-503 - Limited - Disabled)
Guest (S-1-5-21-4020477547-3387407824-3974748319-501 - Limited - Disabled)
maste (S-1-5-21-4020477547-3387407824-3974748319-1001 - Administrator - Enabled) => C:\Users\maste
WDAGUtilityAccount (S-1-5-21-4020477547-3387407824-3974748319-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 18.06 (HKLM-x32\...\7-Zip) (Version: 18.06 - Igor Pavlov)
ACA & MEP 2021 Object Enabler (HKLM\...\{28B89EEF-4104-0000-5102-CF3F3A09B77D}) (Version: 8.3.51.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-4101-0000-3102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Acer Collection (HKLM-x32\...\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}) (Version: 1.01.3011 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Jumpstart (HKLM-x32\...\{4B92BFBE-917D-4FA1-97E9-DB9D91286E90}) (Version: 3.0.18135.100 - Acer)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3028 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2018 (HKLM-x32\...\DRWV_18_0) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2019 (HKLM-x32\...\AME_13_0_2) (Version: 13.0.2 - Adobe Systems Incorporated)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_1) (Version: 22.1.0.94 - Adobe Inc.)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_2) (Version: 13.1.2 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_1_2) (Version: 12.1.2 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
App Explorer (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Host App Service) (Version: 0.273.4.186 - SweetLabs) <==== ATTENTION
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
AutoCAD 2021 - English (HKLM\...\{28B89EEF-4101-0409-2102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 (HKLM\...\{28B89EEF-4101-0000-0102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 Language Pack - English (HKLM\...\{28B89EEF-4101-0409-1102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Autodesk 3ds Max 2021 (HKLM\...\{35156605-CE91-4AF6-8207-56211CB30369}) (Version: 23.0.0.915 - Autodesk, Inc.)
Autodesk 3ds Max 2021 (HKLM\...\{91A3588B-1DB9-428B-A176-A53115C6199F}) (Version: 23.0.0.915 - Autodesk) Hidden
Autodesk Advanced Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{C9FDA270-A0B9-45EE-8748-F37DF1370767}) (Version: 19.1.23.0 - Autodesk)
Autodesk Advanced Material Library Low Resolution Image Library 2021 (HKLM-x32\...\{AB7DC10F-1D72-4F90-988F-CDC2D6323A48}) (Version: 19.1.23.0 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{B4545986-9002-4090-9E58-44F985F2FF4F}) (Version: 19.1.23.0 - Autodesk)
Autodesk App Manager 2020-2021 (HKLM-x32\...\{DB92FEA7-F78C-469E-B138-E2303220F0C4}) (Version: 3.1.0 - Autodesk)
Autodesk AutoCAD 2021 - English (HKLM\...\AutoCAD 2021 - English) (Version: 24.0.47.0 - Autodesk)
Autodesk Civil View for 3ds Max 2021 64-bit (HKLM\...\{43B796D5-A9A8-4D44-AF8A-D3FBD1BF68A9}) (Version: 23.0.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
Autodesk Featured Apps 2020-2021 (HKLM-x32\...\{2CBD494D-0A3E-4CB3-AFB3-8CE1734613B0}) (Version: 3.1.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2021 (HKLM\...\{73D22C9F-BA87-46A8-B8FD-F11759C723E1}) (Version: 23.0 - Autodesk) Hidden
Autodesk Material Library 2021 (HKLM-x32\...\{8C559572-4A10-43C2-9346-6E7C7E012487}) (Version: 19.1.23.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{EFC36459-CD89-44F3-BA04-B7C5804199AF}) (Version: 19.1.23.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{69D8FFED-B14E-4998-BBC2-535006E195D6}) (Version: 19.1.23.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max 2021 (HKLM\...\{0BB716E0-2100-0610-0000-097DC2F354DF}) (Version: 21.0.0.383 - Autodesk) Hidden
Autodesk Revit Unit Schemas 2021 (HKLM\...\{CDCC6F31-2021-4900-8E9B-D562B70697B6}) (Version: 21.0.0.383 - Autodesk) Hidden
Autodesk Save to Web and Mobile (HKLM\...\{A9005AC0-4AD8-4E84-B1F7-EE38BB6BCC2D}) (Version: 3.0.26 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk)
Autodesk SketchBook (HKLM\...\{AE6C5657-8710-4968-BEB5-1E2ED89CB2D2}) (Version: 8.71.0000 - Autodesk)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.110.0.1081 - BlueStack Systems, Inc.)
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine)
CurseForge (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.4 - Overwolf app)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.7703.01 - CyberLink Corp.)
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.17.0 - Dashlane, Inc.)
Discord (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EverQuest II (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\DG0-EverQuest II) (Version: - Sony Online Entertainment)
FaceRig virtual audio driver version 1.0 (HKLM-x32\...\{D605CD1D-D626-4740-B657-86DC30723FCF}_is1) (Version: 1.0 - Adoriasoft LLC)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
FireAlpaca 2.4.2 (64bit) (HKLM\...\FireAlpaca64_is1) (Version: 2.4.2 - firealpaca.com)
GitHub Desktop (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\GitHubDesktop) (Version: 1.1.1 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.146 - Google LLC)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Huion Tablet v14.8.137.1273 (HKLM\...\{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.8.137.1273 - )
Inkscape 0.92.4 (HKLM-x32\...\Inkscape) (Version: 0.92.4 - Inkscape Project)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03929cf1-3ae4-4765-b8b3-32b8e2e26a8d}) (Version: 19.60.0 - Intel Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\{ED501254-06B8-4883-B7F3-4799C9EDD288}_is1) (Version: 1.3.1 - Squad)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
MEmu (HKLM-x32\...\MEmu) (Version: 7.0.1.0 - Microvirt Software Technology Co. Ltd.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{BAF67399-85CD-4555-9B49-1F80EB921C35}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1 - Mozilla)
NVIDIA FrameView SDK 1.1.4923.29512933 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29512933 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.21.0.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.165.0.28 - Overwolf Ltd.)
Paradox Launcher v2 (HKLM\...\{F0072197-FCF6-41BF-9D38-832B145922DC}) (Version: 2.0.0.0 - Paradox Interactive)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PDFConverterHQ Internet Explorer Homepage and New Tab (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\PDFConverterHQTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.)
PESTERCHUM (HKLM-x32\...\Pesterchum) (Version: - )
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.26.268 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.1 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Substance in 3ds Max 2021 (HKLM\...\{9292BE37-96B0-473E-8502-675FCC31D13F}) (Version: 2.3.1 - Allegorithmic)
SURVEY_PROGRAM (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\SURVEY_PROGRAM) (Version: - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.63.136.1010 - Electronic Arts Inc.)
Twitch Studio (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372B0}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WebM Project Directshow Filters (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\webmdshow) (Version: - )
WeMod (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\WeMod) (Version: 6.3.12 - WeMod)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Zoom (HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

Packages:
=========
abFiles -> C:\Program Files\WindowsApps\AcerIncorporated.abFiles_1.0.7.0_x86__48frkmn4z8aw4 [2021-02-06] (Acer Incorporated)
abPhoto -> C:\Program Files\WindowsApps\AcerIncorporated.6245439DEEE9E_1.0.10.0_x86__48frkmn4z8aw4 [2021-02-06] (Acer Incorporated)
Acer Collection -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollection_1.1.3013.0_x64__48frkmn4z8aw4 [2021-02-06] (Acer Incorporated)
Acer Portal -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPortal_1.1.9.0_x86__48frkmn4z8aw4 [2021-02-06] (Acer Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-02-06] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2021-02-06] (Amazon.com)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2021-02-06] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.1.17.0_x86__kgqvnymyfvs32 [2021-02-06] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.186.300.0_x86__kgqvnymyfvs32 [2021-02-11] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.7.11.0_x86__h6adky7gbf63m [2021-02-06] (Gameloft SE)
eBay -> C:\Program Files\WindowsApps\eBay_1.0.1606.2210_x64__96rgg7pjt343r [2021-02-06] (CN=Acer Incorporated)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_10.8.4.0_x86__q4d96b2w5wcc2 [2021-02-11] (Evernote)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-11] (HP Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-02-07] (INTEL CORP) [Startup Task]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.3.1.1_x86__h6adky7gbf63m [2021-02-06] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10111.5575.0_x64__8wekyb3d8bbwe [2021-02-11] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.20102.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Studios)
Music Maker Jam -> C:\Program Files\WindowsApps\MAGIX.MusicMakerJam_3.1.1.0_x64__a2t3txkz9j1jw [2021-02-06] (MAGIX)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-02-06] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-02-06] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation)
Priceline -> C:\Program Files\WindowsApps\Priceline_1.0.1606.2210_x64__96rgg7pjt343r [2021-02-06] (CN=Acer Incorporated)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-02-06] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0 [2021-02-06] (Spotify AB) [Startup Task]
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2021-02-06] (WildTangent Games)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2021-02-06] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2021\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-388A321F2562} -> [Creative Cloud Files] => C:\Users\maste\Creative Cloud Files [2021-01-09 12:32]
CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2021\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2021\en-US\acadficn.dll (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2021\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll => No File
ShellServiceObjects-x32: No Name -> {003e0278-eca8-4bb8-a256-3689ca1c2600} =>
ShellServiceObjects-x32: No Name -> {3BF043EF-A974-49B3-8322-B853CF1E5EC5} =>
ShellServiceObjects-x32: No Name -> {68ddbb56-9d1d-4fd9-89c5-c0da2a625392} =>
ShellServiceObjects-x32: No Name -> {7849596a-48ea-486e-8937-a2a3009f31a9} =>
ShellServiceObjects-x32: No Name -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} =>
ShellServiceObjects-x32: No Name -> {811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB} =>
ShellServiceObjects-x32: No Name -> {900c0763-5cad-4a34-bc1f-40cd513679d5} =>
ShellServiceObjects-x32: No Name -> {AAA288BA-9A4C-45B0-95D7-94D524869DB5} =>
ShellServiceObjects-x32: No Name -> {B5CFEB0E-9C01-4942-A5CB-F62EB09D808F} =>
ShellServiceObjects-x32: No Name -> {DA67B8AD-E81B-4c70-9B91-B417B5E33527} =>
ShellServiceObjects-x32: No Name -> {EF4D1E1A-1C87-4AA8-8934-E68E4367468D} =>
ShellServiceObjects-x32: No Name -> {F08C5AC2-E722-4116-ADB7-CE41B527994B} =>
ShellServiceObjects-x32: No Name -> {F20487CC-FC04-4B1E-863F-D9801796130B} =>
ShellServiceObjects-x32: No Name -> {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} =>
ShellServiceObjects-x32: No Name -> {fbeb8a05-beee-4442-804e-409d6c4515e9} =>
ShellServiceObjects-x32: No Name -> {ff363bfe-4941-4179-a81c-f3f1ca72d820} =>
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-05-17] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-05-17] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2017-05-17] (Acer Incorporated -> Acer Incorporated)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2020-01-22] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\maste\OneDrive\Documents\Hacking\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-03] (Adobe Inc. -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2020-01-22] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\maste\OneDrive\Documents\Hacking\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d67c20d727d4578c\nvshext.dll [2021-01-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\maste\OneDrive\Documents\Hacking\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-03] (Adobe Inc. -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\maste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pony Town.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hbgbhaephgcjdmeaeabdooicbnjfmico
ShortcutWithArgument: C:\Users\maste\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pony Town.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=hbgbhaephgcjdmeaeabdooicbnjfmico

==================== Loaded Modules (Whitelisted) =============

2020-08-25 13:46 - 2020-01-15 12:27 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL.DLL
2020-08-25 13:46 - 2020-01-15 12:27 - 003090944 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2.dll
2020-12-12 14:40 - 2020-04-21 08:51 - 000221184 _____ (Graphics Tablet) [File not signed] C:\WINDOWS\system32\wintab32.dll
2018-12-01 12:47 - 2018-04-30 04:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Users\maste\OneDrive\Documents\Hacking\7-Zip\7-zip.dll
2020-08-25 13:46 - 2020-03-16 13:05 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-08-25 13:47 - 2020-03-16 13:06 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-08-25 13:47 - 2020-01-15 12:27 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 003513344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 054071296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-26 12:17 - 2020-01-15 12:27 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001 -> DefaultScope {71D29B72-0309-4C8A-BFCF-2C1295941584} URL =
SearchScopes: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001 -> {71D29B72-0309-4C8A-BFCF-2C1295941584} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 13:03 - 2017-03-18 13:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\maste\Downloads\4a2006108fd9097afd6dcb006704675a.png
DNS Servers: 63.135.49.18 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==
 
#3 ·
Continued

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6487B533-BD62-4D5F-929A-A24C8CFBD58D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe => No File
FirewallRules: [{1A823D28-F1C5-4639-9593-DA565527AB92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe => No File
FirewallRules: [{FD5F5131-C71F-412F-9035-435B98AD56E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [{367FBD8B-F2EA-4D52-B683-5BE1A7914DEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [{D6E1BE11-4FEA-4C14-9293-A8A1D8F7B564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe (Stichting Blender Foundation -> Blender Foundation)
FirewallRules: [{3D226B84-3881-4C32-972D-6B0DB4369D62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blender\blender.exe (Stichting Blender Foundation -> Blender Foundation)
FirewallRules: [{28396033-480C-48B2-B7CF-E42E7B165477}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Persona 4 Golden\P4G.exe (Sega of America, Inc. -> )
FirewallRules: [{E0FBBED3-540E-44A4-AFD2-00F04185E50A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Persona 4 Golden\P4G.exe (Sega of America, Inc. -> )
FirewallRules: [{4BBD7F68-9E8C-4A5F-BF60-5D70DB2EFCB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Okami\okami.exe (CAPCOM Co.,Ltd. -> )
FirewallRules: [{51FE4167-B96F-4E98-91A5-0192A276C64F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Okami\okami.exe (CAPCOM Co.,Ltd. -> )
FirewallRules: [{331BB65D-3365-4ACA-AE26-75F2983CDA9C}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{7FC8C760-A954-4600-9BB6-92FFF1E2F83E}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{C3D5C366-A23F-4FFB-A1F1-7A71EC2BCD71}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{557080D3-05B1-44A4-B9C1-5B25810EEBBB}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{ACBFD1A0-7787-4FE9-9665-23988DC95E68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Snow Daze\SnowDaze.exe () [File not signed]
FirewallRules: [{2DC2CE75-33E6-4FA9-A620-F89833896568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Snow Daze\SnowDaze.exe () [File not signed]
FirewallRules: [{98128B35-AC71-444E-833C-BCD3A2152B0E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe () [File not signed]
FirewallRules: [{D5496520-C17A-4429-B2CA-FA513F567911}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\60 Seconds!\60Seconds.exe () [File not signed]
FirewallRules: [{3B02F4A2-4C20-473F-A2E5-8EC7D695A742}] => (Allow) C:\Users\maste\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{05BEF811-D1C5-432C-841C-39F79662461E}] => (Allow) C:\Users\maste\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E8BBB42B-8F04-456A-B126-94882FD3F2E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{B59BAC83-EAD7-4535-9A7E-07F746C0AA2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe () [File not signed]
FirewallRules: [{464C3CF9-98D4-4651-974B-D2636DA3FEA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{A54B6D01-12BD-4138-9D98-87264B7A973F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{D73D936B-299D-40B7-86B5-58D30E84339E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{B287C68F-549D-4F8E-8318-1DA970AF50C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{09875C24-7C36-4C70-A4F2-7EDBC0C34E8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{8AF9C455-63C7-4F9F-86D9-62C14A425302}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{66AF0409-9762-40F5-BAF6-ECE4335B6043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [{A917F609-6748-4D94-8F2C-4BA05241F7DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [{FA71DC9E-01BC-421F-94FB-639BD674CB46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe () [File not signed]
FirewallRules: [{62253158-7827-49E2-AD32-2DB4D38A52F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe () [File not signed]
FirewallRules: [{17F99027-0358-4134-8A1B-2423ECF023CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe () [File not signed]
FirewallRules: [{584294C8-7F02-4328-8DAB-350D2A9A7B83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\bin\qsdklauncher.exe () [File not signed]
FirewallRules: [{D504A5EB-B980-4F27-A765-4969848ED162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe () [File not signed]
FirewallRules: [{7713E281-935F-4514-9AAB-C2C8EE53AB0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SourceFilmmaker\game\sfm.exe () [File not signed]
FirewallRules: [{04558517-5194-4507-BB14-DBEC7AA91D7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8719B6D3-01DE-42D9-A6CB-9FFD38E1C0A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{921EA254-690B-4365-89A4-3D093BFC66C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe (KADOKAWA GAMES) [File not signed]
FirewallRules: [{2E7943E3-328D-4CF6-B4E6-79E294DDF12F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Yume Nikki\yumenikki\RPG_RT.exe (KADOKAWA GAMES) [File not signed]
FirewallRules: [UDP Query User{DB43C8FE-618F-4F7D-B6E2-5DCDC1D48D5C}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [TCP Query User{6E4DFA3D-9C06-4A55-966D-699A32332A0C}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [{36163A21-DD8E-469D-8E90-7014D85F4CC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{D5C26D55-B5E3-41BC-A8FB-ADAE763B1289}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{588E1B05-8709-4FA3-B321-FB847C56628B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe (Holotech Studios SRL -> )
FirewallRules: [{3AF490F6-AF8D-49BB-9C44-C18778124112}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe (Holotech Studios SRL -> )
FirewallRules: [{672C7CCC-D837-4045-ADA3-4F875A92E4FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\Launcher.exe (Holotech Studios SRL -> )
FirewallRules: [{FDF5D3AC-6163-4D42-8AA6-B686B788555F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FaceRig\Bin\Launcher.exe (Holotech Studios SRL -> )
FirewallRules: [{69811FFA-6E2F-40BF-9E15-EE1C25A6E78B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [{FFEAE012-4211-4C1E-95C1-DD37358D679C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Doki Doki Literature Club\DDLC.exe () [File not signed]
FirewallRules: [UDP Query User{6BD6D2D1-7AFA-4B30-936E-085BD4482ACD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{58448B69-7FCB-407C-8BAD-8614D91BC495}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [{0765F943-8C4E-41BD-9B58-4434FE652CB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe () [File not signed]
FirewallRules: [{3AB37999-1E56-49FE-A569-9A7B24F7BDEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freddy Fazbear's Pizzeria Simulator\Pizzeria Simulator.exe () [File not signed]
FirewallRules: [{4B5B7B20-D3C8-4D69-88DD-ED584E08E5B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe (Valve -> )
FirewallRules: [{E04E2675-FFB5-4B66-A253-8948BBF63EBE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe (Valve -> )
FirewallRules: [{BC9693A1-1938-4424-84E6-838FC1FCE0F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{8A74DB45-1177-4292-A0FF-E6D03F5C5DE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe () [File not signed]
FirewallRules: [{7FE749F8-77BB-4A52-ABE7-1F396E8C287C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{8D409081-E75E-47E4-AD60-D7C8DC1096CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{39A23BAE-CEDB-4AF1-9C61-360EC218F3EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{00BF6983-8BF9-49AE-9930-4365228F2C2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PapersPlease\PapersPlease.exe () [File not signed]
FirewallRules: [{F1448EE5-7104-400E-A780-834FB775A7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{FC5B857B-A3D5-424F-BC21-9E01EFEAEE1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlagueInc\PlagueIncEvolved.exe () [File not signed]
FirewallRules: [{972F873B-F40F-4E50-8C62-23F07824EBA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Finger Death Punch\One Finger Death Punch.exe (Silver Dollar Games) [File not signed]
FirewallRules: [{89A94836-A49B-40A1-A115-10AB5B0508DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Finger Death Punch\One Finger Death Punch.exe (Silver Dollar Games) [File not signed]
FirewallRules: [{F1CA4A85-1956-40A4-8204-22A27BDD6CAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe () [File not signed]
FirewallRules: [{83A44B0C-2182-4AF4-8BDF-B0C0593B8C1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe () [File not signed]
FirewallRules: [{DC10CB4B-6A11-4267-975A-7D71853E4F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe () [File not signed]
FirewallRules: [{AA21F471-C5BD-4C53-B24D-25EC31371023}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe () [File not signed]
FirewallRules: [{FF9828E2-626C-4ED5-9444-3B440B1B97AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe () [File not signed]
FirewallRules: [{0A26BAA3-8E8B-4C42-A67F-FB7E3C54F6F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe () [File not signed]
FirewallRules: [{F8AA7AA9-32D2-4E31-B3E0-6214533DF32E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe () [File not signed]
FirewallRules: [{F2877DDC-A479-4D33-9A80-AD695AFA8CDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe () [File not signed]
FirewallRules: [{A1392FEB-305E-4EA8-9844-A3D349902303}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Please, Don't Touch Anything\DontTouchAnything.exe (Four Quarters Team) [File not signed]
FirewallRules: [{57CFB437-641C-4545-B3AB-F1EB4EBD4F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Please, Don't Touch Anything\DontTouchAnything.exe (Four Quarters Team) [File not signed]
FirewallRules: [{5B400FA5-D97B-4D31-AF49-F1F0C66F22A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe () [File not signed]
FirewallRules: [{9F108837-337E-4FAF-872C-84CB159457FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\HalloweenEdition.exe () [File not signed]
FirewallRules: [{F8A42030-1331-441D-834C-559D612D0584}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe () [File not signed]
FirewallRules: [{5EF72BB7-8AA5-4D55-B3D2-F3CD96A7E288}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FiveNightsatFreddys4\FiveNightsatFreddys4.exe () [File not signed]
FirewallRules: [{0DBF12A2-66F1-4846-BEDE-5599292BF591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [{999E2CE1-E6B8-497C-AF3C-04AB6AC54A76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe (Toby Fox) [File not signed]
FirewallRules: [{4001144C-7630-45DC-9E20-1FABFF4570B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FNaF World\FNaF_World.exe () [File not signed]
FirewallRules: [{B318B5F7-AAAF-48B7-AF36-33F6D850B130}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FNaF World\FNaF_World.exe () [File not signed]
FirewallRules: [{374BD69E-C141-4177-B7BE-05ECD599F5DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{E5E10662-1FC6-41C0-8A90-A34C7473CBEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 3\The Jackbox Party Pack 3.exe (Jackbox Games, Inc.) [File not signed]
FirewallRules: [{55C27177-84CF-4929-BA02-84C3F311BF65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Welcome to the Game\WTTG.exe () [File not signed]
FirewallRules: [{89F09BB7-6D2C-4D0B-8625-8E000882AF32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Welcome to the Game\WTTG.exe () [File not signed]
FirewallRules: [{2C0ECA43-DE9E-4603-9450-42026721FD4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's Sister Location\SisterLocation.exe () [File not signed]
FirewallRules: [{4EC59F60-5D83-4201-A31E-65054B7A4EF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's Sister Location\SisterLocation.exe () [File not signed]
FirewallRules: [{EC2F73D7-8FDC-4804-A932-F92FBB90A201}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{3646B3BA-582D-4238-BAAE-2256CD359E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Binding of Isaac Rebirth\isaac-ng.exe () [File not signed]
FirewallRules: [{FD76B20D-7919-4066-B77D-5AD24219EA5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uno\UNO.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{F545FF13-1A29-42CE-BEC9-6A285A3AECB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uno\UNO.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{2CC952D2-42CD-4C22-B9F4-CCD34B4E5593}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{72EB018F-2DFA-487B-8EB4-0EE1670023CD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CEDA9F9C-0B18-42DA-94AC-42D8EB917D93}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8C1129EE-EBE5-46FD-890F-AA7FEB70B19F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E7CDA83B-4261-4F64-8CA1-F226D7742453}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{05D4E393-B253-4B75-9A37-4EE350C120A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3AC6BAE5-22FA-4A7E-ACF6-9E020778CFAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{50DD1231-DF30-4B27-8EE3-C26CEB31A2E9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{9587E88B-CCC1-4A67-89C0-6F27071FF9AC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => No File
FirewallRules: [{F0804FBD-50F4-4FB5-B2A1-6F8BE102B904}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => No File
FirewallRules: [{60621B5F-AC20-4E90-AB35-298C945706CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{1F4760CE-DD8D-40E9-A72F-F25F67C6A071}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6822AB70-07A0-4CE4-9551-CDA1F58ED00B}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [{E9E81E72-6C70-44BA-9816-95060086536B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [{1795EA26-8467-4AB4-A0D4-ADA6CA6249C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Custom Night\Ultimate Custom Night.exe () [File not signed]
FirewallRules: [TCP Query User{3BC14092-FB95-4AA5-802C-F9E347E6EA92}C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe (Cheat Engine -> Cheat Engine)
FirewallRules: [UDP Query User{40CFB43B-4B58-431B-8EF3-61FD8381856B}C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe] => (Allow) C:\program files (x86)\cheat engine 6.7\cheatengine-x86_64.exe (Cheat Engine -> Cheat Engine)
FirewallRules: [TCP Query User{3D1A5F28-9E42-49C3-9114-05B3FD8DFDBF}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe => No File
FirewallRules: [UDP Query User{DE43FF09-99AF-4925-BDB4-E2C6F7643DE1}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe => No File
FirewallRules: [TCP Query User{4E6E66B9-A642-4317-98B3-FCA0400F631A}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe => No File
FirewallRules: [UDP Query User{9B04E773-C7E7-4E80-88C2-D4C31CA2ECF5}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe => No File
FirewallRules: [{4605D27D-BEBA-40C9-BC39-8495423C9436}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hiveswap Friendsim\hs-friendsim.exe () [File not signed]
FirewallRules: [{C1700F55-D26D-4A54-9BB9-DBA8E1A54E85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hiveswap Friendsim\hs-friendsim.exe () [File not signed]
FirewallRules: [TCP Query User{F22055C8-3F56-4A5A-BB31-F5CC6D15C60A}C:\users\maste\fortnights\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\users\maste\fortnights\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{FF16C07A-D750-4760-A7E3-6D29F5A147AB}C:\users\maste\fortnights\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\users\maste\fortnights\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{C4DE83A0-CE5C-4521-9E4B-1B1BC95015F2}C:\users\maste\fortnights\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\users\maste\fortnights\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{9C4CF1CE-4653-43E7-9620-01D5AC20451C}C:\users\maste\fortnights\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\users\maste\fortnights\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{FD9B03D5-24D3-42F8-8C4F-1C7FB0B24838}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4C482F30-E40C-4D1E-B468-D76C486A0387}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [{E9304BD2-A8C0-4799-B2B0-24AC2E68C207}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F9BC2C68-7DF6-4168-9868-109D9BE709DD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{FF13D426-6023-495C-BEBD-D765D52D197B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{88806313-401D-4F10-BB85-523EE7FD020A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [{BF4EF1FA-3002-4363-B664-51968AD14A46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [{1AE3CB11-26A4-4FAE-B9E4-6F6EC311BA31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WeHappyFew\GlimpseGame\Binaries\Win64\GlimpseGame.exe (Compulsion Games) [File not signed]
FirewallRules: [{E615A1E1-AEFB-40F1-8524-DEF20CD1E0F9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{2464A562-EE1F-41EC-B490-17253E309A5D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{C5B2B492-BEC3-4961-A770-1A409A833C48}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{096A0E74-EA03-4D7E-AC42-8F7F28AC69D0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{CE976939-CD3D-49F5-8472-330BA59F31FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{908D4B58-7D4B-4905-9C89-607A67526CC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [TCP Query User{FA213821-B0AB-44BC-B89D-7D874A9FFFE7}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{20BE72B5-7875-4196-BD8B-5E98EC340574}C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{2B60F141-5F60-4644-BBBE-3CBFC2CA05A5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe () [File not signed]
FirewallRules: [{E1DA08E1-139D-4391-96FE-F897218D391A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe () [File not signed]
FirewallRules: [TCP Query User{7C9C6CE6-5E68-4C2C-9CB4-4DD66C6DB720}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [UDP Query User{35942E9C-0389-4D75-9959-DE4FC7BD4E9E}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe (Adobe Systems Incorporated -> Node.js)
FirewallRules: [{76364D24-747F-4E12-8A31-5447A9EB652F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe () [File not signed]
FirewallRules: [{092B2604-1414-4EA3-916E-746A0013ACF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RPG Maker MV\RPGMV.exe () [File not signed]
FirewallRules: [TCP Query User{CEA707CE-0F49-474F-B275-727A21A6346C}C:\users\maste\onedrive\documents\sburb full release\the genesis project\the genesis project.exe] => (Allow) C:\users\maste\onedrive\documents\sburb full release\the genesis project\the genesis project.exe () [File not signed]
FirewallRules: [UDP Query User{28744B81-2D58-4928-BC40-B83423D2540F}C:\users\maste\onedrive\documents\sburb full release\the genesis project\the genesis project.exe] => (Allow) C:\users\maste\onedrive\documents\sburb full release\the genesis project\the genesis project.exe () [File not signed]
FirewallRules: [TCP Query User{D765C1FD-429F-433D-834A-0B59C2DB3E26}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{24E7C68F-6AAE-405F-8A8E-86F10C96F868}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{05769D45-4A69-4D7B-873D-D53E3948C11C}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [UDP Query User{48F14BB2-914A-4FC4-8F36-3200F2B7AEE5}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [{030F0C82-CAE3-4547-9AFF-6BFA435F1C33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe => No File
FirewallRules: [{89FF569B-37CD-4FD9-A8C8-612DD83E4CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe => No File
FirewallRules: [TCP Query User{FFE80353-96CB-4CE3-9A56-A126DF262CEC}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{3360CD37-6B9F-4A90-B420-11F5AF4E8714}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{44B16787-AB7A-4743-BFEA-608576D4003F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [File not signed]
FirewallRules: [{739CD925-D8A0-4624-921B-AA6D58CBA71C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [File not signed]
FirewallRules: [{64E9F812-EDDF-4886-9999-786005BC1420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FATE\fate.exe () [File not signed]
FirewallRules: [{6E207AF4-6A9A-437A-B9EB-F2BEF5D56A89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FATE\fate.exe () [File not signed]
FirewallRules: [{9F7F99C6-30E4-4CD1-AE23-B6D504D9B4F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FATE Undiscovered Realms\Fate.exe () [File not signed]
FirewallRules: [{74BA856C-6722-457D-B1A6-86FA84F66290}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FATE Undiscovered Realms\Fate.exe () [File not signed]
FirewallRules: [{BD1516F4-FC16-4C90-A2BE-6B0297C934FE}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{CD7EC3F2-6E6F-42B2-9700-6887FDD8A831}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony\Dangan3Win.exe (Spike Chunsoft Co., Ltd.) [File not signed]
FirewallRules: [{D6DFEBCE-A7C7-4DB0-A6D9-9DBD641264F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony\Dangan3Win.exe (Spike Chunsoft Co., Ltd.) [File not signed]
FirewallRules: [{CD1E055B-49A6-451E-9C76-209E6F385349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony\V3Launcher.exe (株式会社スパイク・チュンソフト) [File not signed]
FirewallRules: [{A2FE85EF-A881-43BA-91E4-DE5CBF54D5A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Danganronpa V3 Killing Harmony\V3Launcher.exe (株式会社スパイク・チュンソフト) [File not signed]
FirewallRules: [{2BEC1D8E-5FAD-4A4A-8CDA-28D8126F8820}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe (38 Studios Baltimore -> Big Huge Games) [File not signed]
FirewallRules: [{818EED60-EFD2-4AEE-A26A-C381905B0E73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KOAReckoning\Reckoning.exe (38 Studios Baltimore -> Big Huge Games) [File not signed]
FirewallRules: [{806B7D6C-D6F5-4EC8-806E-F206472C7F74}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{EEBBB022-7C7F-4250-9EEE-33A13460CFF8}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{62D4863F-817B-4E11-842E-9DEA96103979}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{7EC9646B-4F4C-41EC-859B-D13B8FF2414E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{EAF96B6B-3DD8-4FB5-B675-66D0F2C692E8}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{4CD93ACD-CC81-461D-8E8D-0FD61B5E5B63}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{1930ECAD-6D63-4421-BE9E-F837AC561A61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Clicker\Spiral Clicker.exe () [File not signed]
FirewallRules: [{2794C0DD-698A-44BB-A49B-8EA0A647886E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Clicker\Spiral Clicker.exe () [File not signed]
FirewallRules: [{442C5858-8658-42BA-A998-9AA3571D790E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [{8828E095-7283-46C6-9CEA-FE3BAF4D9E1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HatinTime\Binaries\Win64\HatinTimeGame.exe (Gears for Breakfast ApS) [File not signed]
FirewallRules: [TCP Query User{1989355F-171B-42F4-9D38-88D7F4EC892D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{3D5D341C-1B30-4C8D-8FFA-CE3E829EC560}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{CCA0A2F7-BBD3-4F0C-8C89-0380CC52A9A5}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{163C55A6-CBE2-4231-B506-FF966029591F}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{0F8D00E0-58A1-4051-BDBB-F50C4ED34E7E}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{6402EB8B-B9AB-4FE3-AB5C-2F7C6F781DAA}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{C6F18B8A-01C2-45EC-8167-F3B3316482D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{7EC725D8-B4D4-42A1-B8D5-EFAE74DF52EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe (Valve -> )
FirewallRules: [{92D5BBDA-B21C-4307-B6E3-65BA441ECE51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\THE GAME OF LIFE - The Official 2016 Edition\TheGameOfLife.exe (Marmalade Technologies Ltd) [File not signed]
FirewallRules: [{49FFC80B-0B4B-4FE2-9486-4A43885A15BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\THE GAME OF LIFE - The Official 2016 Edition\TheGameOfLife.exe (Marmalade Technologies Ltd) [File not signed]
FirewallRules: [{CF2A4FF5-3017-48FF-A2DC-2583C0AF8896}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Femdom Lines\FemdomLines.exe () [File not signed]
FirewallRules: [{B1488592-3BF3-48B1-9377-EC0A4A29B7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Femdom Lines\FemdomLines.exe () [File not signed]
FirewallRules: [{033E6BFC-E2FB-4AFC-A328-E859485C88F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Godot Engine\godot.windows.opt.tools.64.exe (Prehensile Tales B.V. -> Godot Engine)
FirewallRules: [{8F164F74-FEC0-4F01-AED6-CAFEE5A829FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Godot Engine\godot.windows.opt.tools.64.exe (Prehensile Tales B.V. -> Godot Engine)
FirewallRules: [{7552F2AF-FD27-4EE2-BAC2-BDE90E7406C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{A263F3EC-3153-461D-B70B-97E5B01E9451}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{DD90815A-06F7-473E-839B-172B3580D92E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WOG\disasm.exe () [File not signed]
FirewallRules: [{9284D7DD-74BA-4998-B402-7295DDF0B83E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WOG\disasm.exe () [File not signed]
FirewallRules: [{5DBD176A-B997-4EE0-AAB5-45EE0837C174}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe (Valve -> )
FirewallRules: [{FE707AFE-1045-40FA-94BA-30494883CB1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2013 Multiplayer\hl2.exe (Valve -> )
FirewallRules: [{BD16C661-49BF-4051-A68B-67554F8B30F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{7E67D435-109A-475F-B058-67DACCFC91DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{19633315-0AC8-4EB4-91F2-C6A13163AC8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe (Greenheart Games Pty. Ltd. -> )
FirewallRules: [{721C40DD-9303-4E12-A9F5-369C361550C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe (Greenheart Games Pty. Ltd. -> )
FirewallRules: [{8E86DFFB-513D-4274-AB35-AFBE0CD7F57A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{08FD9E29-89A8-4865-B105-8EBFDD7A8A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{2BC906D9-C383-4F41-B347-2FD8814C06E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2015\DotP_D15.exe () [File not signed]
FirewallRules: [{4E3DA562-D2F3-4857-A223-9B6D8A74EC07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magic 2015\DotP_D15.exe () [File not signed]
FirewallRules: [{E9B6D852-8FF9-447A-A626-69754F31B590}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hypnolab\Hypnolab VR.exe () [File not signed]
FirewallRules: [{257BD3EA-55E8-4B02-96EF-765AF52A37F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hypnolab\Hypnolab VR.exe () [File not signed]
FirewallRules: [TCP Query User{0CA06282-07C0-4713-BBDD-C2BEEB61853B}C:\users\maste\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\maste\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [UDP Query User{D968249C-7402-4F43-BCEC-AE7004B750CE}C:\users\maste\appdata\roaming\twitch studio\bin\twitchstudioagent.exe] => (Allow) C:\users\maste\appdata\roaming\twitch studio\bin\twitchstudioagent.exe (Twitch Interactive, Inc. -> )
FirewallRules: [{E9A6A17A-EC9C-4CF7-B00C-8F0833AEA046}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 7\The Jackbox Party Pack 7.exe () [File not signed]
FirewallRules: [{50389E1C-EC65-4A31-A96E-152B76ECE1CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack 7\The Jackbox Party Pack 7.exe () [File not signed]
FirewallRules: [TCP Query User{1A47F031-11C7-443D-9140-0791EC08FF2D}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe] => (Block) C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe => No File
FirewallRules: [UDP Query User{9EAFBE2E-E01C-4168-ABBF-E922A4176E93}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe] => (Block) C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe => No File
FirewallRules: [{309442BF-69F6-4C52-A480-0571694A414D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{24AB843D-BA72-4EF1-ABEC-AC533CA681C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe (Xsolla (USA), Inc -> 2K)
FirewallRules: [{48C3790C-0AD3-45F9-9AA0-826706855DC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{ABCE40BC-4E15-4B21-AECD-48F1218C48E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [TCP Query User{3E2411CD-AE30-45FF-B27C-AB1EB6518B87}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{8B667265-5EE2-4E39-8C35-D7055A3B635B}C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [{966B8792-6BEF-46E5-935E-9B76B41C0239}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Marvel's Avengers\LEGOMARVELAvengers.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{C15E63EB-F131-4274-88C4-F6A4416D7E35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LEGO Marvel's Avengers\LEGOMARVELAvengers.exe (Travellers Tales (UK) Ltd -> Warner Bros. Interactive Entertainment)
FirewallRules: [{8089100A-6900-457F-A2A8-EB4ADCC5D5D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D02EDDA7-8E1E-42BF-8889-9257162F83C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{66EE6A41-42CA-46E1-AED7-56864EFB5C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{913A9EDA-27CB-4918-914D-693710FC9A3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC74AA3D-62DA-424D-9188-68954ACC97B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CE0C1EFD-4EF0-4EB7-9686-FA0206CB38E6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C3F3E0A-0ED8-42C9-888F-F094DD3B32CE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5C40364-EDDB-443C-AE9A-DF38D040EA9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CF1A6349-19B4-49E3-8648-AE7B51C83C7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{512D2D37-75C0-4E5F-9319-9F614E34CC46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{779A5DA1-29B2-44FF-9211-38E706E6EA42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2D438261-2C76-4667-87D2-B432A4D35318}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{17AAC5B3-265A-40EF-BA38-DD65B0BB2262}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{215B3F40-8F19-4A98-A3E1-161EEC6D68EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E05211E7-5982-46CE-87B5-6C97C1CF9F18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D5CA4017-C04F-40E0-92F5-0CD092538717}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D261585E-AD04-46F4-B9B3-5EDEB025D8E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{07572084-1557-416B-85AE-92D922829B1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DF4DC3C8-FA11-4630-AEEC-2675A4BA9E69}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ADE9DF2B-94E6-45D3-8256-78B5A39E99A0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{59404746-1286-4593-8F2B-61A926716330}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BE2917F9-9882-42B8-9642-746656337BAF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.152.687.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{59F64367-2B5B-4277-B7A2-55D2ABF0D3AE}] => (Allow) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{F83BDA7D-F6A1-4974-B401-2EB199726F8F}] => (Allow) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{E3277520-680C-4A82-866D-E4948D78F5D9}] => (Block) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{45BFC342-4B99-4012-BA86-77D4CAF2A9E6}] => (Block) C:\Program Files (x86)\Overwolf\0.165.0.28\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)

==================== Restore Points =========================

10-02-2021 18:57:30 Restore Operation

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/13/2021 12:48:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 13.2.2021.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 33f0

Start Time: 01d702493c5dda30

Termination Time: 4294967295

Application Path: C:\Users\maste\OneDrive\Desktop\FRST64.exe

Report Id: 07b0d5a0-2945-4392-8b89-76d298f1cb6b

Faulting package full name:

Faulting package-relative application ID:

Hang type: Top level window is idle

Error: (02/13/2021 12:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LaunchUWPService.exe, version: 1.1.3001.0, time stamp: 0x582c63b6
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d
Exception code: 0xe0434352
Fault offset: 0x0012a8b2
Faulting process id: 0x235c
Faulting application start time: 0x01d702493126d29e
Faulting application path: C:\Program Files (x86)\Acer\Acer Collection\LaunchUWPService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 98304757-3de2-47a8-bfe7-2a760c660841
Faulting package full name:
Faulting package-relative application ID:

Error: (02/13/2021 12:45:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: LaunchUWPService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
at System.Windows.Threading.Dispatcher.VerifyAccess()
at System.Windows.Window.Close()
at LaunchUWPService.MainWindow+<CallService>d__3.MoveNext()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
at LaunchUWPService.MainWindow+<<-ctor>b__1_0>d.MoveNext()

Exception Info: System.AggregateException
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean)
at System.Threading.Tasks.Task.Wait(Int32, System.Threading.CancellationToken)
at LaunchUWPService.MainWindow..ctor()

Exception Info: System.Windows.Markup.XamlParseException
at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
at System.Windows.Application.LoadBamlStreamWithSyncInfo(System.IO.Stream, System.Windows.Markup.ParserContext)
at System.Windows.Application.LoadComponent(System.Uri, Boolean)
at System.Windows.Application.DoStartup()
at System.Windows.Application.<.ctor>b__1_0(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at LaunchUWPService.App.Main()

Error: (02/13/2021 12:45:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AWC.exe, version: 2.1.16258.0, time stamp: 0x57dc7237
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d
Exception code: 0xe0434352
Fault offset: 0x0012a8b2
Faulting process id: 0x2ed8
Faulting application start time: 0x01d7024896e215b0
Faulting application path: C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fba236d9-a06f-413c-9c57-7e35921ab72d
Faulting package full name:
Faulting package-relative application ID:

Error: (02/13/2021 12:45:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AWC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
at System.RuntimeTypeHandle.CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandleInternal ByRef, Boolean ByRef)
at System.RuntimeType.CreateInstanceSlow(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
at System.RuntimeType.CreateInstanceDefaultCtor(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
at System.Activator.CreateInstance(System.Type, Boolean)
at System.Activator.CreateInstance(System.Type)
at Amundsen.Program.Main(System.String[])

Error: (02/13/2021 12:44:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hermes.exe, version: 3.3.19180.60, time stamp: 0x5d27d8ae
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d
Exception code: 0xe0434352
Fault offset: 0x0012a8b2
Faulting process id: 0x2e8c
Faulting application start time: 0x01d70248ba7ed6f1
Faulting application path: C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 387967df-42a6-4ac6-b509-409c5121849c
Faulting package full name:
Faulting package-relative application ID:

Error: (02/13/2021 12:44:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: hermes.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
at System.RuntimeTypeHandle.CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandleInternal ByRef, Boolean ByRef)
at System.RuntimeType.CreateInstanceSlow(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
at System.RuntimeType.CreateInstanceDefaultCtor(Boolean, Boolean, Boolean, System.Threading.StackCrawlMark ByRef)
at System.Activator.CreateInstance(System.Type, Boolean)
at System.Activator.CreateInstance(System.Type)
at Hermes.Program.Main(System.String[])

Error: (02/13/2021 12:41:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DashlaneUpgradeService.exe, version: 2.1.17.0, time stamp: 0x599da15c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d
Exception code: 0xe0434352
Fault offset: 0x0012a8b2
Faulting process id: 0x2dd8
Faulting application start time: 0x01d70248947b9e0a
Faulting application path: C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 09d3bf8f-77a3-490a-b67b-b82333ff1bc5
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (02/13/2021 12:44:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service hung on starting.

Error: (02/13/2021 12:42:00 PM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: Intel(R) Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.
5010 - Driver DBG_ASSERT - instead of BSOD

Error: (02/13/2021 12:41:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dashlane Upgrade Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/13/2021 12:41:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dashlane Upgrade Service service to connect.

Error: (02/13/2021 12:39:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dashlane Upgrade Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/13/2021 12:39:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dashlane Upgrade Service service to connect.

Error: (02/13/2021 12:37:23 PM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: Intel(R) Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.
5010 - Driver DBG_ASSERT - instead of BSOD

Error: (02/13/2021 12:37:21 PM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: Intel(R) Dual Band Wireless-AC 3168 : The network adapter has returned an invalid value to the driver.
5010 - Driver DBG_ASSERT - instead of BSOD

Windows Defender:
================
Date: 2021-02-10 18:47:16
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-10 18:35:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-09 19:47:29
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-09 09:01:00
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-05 22:06:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-13 12:33:37
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-02-12 19:32:05
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2021-02-10 19:37:49
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.686.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-02-10 19:00:12
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.686.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2021-02-10 14:51:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.331.686.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
==============
Date: 2021-02-12 19:11:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-12 18:03:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.165.0.28\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-10 18:55:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.162.0.13\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-03 16:25:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\maste\AppData\Local\Discord\app-0.0.309\Discord.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.162.0.13\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-03 13:24:38
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.162.0.13\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-03 11:47:34
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.162.0.13\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-02 23:23:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\maste\AppData\Local\Discord\app-0.0.309\Discord.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.162.0.13\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-02 22:13:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\maste\AppData\Local\Discord\app-0.0.309\Discord.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Overwolf\0.162.0.13\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. R02-A3 05/26/2017
Motherboard: Acer Aspire TC-780(KBL)
Processor: Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
Percentage of memory in use: 49%
Total physical RAM: 12204.63 MB
Available physical RAM: 6146.21 MB
Total Virtual: 15020.63 MB
Available Virtual: 8884.73 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:119.78 GB) NTFS

\\?\Volume{b42adfd1-7acd-4d84-8b5f-043e36b72cc3}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.5 GB) NTFS
\\?\Volume{7fb3bcd9-e41e-4fb4-bdd7-fc1049b74950}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 611DFFC2)

Partition: GPT.

==================== End of Addition.txt ===============
 
#5 ·
Hi.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

=======================

I have reviewed your logs and I will provide instructions for tidying up the computer. But I would like you to tell us what's the problem you are experiencing regarding the specific computer. What do you mean you lost Creative Cloud? There are many Adobe products installed in your computer, which are included in the Creative Cloud. Do you have a legit license for them? Do you have a paid subscription about them? If they are not legit, then any problem is expected and I can't help you about it. If you are experiencing problems with your graphics, then you may think to ask for help in the Hardware Forum, as soon as we finish from here.

1. Uninstall a Chrome extension

1. Open Chrome.
2. At the top right choose More (the three vertical dots) > More Tools > Extensions
3. Find Relay, and remove it, clicking on Remove.
4. Confirm the action by clicking Remove once again.

2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
CHR DefaultSearchURL: Default -> hxxps://pony.town/android-chrome-192x192.png
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: []
Task: {0DA72D10-6DBC-4A22-B81B-E3C11661C777} - System32\Tasks\App Explorer => C:\Users\maste\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7968424 2020-12-02] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
C:\Users\maste\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
FF Extension: (Amazon Assistant for Firefox) - C:\Users\maste\AppData\Roaming\Mozilla\Firefox\Profiles\mn0wlhq0.default\Extensions\abb-acer@amazon.com [2018-09-15] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-09-13] [Legacy]
2021-02-13 12:27 - 2021-02-13 12:27 - 003219792 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up (2).exe
2021-02-13 12:13 - 2021-02-13 12:13 - 003219808 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up (1).exe
2021-02-12 20:10 - 2021-02-12 20:10 - 003217256 _____ (Adobe Inc.) C:\Users\maste\Downloads\Illustrator_Set-Up.exe
2021-02-12 20:05 - 2021-02-12 20:05 - 003219808 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up.exe
ShellServiceObjects-x32: No Name -> {003e0278-eca8-4bb8-a256-3689ca1c2600} =>
ShellServiceObjects-x32: No Name -> {3BF043EF-A974-49B3-8322-B853CF1E5EC5} =>
ShellServiceObjects-x32: No Name -> {68ddbb56-9d1d-4fd9-89c5-c0da2a625392} =>
ShellServiceObjects-x32: No Name -> {7849596a-48ea-486e-8937-a2a3009f31a9} =>
ShellServiceObjects-x32: No Name -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} =>
ShellServiceObjects-x32: No Name -> {811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB} =>
ShellServiceObjects-x32: No Name -> {900c0763-5cad-4a34-bc1f-40cd513679d5} =>
ShellServiceObjects-x32: No Name -> {AAA288BA-9A4C-45B0-95D7-94D524869DB5} =>
ShellServiceObjects-x32: No Name -> {B5CFEB0E-9C01-4942-A5CB-F62EB09D808F} =>
ShellServiceObjects-x32: No Name -> {DA67B8AD-E81B-4c70-9B91-B417B5E33527} =>
ShellServiceObjects-x32: No Name -> {EF4D1E1A-1C87-4AA8-8934-E68E4367468D} =>
ShellServiceObjects-x32: No Name -> {F08C5AC2-E722-4116-ADB7-CE41B527994B} =>
ShellServiceObjects-x32: No Name -> {F20487CC-FC04-4B1E-863F-D9801796130B} =>
ShellServiceObjects-x32: No Name -> {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} =>
ShellServiceObjects-x32: No Name -> {fbeb8a05-beee-4442-804e-409d6c4515e9} =>
ShellServiceObjects-x32: No Name -> {ff363bfe-4941-4179-a81c-f3f1ca72d820} =>
SearchScopes: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001 -> DefaultScope {71D29B72-0309-4C8A-BFCF-2C1295941584} URL =
SearchScopes: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001 -> {71D29B72-0309-4C8A-BFCF-2C1295941584} URL =
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File
FirewallRules: [{6487B533-BD62-4D5F-929A-A24C8CFBD58D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe => No File
FirewallRules: [{1A823D28-F1C5-4639-9593-DA565527AB92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe => No File
FirewallRules: [UDP Query User{6BD6D2D1-7AFA-4B30-936E-085BD4482ACD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{58448B69-7FCB-407C-8BAD-8614D91BC495}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{1F4760CE-DD8D-40E9-A72F-F25F67C6A071}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6822AB70-07A0-4CE4-9551-CDA1F58ED00B}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [TCP Query User{3D1A5F28-9E42-49C3-9114-05B3FD8DFDBF}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe => No File
FirewallRules: [UDP Query User{DE43FF09-99AF-4925-BDB4-E2C6F7643DE1}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe => No File
FirewallRules: [TCP Query User{4E6E66B9-A642-4317-98B3-FCA0400F631A}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe => No File
FirewallRules: [UDP Query User{9B04E773-C7E7-4E80-88C2-D4C31CA2ECF5}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe => No File
FirewallRules: [TCP Query User{FD9B03D5-24D3-42F8-8C4F-1C7FB0B24838}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4C482F30-E40C-4D1E-B468-D76C486A0387}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{FF13D426-6023-495C-BEBD-D765D52D197B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{88806313-401D-4F10-BB85-523EE7FD020A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [{E615A1E1-AEFB-40F1-8524-DEF20CD1E0F9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{2464A562-EE1F-41EC-B490-17253E309A5D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{C5B2B492-BEC3-4961-A770-1A409A833C48}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{096A0E74-EA03-4D7E-AC42-8F7F28AC69D0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [TCP Query User{05769D45-4A69-4D7B-873D-D53E3948C11C}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [UDP Query User{48F14BB2-914A-4FC4-8F36-3200F2B7AEE5}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [{030F0C82-CAE3-4547-9AFF-6BFA435F1C33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe => No File
FirewallRules: [{89FF569B-37CD-4FD9-A8C8-612DD83E4CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe => No File
FirewallRules: [TCP Query User{FFE80353-96CB-4CE3-9A56-A126DF262CEC}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{3360CD37-6B9F-4A90-B420-11F5AF4E8714}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{BD1516F4-FC16-4C90-A2BE-6B0297C934FE}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{806B7D6C-D6F5-4EC8-806E-F206472C7F74}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{EEBBB022-7C7F-4250-9EEE-33A13460CFF8}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{62D4863F-817B-4E11-842E-9DEA96103979}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{7EC9646B-4F4C-41EC-859B-D13B8FF2414E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{EAF96B6B-3DD8-4FB5-B675-66D0F2C692E8}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{4CD93ACD-CC81-461D-8E8D-0FD61B5E5B63}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{CCA0A2F7-BBD3-4F0C-8C89-0380CC52A9A5}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{163C55A6-CBE2-4231-B506-FF966029591F}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{8E86DFFB-513D-4274-AB35-AFBE0CD7F57A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{08FD9E29-89A8-4865-B105-8EBFDD7A8A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{1A47F031-11C7-443D-9140-0791EC08FF2D}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe] => (Block) C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe => No File
FirewallRules: [UDP Query User{9EAFBE2E-E01C-4168-ABBF-E922A4176E93}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe] => (Block) C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe => No File
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

3. AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

4. Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.
In your next reply, please post:
  1. The fixlog.txt
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 
#7 ·
OK. Thanks for letting me know.

Take in mind, however, that it's been a week since you posted those logs. Things/information change from day to day, especially if you are using the computer, and so the logs and the instructions. That's why I'm expecting from you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.
 
#8 ·
I will check often,

Firstly, I don't see Relay in my Chrome Extensions

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01
Ran by maste (19-02-2021 19:56:00) Run:1
Running from C:\Users\maste\OneDrive\Desktop
Loaded Profiles: maste
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR DefaultSearchURL: Default -> hxxps://pony.town/android-chrome-192x192.png
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\...\Policies\Explorer: []
Task: {0DA72D10-6DBC-4A22-B81B-E3C11661C777} - System32\Tasks\App Explorer => C:\Users\maste\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7968424 2020-12-02] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
C:\Users\maste\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
FF Extension: (Amazon Assistant for Firefox) - C:\Users\maste\AppData\Roaming\Mozilla\Firefox\Profiles\mn0wlhq0.default\Extensions\abb-acer@amazon.com [2018-09-15] [Legacy]
FF Extension: (Amazon Assistant for Firefox) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com [2017-09-13] [Legacy]
2021-02-13 12:27 - 2021-02-13 12:27 - 003219792 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up (2).exe
2021-02-13 12:13 - 2021-02-13 12:13 - 003219808 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up (1).exe
2021-02-12 20:10 - 2021-02-12 20:10 - 003217256 _____ (Adobe Inc.) C:\Users\maste\Downloads\Illustrator_Set-Up.exe
2021-02-12 20:05 - 2021-02-12 20:05 - 003219808 _____ (Adobe Inc.) C:\Users\maste\Downloads\Creative_Cloud_Set-Up.exe
ShellServiceObjects-x32: No Name -> {003e0278-eca8-4bb8-a256-3689ca1c2600} =>
ShellServiceObjects-x32: No Name -> {3BF043EF-A974-49B3-8322-B853CF1E5EC5} =>
ShellServiceObjects-x32: No Name -> {68ddbb56-9d1d-4fd9-89c5-c0da2a625392} =>
ShellServiceObjects-x32: No Name -> {7849596a-48ea-486e-8937-a2a3009f31a9} =>
ShellServiceObjects-x32: No Name -> {78DE489B-7931-4f14-83B4-C56D38AC9FFA} =>
ShellServiceObjects-x32: No Name -> {811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB} =>
ShellServiceObjects-x32: No Name -> {900c0763-5cad-4a34-bc1f-40cd513679d5} =>
ShellServiceObjects-x32: No Name -> {AAA288BA-9A4C-45B0-95D7-94D524869DB5} =>
ShellServiceObjects-x32: No Name -> {B5CFEB0E-9C01-4942-A5CB-F62EB09D808F} =>
ShellServiceObjects-x32: No Name -> {DA67B8AD-E81B-4c70-9B91-B417B5E33527} =>
ShellServiceObjects-x32: No Name -> {EF4D1E1A-1C87-4AA8-8934-E68E4367468D} =>
ShellServiceObjects-x32: No Name -> {F08C5AC2-E722-4116-ADB7-CE41B527994B} =>
ShellServiceObjects-x32: No Name -> {F20487CC-FC04-4B1E-863F-D9801796130B} =>
ShellServiceObjects-x32: No Name -> {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} =>
ShellServiceObjects-x32: No Name -> {fbeb8a05-beee-4442-804e-409d6c4515e9} =>
ShellServiceObjects-x32: No Name -> {ff363bfe-4941-4179-a81c-f3f1ca72d820} =>
SearchScopes: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001 -> DefaultScope {71D29B72-0309-4C8A-BFCF-2C1295941584} URL =
SearchScopes: HKU\S-1-5-21-4020477547-3387407824-3974748319-1001 -> {71D29B72-0309-4C8A-BFCF-2C1295941584} URL =
BHO-x32: No Name -> {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File
FirewallRules: [{6487B533-BD62-4D5F-929A-A24C8CFBD58D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe => No File
FirewallRules: [{1A823D28-F1C5-4639-9593-DA565527AB92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe => No File
FirewallRules: [UDP Query User{6BD6D2D1-7AFA-4B30-936E-085BD4482ACD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{58448B69-7FCB-407C-8BAD-8614D91BC495}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe => No File
FirewallRules: [TCP Query User{1F4760CE-DD8D-40E9-A72F-F25F67C6A071}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6822AB70-07A0-4CE4-9551-CDA1F58ED00B}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe => No File
FirewallRules: [TCP Query User{3D1A5F28-9E42-49C3-9114-05B3FD8DFDBF}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe => No File
FirewallRules: [UDP Query User{DE43FF09-99AF-4925-BDB4-E2C6F7643DE1}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe => No File
FirewallRules: [TCP Query User{4E6E66B9-A642-4317-98B3-FCA0400F631A}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe => No File
FirewallRules: [UDP Query User{9B04E773-C7E7-4E80-88C2-D4C31CA2ECF5}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe] => (Allow) C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe => No File
FirewallRules: [TCP Query User{FD9B03D5-24D3-42F8-8C4F-1C7FB0B24838}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [UDP Query User{4C482F30-E40C-4D1E-B468-D76C486A0387}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe => No File
FirewallRules: [TCP Query User{FF13D426-6023-495C-BEBD-D765D52D197B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [UDP Query User{88806313-401D-4F10-BB85-523EE7FD020A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe => No File
FirewallRules: [{E615A1E1-AEFB-40F1-8524-DEF20CD1E0F9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{2464A562-EE1F-41EC-B490-17253E309A5D}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{C5B2B492-BEC3-4961-A770-1A409A833C48}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{096A0E74-EA03-4D7E-AC42-8F7F28AC69D0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [TCP Query User{05769D45-4A69-4D7B-873D-D53E3948C11C}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [UDP Query User{48F14BB2-914A-4FC4-8F36-3200F2B7AEE5}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe => No File
FirewallRules: [{030F0C82-CAE3-4547-9AFF-6BFA435F1C33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe => No File
FirewallRules: [{89FF569B-37CD-4FD9-A8C8-612DD83E4CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe => No File
FirewallRules: [TCP Query User{FFE80353-96CB-4CE3-9A56-A126DF262CEC}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{3360CD37-6B9F-4A90-B420-11F5AF4E8714}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{BD1516F4-FC16-4C90-A2BE-6B0297C934FE}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{806B7D6C-D6F5-4EC8-806E-F206472C7F74}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{EEBBB022-7C7F-4250-9EEE-33A13460CFF8}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{62D4863F-817B-4E11-842E-9DEA96103979}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{7EC9646B-4F4C-41EC-859B-D13B8FF2414E}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe => No File
FirewallRules: [{EAF96B6B-3DD8-4FB5-B675-66D0F2C692E8}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{4CD93ACD-CC81-461D-8E8D-0FD61B5E5B63}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{CCA0A2F7-BBD3-4F0C-8C89-0380CC52A9A5}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{163C55A6-CBE2-4231-B506-FF966029591F}] => (Allow) C:\Users\maste\OneDrive\Desktop\Desktop\The Sims 4\Game\Bin\TS4.exe => No File
FirewallRules: [{8E86DFFB-513D-4274-AB35-AFBE0CD7F57A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [{08FD9E29-89A8-4865-B105-8EBFDD7A8A0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe => No File
FirewallRules: [TCP Query User{1A47F031-11C7-443D-9140-0791EC08FF2D}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe] => (Block) C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe => No File
FirewallRules: [UDP Query User{9EAFBE2E-E01C-4168-ABBF-E922A4176E93}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe] => (Block) C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe => No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"Chrome DefaultSearchURL" => removed successfully
"HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu" => removed successfully
"HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogOff" => removed successfully
"HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DA72D10-6DBC-4A22-B81B-E3C11661C777}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DA72D10-6DBC-4A22-B81B-E3C11661C777}" => removed successfully
C:\WINDOWS\System32\Tasks\App Explorer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer" => removed successfully
C:\Users\maste\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe => moved successfully
C:\Users\maste\AppData\Roaming\Mozilla\Firefox\Profiles\mn0wlhq0.default\Extensions\abb-acer@amazon.com => moved successfully
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\abb-acer@amazon.com => moved successfully
C:\Users\maste\Downloads\Creative_Cloud_Set-Up (2).exe => moved successfully
C:\Users\maste\Downloads\Creative_Cloud_Set-Up (1).exe => moved successfully
C:\Users\maste\Downloads\Illustrator_Set-Up.exe => moved successfully
C:\Users\maste\Downloads\Creative_Cloud_Set-Up.exe => moved successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{003e0278-eca8-4bb8-a256-3689ca1c2600} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{003e0278-eca8-4bb8-a256-3689ca1c2600} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{3BF043EF-A974-49B3-8322-B853CF1E5EC5} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{3BF043EF-A974-49B3-8322-B853CF1E5EC5} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{68ddbb56-9d1d-4fd9-89c5-c0da2a625392} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{68ddbb56-9d1d-4fd9-89c5-c0da2a625392} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{7849596a-48ea-486e-8937-a2a3009f31a9} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{78DE489B-7931-4f14-83B4-C56D38AC9FFA} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{78DE489B-7931-4f14-83B4-C56D38AC9FFA} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{811F592B-CDE7-4ca4-A6D4-7BB3F60AD8FB} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{900c0763-5cad-4a34-bc1f-40cd513679d5} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{AAA288BA-9A4C-45B0-95D7-94D524869DB5} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5} => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{B5CFEB0E-9C01-4942-A5CB-F62EB09D808F}" => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{B5CFEB0E-9C01-4942-A5CB-F62EB09D808F} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{DA67B8AD-E81B-4c70-9B91-B417B5E33527} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{DA67B8AD-E81B-4c70-9B91-B417B5E33527} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{EF4D1E1A-1C87-4AA8-8934-E68E4367468D} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{EF4D1E1A-1C87-4AA8-8934-E68E4367468D} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F08C5AC2-E722-4116-ADB7-CE41B527994B} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{F08C5AC2-E722-4116-ADB7-CE41B527994B} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F20487CC-FC04-4B1E-863F-D9801796130B} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{F20487CC-FC04-4B1E-863F-D9801796130B} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{fbeb8a05-beee-4442-804e-409d6c4515e9} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => not found
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{ff363bfe-4941-4179-a81c-f3f1ca72d820} => removed successfully
HKLM\Software\WOW6432Node\Classes\CLSID\{ff363bfe-4941-4179-a81c-f3f1ca72d820} => not found
"HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71D29B72-0309-4C8A-BFCF-2C1295941584} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\mso-minsb.16 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\osf-roaming.16 => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\osf.16 => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6487B533-BD62-4D5F-929A-A24C8CFBD58D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A823D28-F1C5-4639-9593-DA565527AB92}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6BD6D2D1-7AFA-4B30-936E-085BD4482ACD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{58448B69-7FCB-407C-8BAD-8614D91BC495}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1F4760CE-DD8D-40E9-A72F-F25F67C6A071}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6822AB70-07A0-4CE4-9551-CDA1F58ED00B}C:\program files (x86)\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3D1A5F28-9E42-49C3-9114-05B3FD8DFDBF}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DE43FF09-99AF-4925-BDB4-E2C6F7643DE1}C:\users\maste\onedrive\documents\hacking\burgundy 3 prev 6b\runnable.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4E6E66B9-A642-4317-98B3-FCA0400F631A}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9B04E773-C7E7-4E80-88C2-D4C31CA2ECF5}C:\users\maste\onedrive\documents\hacking\xenia-2015-06-16-en-win\emucr-xenia-20150616-x64\xenia.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FD9B03D5-24D3-42F8-8C4F-1C7FB0B24838}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C482F30-E40C-4D1E-B468-D76C486A0387}C:\users\maste\onedrive\documents\fortnight\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FF13D426-6023-495C-BEBD-D765D52D197B}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{88806313-401D-4F10-BB85-523EE7FD020A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E615A1E1-AEFB-40F1-8524-DEF20CD1E0F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2464A562-EE1F-41EC-B490-17253E309A5D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C5B2B492-BEC3-4961-A770-1A409A833C48}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{096A0E74-EA03-4D7E-AC42-8F7F28AC69D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{05769D45-4A69-4D7B-873D-D53E3948C11C}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{48F14BB2-914A-4FC4-8F36-3200F2B7AEE5}C:\program files (x86)\steam\steamapps\common\naruto to boruto\naruto\binaries\win64\naruto-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{030F0C82-CAE3-4547-9AFF-6BFA435F1C33}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89FF569B-37CD-4FD9-A8C8-612DD83E4CB5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FFE80353-96CB-4CE3-9A56-A126DF262CEC}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3360CD37-6B9F-4A90-B420-11F5AF4E8714}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD1516F4-FC16-4C90-A2BE-6B0297C934FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{806B7D6C-D6F5-4EC8-806E-F206472C7F74}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEBBB022-7C7F-4250-9EEE-33A13460CFF8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62D4863F-817B-4E11-842E-9DEA96103979}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7EC9646B-4F4C-41EC-859B-D13B8FF2414E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EAF96B6B-3DD8-4FB5-B675-66D0F2C692E8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4CD93ACD-CC81-461D-8E8D-0FD61B5E5B63}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CCA0A2F7-BBD3-4F0C-8C89-0380CC52A9A5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{163C55A6-CBE2-4231-B506-FF966029591F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E86DFFB-513D-4274-AB35-AFBE0CD7F57A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08FD9E29-89A8-4865-B105-8EBFDD7A8A0F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1A47F031-11C7-443D-9140-0791EC08FF2D}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9EAFBE2E-E01C-4168-ABBF-E922A4176E93}C:\users\maste\onedrive\documents\its a secret to everyone\god forbid here\hyperdeep\hyperdeep 0_1_1a\hdt\binaries\win64\hdt.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 455864897 B
Java, Flash, Steam htmlcache => 374024808 B
Windows/system/drivers => 25469670 B
Edge => 1447095 B
Chrome => 1105195431 B
Firefox => 45665134 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 573692 B
maste => 543489520 B

RecycleBin => 963740981 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:04:50 ====

The file from AdwCleaner wouldn't open so I went to the file location, here it is:

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-19-2021
# Duration: 00:00:32
# OS: Windows 10 Home
# Scanned: 3582
# Detected: 53

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.pokki C:\Users\Default\AppData\Local\Host App Service
Adware.pokki C:\Users\Public\App Explorer
Adware.pokki C:\Users\maste\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
PUP.Optional.MyWebSearch C:\Users\maste\AppData\Local\PDFCONVERTERHQTOOLTAB

***** [ Files ] *****

Adware.pokki C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
PUP.Optional.Legacy C:\Users\maste\Favorites\Links\ASK.url

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.pokki HKCU\Software\App Host Service
Adware.pokki HKCU\Software\Host App Service
Adware.pokki HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
PUP.Optional.DocToPDFConverter HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.com
PUP.Optional.DocToPDFConverter HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.dl.myway.com
PUP.Optional.DocToPDFConverter HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.dl.tb.ask.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDFConverterHQTooltab Uninstall Internet Explorer
PUP.Optional.Legacy HKCU\Software\PDFConverterHQ
PUP.Optional.Norassie HKCU\Software\Norassie

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.ACERAOPFramework Folder C:\Program Files (x86)\ACER\AOP FRAMEWORK
Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|PicstreamAgent
Preinstalled.ACERAOPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PicstreamAgent
Preinstalled.ACERClear.fiShellExtension Registry HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Preinstalled.AcerCollection Folder C:\Program Files (x86)\ACER\ACER COLLECTION
Preinstalled.AcerCollection Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53164ECF-A965-40AB-BC25-AEBB02A3A028}
Preinstalled.AcerCollection Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A26167B-39CB-44B2-938E-8203DECE21C6}
Preinstalled.AcerCollection Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Application
Preinstalled.AcerCollection Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Acer Collection Monitor Application
Preinstalled.AcerCollection Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{8CD449EA-BBA0-477F-AFF9-9AF6E8C50EF2}
Preinstalled.AcerCollection Task C:\Windows\System32\Tasks\ACER COLLECTION APPLICATION
Preinstalled.AcerCollection Task C:\Windows\System32\Tasks\ACER COLLECTION MONITOR APPLICATION
Preinstalled.AcerConfigurationManager Folder C:\Program Files (x86)\ACER\AMUNDSEN\2.1.16258
Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3F1F8D2-4A23-4DBA-9EDD-826CA37D0FE7}
Preinstalled.AcerConfigurationManager Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCMUpdateTask2.1.16258
Preinstalled.AcerConfigurationManager Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{414D554E-4453-454E-0201-000000016258}
Preinstalled.AcerConfigurationManager Task C:\Windows\System32\Tasks\ACERCMUPDATETASK2.1.16258
Preinstalled.AcerJumpstart Folder C:\Program Files (x86)\ACER\ACER JUMPSTART
Preinstalled.AcerJumpstart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4B92BFBE-917D-4FA1-97E9-DB9D91286E90}
Preinstalled.AcerPortal Folder C:\ProgramData\ACER\ACER PORTAL
Preinstalled.AcerPortal Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AcerPortal
Preinstalled.AcerPortal Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AcerPortal
Preinstalled.AcerPortal Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E203F715-C3B2-4131-97DE-F7DD9472A7A0}
Preinstalled.AcerPortal Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AcerCloud
Preinstalled.AcerPortal Task C:\Windows\System32\Tasks\ACERCLOUD
Preinstalled.AcerQuickAccess Folder C:\Program Files\ACER\ACER QUICK ACCESS
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Preinstalled.AcerQuickAccess Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\QUICK ACCESS
Preinstalled.AcerUEIPFramework Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.AcerabBox Registry HKLM\Software\Classes\CLSID\{5CCE71FA-9F61-4F24-9CD1-98D819B40D68}

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/19/21
Scan Time: 8:28 PM
Log File: 1eba14a6-7334-11eb-84f6-98eecb6c43d9.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37311
License: Trial

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: LightspeedMagic\maste

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 357758
Threats Detected: 8
Threats Quarantined: 0
Time Elapsed: 17 min, 39 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
Adware.Norassie, HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\SOFTWARE\Norassie, No Action By User, 8451, 361347, 1.0.37311, , ame, , ,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PDFConverterHQTooltab Uninstall Internet Explorer, No Action By User, 8398, 356944, , , , , ,
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\SOFTWARE\PDFConverterHQ, No Action By User, 8398, 769449, 1.0.37311, , ame, , ,

Registry Value: 2
PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\SOFTWARE\PDFConverterHQ|UNINSTALLSURVEYURL, No Action By User, 8398, 769449, 1.0.37311, , ame, , ,
PUP.Optional.MindSpark, HKU\S-1-5-21-4020477547-3387407824-3974748319-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PDFConverterHQTooltab Uninstall Internet Explorer|PUBLISHER, No Action By User, 373, 352442, 1.0.37311, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.MindSpark.Generic, C:\USERS\MASTE\APPDATA\LOCAL\PDFConverterHQTooltab, No Action By User, 8398, 356944, 1.0.37311, , ame, , ,

File: 2
PUP.Optional.MindSpark.Generic, C:\USERS\MASTE\APPDATA\LOCAL\PDFConverterHQTooltab\TooltabExtension.dll, No Action By User, 8398, 356944, 1.0.37311, , ame, , BC960383D1656E444BB0037A74BD5185, 8A9CE7852F05B574249E4F671D155297632AA563DD26B79695120801AC97E1FC
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, No Action By User, 477, 393793, 1.0.37311, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)
 
#9 · (Edited)
Hi, Mahatma7215.

The tools we used detected two of your installed programs as PUPs > potentially unwanted programs. I am talking about the following:
  • Cheat Engine 6.7
  • PDFConverterHQ Internet Explorer Homepage and New Tab
Since the second one is also detected as browser hijacker, I recommend you to uninstall it. It's your decision if you keep the first one. If you decide to uninstall it, do that in the step below.

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
 PDFConverterHQ Internet Explorer Homepage and New Tab
  • Select the above program and click Uninstall.
  • Restart the computer.

2. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The findings in Files, Folders and Registry parts of the log, are adware and PUPs which stands for Potentially Unwanted Programs. In the instructions below, I will list them all to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. I recommend you not to keep whatever you do not use/need. It's your computer, so your decision, however.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please attach it of the file in your next reply.

3. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is unchecked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
    • If you decide to keep the Cheat Engine, then do not select this:
      Code:
      PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, No Action By User, 477, 393793, 1.0.37311, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Attach it here, in your next reply.

4. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The Malwarebytes report
  3. The fresh FRST logs, FRST.txt and Addition.txt
  4. Feedback about how is the computer doing, questions/concerns.
Note: You didn't reply to my questions in my previous post:

But I would like you to tell us what's the problem you are experiencing regarding the specific computer. What do you mean you lost Creative Cloud? There are many Adobe products installed in your computer, which are included in the Creative Cloud. Do you have a legit license for them? Do you have a paid subscription about them?
 
#10 ·
Oops, sorry that I didn't answer the question.

Yes, it is a legit install of Adobe Creative Cloud. My son is in school and using the license from there. The issue he ran into was that illustrator wouldn't open, the computer said that the Application Manager needed to be reinstalled. After following the dead link, I found out that it has been changed to the Adobe Creative Cloud desktop app. I downloaded this and tried to install it, but after allowing the program permissions, it did nothing. I attempted to use the Creative Cloud uninstall tool, to the same result. so I was unable to uninstall or reinstall the Creative Cloud desktop app.

I opened the run box and typed appwiz.cpl, but the add/remove programs list did not open. I did not attempt to uninstall the program in any other way and moved on to the next step.

I have not attempted to install the Creative Cloud Desktop App again since we started trying to fix the computer. Aside from that it seems to be working ok.

You said to attach the files, so I did instead of pasting the contents, I hope that this is acceptable.

Thank you again for the help.
 

Attachments

#11 ·
Hi, Mahatma7215.

Thank you for the logs and all the info provided.

You did a good job by uninstalling whatever you don't need or use.

Yes, I prefer the attach method, when the logs are long, since I tend to miss lines when I read the logs from here. :)

I opened the run box and typed appwiz.cpl, but the add/remove programs list did not open.
The program is gone, but we have to look into that issue later.

1. Uninstall Chrome extensions

I'm coming back t this, since you said you don't see an extension named Relay. I suppose you don't see Tracker for Chrome or Classroom extensions either.

Please look for anything having s3.amazonaws.com in it.

lsrelay-extensions-production.s3.amazonaws.com
lightspeed-apps.s3.amazonaws.com

Or just s3.amazonaws.com
  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find s3.amazonaws.com and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

2. Eset Online Scan

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
 
#12 ·
Firstly, I don't see any of the extensions you mention. I have attached a png file of my Extension
Secondly it does nothing when I click Save Scan Log. I have stopped at this point since I don't want to go further without being able to post my scan log.
I attached a png of the scan report.
 

Attachments

#13 ·
Hi, Mahatma7215.

Based on your logs, you have many extensions (not only those in the picture) in your three profiles in Chrome:

Default
Guest Profile
Profile 1

The extensions I'm asking you to delete are in Profile 1.

If you don't use that profile, and since the extensions we want to delete are there, you may delete it, following the instructions here (See Remove a person or profile): https://support.google.com/chrome/answer/2364824?co=GENIE.Platform=Desktop&hl=en

As for the Eset scanner, it seems that it also detected Cheat Engine as a potentially unsafe application and removed it. Since two scanners detected it as such, I don't see any reason for you to continue having it installed in your computer.

Please attach fresh FRST logs in your next reply.
 
#15 ·
Unfortunately the Profile 1 is still present in your logs.

Let's make a clean install of Chrome.

1. Backup your Bookmarks

If your Chrome Bookmarks are important do this first:
Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome and save them to your Desktop. Note the instructions can also be used to Import the bookmarks.

2. Get ready - Download Chrome installer

Download Chrome installer and save to install later: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html https://www.google.com/intl/en_usa/chrome/browser/desktop/index.html

3. Completely uninstall Chrome

4. Install Google Chrome
  • Install Google Chrome using the installer you have already downloaded.
  • Import your Bookmarks.

After doing the above, please attach fresh FRST logs. Let's hope this time Chrome will return clean.
 
#16 ·
So I uninstalled it, after backing up my bookmarks.
I get an error when trying to install
It says that it needs a windows update,
I updated windows
one update failed to install

2021-02 .NET Core 3.1.12 Security Update for x64 Client (3)
Failed to install on ‎2/‎21/‎2021 - 0x80070643

Still can't install chrome
 

Attachments

#20 ·
So the problem is deeper here.

You have Dashlane Upgrade Service installed but not the Dashlane actual program. If you don't need it, please uninstall it now.

Let's make a system's check in case there is anything corrupted.

Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code:
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got, by attaching a screenshot.

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code:
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code:
    Windows Resource Protection did not find any integrity violations
    Windows Resource Protection found corrupt files and successfully repaired them
    Windows Resource Protection found corrupt files but was unable to fix some of them
    Windows Resource Protection could not perform the requested operation
  • Please post the result you got, by attaching a screenshot.
 
#24 ·
What do you mean the first of the exe files? I told you before that it was the second update in the catalog (https://www.catalog.update.microsoft.com/Search.aspx?q=.NET Core)

What error did you get when you used the Windows updates in Settings?

Since here it is 12:07, I will continue looking into this issue tomorrow.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top