Probably infected with TDSS rootkit | #firefox | #firefoxsecurity


I tried running tdsskiller after 1st not being able to download it (redirected to an about:blank page) and I got BSOD. (same thing on another pc I tried). Also I noticed when I extract and copy contents the speed fluctuates (it goes down to zero and then back to normal speeds).

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021

Ran by AAman (administrator) on PC1 (07-04-2021 14:19:21)

Running from C:UsersonextDesktop

Loaded Profiles: user & AAman

Platform: Windows 10 Enterprise Version 20H2 19042.867 (X64) Language: English (United States) -> English (United States)

Default browser: Edge

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() [File not signed] C:Bazarrnssm.exe

() [File not signed] C:nginxnginx.exe <2>

() [File not signed] C:Program Files (x86)IDBKUPSmartUPSmart.exe

() [File not signed] C:Program FilesqBittorrentqbittorrent.exe

() [File not signed] C:Python27pythonw.exe

(BigStretch) [File not signed] C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsMonkeymattBig Stretchbigstretch.exe

(BitTorrent Inc -> BitTorrent, Inc.) C:Program Files (x86)uTorrentuTorrent.exe

(DeepL GmbH) [File not signed] C:UsersonextAppDataLocalDeepLapp-2.3.1DeepL.exe

(ESET, spol. s r.o. -> ESET) C:Program FilesESETESET SecurityeguiProxy.exe

(ESET, spol. s r.o. -> ESET) C:Program FilesESETESET Securityekrn.exe

(Google LLC -> ) C:Program FilesGoogleDrivegoogledrivesync.exe <2>

(Google LLC -> ) C:Program FilesGoogleDrivenativeproxy.exe <3>

(Google LLC -> Google LLC) C:Program Files (x86)GoogleChromeApplicationchrome.exe <33>

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.72GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.72GoogleCrashHandler64.exe

(Hewlett-Packard Company -> Hewlett-Packard) C:Program Files (x86)HPHP Software Updatehpwuschd2.exe

(Iain Patterson) [File not signed] C:WindowsSystem32nssm.exe <2>

(JackettConsole) [File not signed] C:ProgramDataJackettJackettConsole.exe

(JackettService) [File not signed] C:ProgramDataJackettJackettService.exe

(JackettTray) [File not signed] C:ProgramDataJackettJackettTray.exe

(Mega Limited -> Mega Limited) C:UsersonextAppDataLocalMEGAsyncMEGAsync.exe

(Microsoft Corporation -> ) C:Program Files (x86)MicrosoftEdge BetaApplicationpwahelper.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdge BetaApplicationmsedge.exe <11>

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft Mouse and Keyboard CenterMKCHelper.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesPowerToysmoduleslauncherPowerLauncher.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesPowerToysPowerToys.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32MoUsoCoreWorker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32smartscreen.exe

(Notepad++ -> Don HO don.h@free.fr) C:Program FilesNotepad++notepad++.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationDisplay.NvContainerNVDisplay.Container.exe <2>

(Plex, Inc. -> ) C:Program Files (x86)PlexPlex Media ServerPlex Tuner Service.exe

(Plex, Inc. -> Plex, Inc.) C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe

(Plex, Inc. -> Plex, Inc.) C:Program Files (x86)PlexPlex Media ServerPlex Update Service.exe

(Plex, Inc. -> Python Software Foundation) C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe

(Python Software Foundation -> Python Software Foundation) C:BazarrWinPythonpython-3.8.0python.exe <2>

(radarr.video) [File not signed] C:ProgramDataRadarrbinRadarr.exe

(RouteThis Inc. -> ) C:UsersonextAppDataLocalVideostreamapp-0.4.3videostream-nativevideostream-native.exe <2>

(RouteThis Inc. -> Videostream) C:UsersonextAppDataLocalVideostreamapp-0.4.3Videostream.exe

(ShareX Team) [File not signed] C:Program FilesShareXShareX.exe

(Skype Software Sarl -> Skype Technologies S.A.) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe <5>

(sonarr.tv) [File not signed] C:ProgramDataSonarrbinSonarr.exe

(Tailscale Inc. -> Tailscale Inc.) C:Program Files (x86)Tailscale IPNtailscale-ipn.exe <3>

(The CefSharp Authors) [File not signed] C:UsersonextAppDataLocalDeepLapp-2.3.1x64CefSharp.BrowserSubprocess.exe <3>

(The PHP Group) [File not signed] C:nginxphpphp-cgi.exe <4>

0 C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe <6>

0 C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbweHxOutlook.exe

0 C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbweHxTsr.exe

0 C:Program FilesWindowsAppsMicrosoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbweWinStore.App.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [egui] => C:Program FilesESETESET SecurityecmdS.exe [175504 2020-11-04] (ESET, spol. s r.o. -> ESET)

HKLM…Run: [Wondershare Helper Compact.exe] => C:Program FilesCommon FilesWondershareWondershare Helper CompactWSHelper.exe

HKLM…Run: [WSVCUUpdateHelper.exe] => C:Program FilesWondershareWondershare UniConverterWSVCUUpdateHelper.exe

HKLM-x32…Run: [KeePass 2 PreLoad] => C:Program Files (x86)KeePass Password Safe 2KeePass.exe [3137728 2021-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)

HKLM-x32…Run: [HP Software Update] => C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)

HKLM-x32…Run: [Wondershare Helper Compact.exe] => C:Program Files (x86)Common FilesWondershareWondershare Helper CompactWSHelper.exe

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [Plex Media Server] => C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe [21674096 2021-04-01] (Plex, Inc. -> Plex, Inc.)

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [qBittorrent] => C:Program FilesqBittorrentqbittorrent.exe [26243584 2021-03-24] () [File not signed]

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [uTorrent] => C:Program Files (x86)uTorrentuTorrent.exe [399736 2019-07-30] (BitTorrent Inc -> BitTorrent, Inc.)

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [GoogleDriveSync] => C:Program FilesGoogleDrivegoogledrivesync.exe [50041472 2021-03-12] (Google LLC -> )

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [electron.app.Fing] => C:Program FilesFingFing.exe –processStart “Fing.exe” –process-start-args “–hidden”

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [Videostream] => C:UsersonextAppDataLocalVideostreamapp-0.4.3Videostream.exe [340584 2020-08-25] (RouteThis Inc. -> Videostream)

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [UPSmart] => C:Program Files (x86)IDBKUPSmartUPSmart.exe [3230208 2014-07-11] () [File not signed]

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [GlassWire] => “C:Program Files (x86)GlassWireglasswire.exe” -hide

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [DeepL] => C:UsersonextAppDataLocalDeepLapp-2.3.1DeepL.exe [199680 2021-04-07] (DeepL GmbH) [File not signed]

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [Skype for Desktop] => C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe [109945728 2021-02-12] (Skype Software Sarl -> Skype Technologies S.A.)

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [XperiaCompanionAgent] => “C:Program Files (x86)SonyXperia CompanionXperiaCompanionAgent.exe”

HKUS-1-5-21-3472972625-813258079-3912501916-1001…Run: [SUPERAntiSpyware] => C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

HKUS-1-5-21-3472972625-813258079-3912501916-1001…MountPoints2: {301c2dff-8328-11eb-82c5-60a44c5975da} – “E:startme.exe” 

HKUS-1-5-21-3472972625-813258079-3912501916-1001…MountPoints2: {feccbcff-e8c9-11ea-82a2-60a44c5975da} – “D:Setup.exe” 

HKUS-1-5-21-3472972625-813258079-3912501916-1004…Run: [NordVPN] => C:Program Files (x86)NordVPNNordVPN.exe

HKUS-1-5-21-3472972625-813258079-3912501916-1005…MountPoints2: {feccbcff-e8c9-11ea-82a2-60a44c5975da} – “D:Setup.exe” 

HKUS-1-5-18…Run: [Plex Media Server] => C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe [21674096 2021-04-01] (Plex, Inc. -> Plex, Inc.)

HKLM…PrintMonitorsHP C211 Status Monitor: C:WINDOWSsystem32hpinkstsC211LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)

HKLM…PrintMonitorsHP Discovery Port Monitor (HP Deskjet 2540 series): C:WINDOWSsystem32HPDiscoPMC211.dll [763912 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{43F137B0-8F4D-463B-AB83-ADEAD4F15096}] -> C:Program Files (x86)MicrosoftEdge BetaApplication90.0.818.27Installersetup.exe [2021-04-03] (Microsoft Corporation -> Microsoft Corporation)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication89.0.4389.114Installerchrmstp.exe [2021-04-02] (Google LLC -> Google LLC)

Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupTailscale.lnk [2020-09-18]

ShortcutTarget: Tailscale.lnk -> C:Program Files (x86)Tailscale IPNtailscale-ipn.exe (Tailscale Inc. -> Tailscale Inc.)

Startup: C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupBig Stretch Reminder Program.lnk [2020-11-13]

ShortcutTarget: Big Stretch Reminder Program.lnk -> C:UsersAAmanAppDataRoamingMicrosoftWindowsStart MenuProgramsMonkeymattBig Stretchbigstretch.exe (No File)

Startup: C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupJackett.lnk [2020-06-01]

ShortcutTarget: Jackett.lnk -> C:ProgramDataJackettJackettTray.exe (JackettTray) [File not signed]

Startup: C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMEGAsync.lnk [2019-10-08]

ShortcutTarget: MEGAsync.lnk -> C:UsersAAmanAppDataLocalMEGAsyncMEGAsync.exe (No File)

Startup: C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupRadarr.lnk [2020-12-11]

ShortcutTarget: Radarr.lnk -> C:ProgramDataRadarrbinRadarr.exe (radarr.video) [File not signed]

Startup: C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupShareX.lnk [2019-07-23]

ShortcutTarget: ShareX.lnk -> C:Program FilesShareXShareX.exe (ShareX Team) [File not signed]

Startup: C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSonarr.lnk [2020-10-25]

ShortcutTarget: Sonarr.lnk -> C:ProgramDataSonarrbinSonarr.exe (sonarr.tv) [File not signed]

Startup: C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsStartuptautuli.lnk [2018-12-25]

ShortcutTarget: tautuli.lnk -> C:Python27pythonw.exe () [File not signed]

Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION

HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {2ABFA613-10CF-4A29-AFE7-5ADFBFB0E159} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-07-23] (Google Inc -> Google LLC)

Task: {3E3B77A9-EF45-48DB-A2B9-647D66AC031B} – System32TasksMicrosoft_MKC_Logon_Task_ceip.exe => C:Program FilesMicrosoft Mouse and Keyboard Centerceip.exe [32624 2020-10-22] (Microsoft Corporation -> Microsoft)

Task: {47C607F1-E7FA-4FA2-B183-0EC40D7DD7AB} – System32TasksMEGAMEGAsync Update Task S-1-5-21-3472972625-813258079-3912501916-1001 => C:UsersonextAppDataLocalMEGAsyncMEGAupdater.exe [1303800 2021-03-01] (Mega Limited -> Mega Limited)

Task: {48139646-C4D7-4CA0-8367-7AD8D1F7E892} – System32TasksOneDrive Standalone Update Task-S-1-5-21-3472972625-813258079-3912501916-1005 => C:UsersAAmanAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe

Task: {4C84F7D7-C3F2-462C-9328-9F245122878F} – System32TasksMicrosoft_Hardware_Launch_mousekeyboardcenter_exe => C:Program FilesMicrosoft Mouse and Keyboard Centermousekeyboardcenter.exe [2311536 2020-10-22] (Microsoft Corporation -> Microsoft)

Task: {4ED342C7-C8DF-424B-BAA9-E8CB27608345} – System32TasksMicrosoft_Hardware_Launch_itype_exe => C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe [1910128 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)

Task: {54276DC5-1439-45ED-9FF9-4537C0021F2B} – System32TasksApple Diagnostics => eReporter-AppX.exe

Task: {6B477B77-EE3D-4476-9416-508D38DE8403} – System32TasksHPCustParticipation HP Deskjet 2540 series => C:Program FilesHPHP Deskjet 2540 seriesBinHPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)

Task: {7B84C6A8-8B40-41A3-A1D8-D403A065A221} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [154920 2019-07-23] (Google Inc -> Google LLC)

Task: {7CDDDA96-83F9-46FD-83BF-86F125F5FBE8} – System32Tasksnpcapwatchdog => C:Program FilesNpcapCheckStatus.bat [1145 2020-12-04] () [File not signed]

Task: {868F2318-2CC3-4867-B46D-506109208634} – System32TasksMicrosoft_MKC_Logon_Task_itype.exe => C:Program FilesMicrosoft Mouse and Keyboard Centeritype.exe [1910128 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)

Task: {A1138E0C-0CCE-4B6A-982A-D96F40C05E86} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [696816 2021-03-29] (Mozilla Corporation -> Mozilla Foundation)

Task: {A78B2653-A349-4A42-A8C7-2641A1C996FE} – System32TasksOneDrive Standalone Update Task-S-1-5-21-3472972625-813258079-3912501916-1004 => C:UsersAAmanAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe

Task: {AF8472D1-03EA-4297-82FC-7AD284437341} – System32TasksPowerToysAutorun for user => C:Program FilesPowerToysPowerToys.exe [1256840 2021-03-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {B38C3279-2CC2-4A20-B577-0C57554C9494} – System32TasksMicrosoft_MKC_Logon_Task_ipoint.exe => C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe [2434424 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)

Task: {D0356855-950F-40DD-BB5F-86BE1E64A6D5} – System32TasksOneDrive Standalone Update Task-S-1-5-21-3472972625-813258079-3912501916-1001 => C:UsersAAmanAppDataLocalMicrosoftOneDriveOneDriveStandaloneUpdater.exe

Task: {FECFDE2E-B3B7-491E-8838-2BA1E93BDDDF} – System32TasksMicrosoft_Hardware_Launch_ipoint_exe => C:Program FilesMicrosoft Mouse and Keyboard Centeripoint.exe [2434424 2020-10-22] (Microsoft Corporation -> Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:WINDOWSTasksCreateExplorerShellUnelevatedTask.job => C:WINDOWSexplorer.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip..Interfaces{053ce65f-8e1f-491f-8a60-19b7851361a5}: [NameServer] 1.1.1.1,8.8.4.4

 

Edge: 

=======

StartMenuInternet: Microsoft Edge Beta – C:Program Files (x86)MicrosoftEdge BetaApplicationmsedge.exe

 

FireFox:

========

FF HKUS-1-5-21-3472972625-813258079-3912501916-1001…FirefoxExtensions: [acewebextension_unlisted@acestream.org] – C:UsersonextAppDataRoamingACEStreamextensionsawefirefoxacewebextension_unlisted.xpi

FF Extension: (Ace Script) – C:UsersonextAppDataRoamingACEStreamextensionsawefirefoxacewebextension_unlisted.xpi [2018-11-26]

FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:Program FilesVideoLANVLCnpvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

FF ExtraCheck: C:Program Filesmozilla firefoxdefaultsprefeset_security_config_overlay.js [2021-04-07]

 

Chrome: 

=======

CHR HKUS-1-5-21-3472972625-813258079-3912501916-1001SOFTWAREGoogleChromeExtensions…ChromeExtension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

CHR HKUS-1-5-21-3472972625-813258079-3912501916-1001SOFTWAREGoogleChromeExtensions…ChromeExtension: [mjbepbhonbojpoaenhckjocchgfiaofo]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Bazarr; C:Bazarrnssm.exe [294912 2014-08-31] () [File not signed]

R2 ekrn; C:Program FilesESETESET Securityekrn.exe [2595360 2020-11-04] (ESET, spol. s r.o. -> ESET)

R3 ekrnEpfw; C:Program FilesESETESET Securityekrn.exe [2595360 2020-11-04] (ESET, spol. s r.o. -> ESET)

R2 Jackett; C:ProgramDataJackettJackettService.exe [418816 2021-04-07] (JackettService) [File not signed]

S3 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7456464 2021-01-10] (Malwarebytes Inc -> Malwarebytes)

S3 MicrosoftEdgeBetaElevationService; C:Program Files (x86)MicrosoftEdge BetaApplication90.0.818.27elevation_service.exe [1565592 2021-04-02] (Microsoft Corporation -> Microsoft Corporation)

R2 NGINX; C:WINDOWSsystem32nssm.exe [368640 2017-04-26] (Iain Patterson) [File not signed]

S4 Ombi; C:nssm-2.24win64nssm.exe [331264 2020-05-31] () [File not signed]

R2 PHP; C:WINDOWSsystem32nssm.exe [368640 2017-04-26] (Iain Patterson) [File not signed]

R2 PlexUpdateService; C:Program Files (x86)PlexPlex Media ServerPlex Update Service.exe [1437808 2021-04-01] (Plex, Inc. -> Plex, Inc.)

S2 Radarr-GR; C:nssm-2.24win64nssm.exe [331264 2020-05-31] () [File not signed]

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5352528 2021-03-09] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 Tailscale IPN; C:Program Files (x86)Tailscale IPNtailscale-ipn.exe [14231296 2020-08-10] (Tailscale Inc. -> Tailscale Inc.)

S3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

S2 Fing.Agent; C:Program FilesFingresourcesextraResourcesfingagent.exe –servicemode Fing.Agent –agentroot “C:UsersonextAppDataRoaming”

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 95336843; C:WINDOWSSystem32drivers39112344.sys [208216 2021-04-07] () [File not signed]

S0 amdkmafd; C:WINDOWSSystem32driversamdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

R3 AmUStor; C:WINDOWSsystem32driversAmUStorU.sys [136760 2019-05-07] (Alcorlink Corp. -> )

S3 AppleKmdfFilter; C:WINDOWSSystem32driversAppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 AppleLowerFilter; C:WINDOWSSystem32driversAppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

R1 eamonm; C:WINDOWSSystem32DRIVERSeamonm.sys [160992 2020-10-27] (ESET, spol. s r.o. -> ESET)

R0 edevmon; C:WINDOWSSystem32DRIVERSedevmon.sys [109360 2020-10-27] (ESET, spol. s r.o. -> ESET)

S0 eelam; C:WINDOWSSystem32DRIVERSeelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)

R1 ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [190464 2020-10-27] (ESET, spol. s r.o. -> ESET)

R1 epfwwfp; C:WINDOWSsystem32DRIVERSepfwwfp.sys [107784 2020-10-27] (ESET, spol. s r.o. -> ESET)

S3 ggsomc; C:WINDOWSSystem32driversggsomc.sys [32384 2018-03-14] (Sony Mobile Communications AB -> Sony Mobile Communications)

R3 LifeCamTrueColor; C:WINDOWSsystem32DRIVERSLifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation -> Microsoft Corporation)

R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [220616 2021-03-31] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

S3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-02-18] (Malwarebytes Inc -> Malwarebytes)

R1 npcap; C:WINDOWSsystem32DRIVERSnpcap.sys [74616 2020-12-12] (Insecure.Com LLC -> Insecure.Com LLC.)

S4 npcap_wifi; C:WINDOWSsystem32DRIVERSnpcap.sys [74616 2020-12-12] (Insecure.Com LLC -> Insecure.Com LLC.)

S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 ssudqcfilter; C:WINDOWSSystem32driversssudqcfilter.sys [64912 2017-05-18] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)

R3 tap0901; C:WINDOWSSystem32driverstap0901.sys [27136 2018-02-01] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S3 tapnordvpn; C:WINDOWSSystem32driverstapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)

U5 vsock; C:WindowsSystem32Driversvsock.sys [92040 2019-04-27] (VMware, Inc. -> VMware, Inc.)

S3 WdBoot; C:WINDOWSsystem32driversWdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:WINDOWSsystem32driversWdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

S3 wdm_usb; C:WINDOWSSystem32driversusb2ser.sys [151184 2016-07-15] (NGO -> MBB)

S3 WdNisDrv; C:WINDOWSSystem32DriversWdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

R3 wintun; C:WINDOWSSystem32driverswintun.sys [31096 2020-01-15] (WDKTestCert apenw,131978594335802643 -> WireGuard LLC)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-04-07 14:19 – 2021-04-07 14:20 – 000022941 _____ C:UsersonextDesktopFRST.txt

2021-04-07 14:10 – 2021-04-07 14:19 – 000000000 ____D C:FRST

2021-04-07 14:07 – 2021-04-07 14:07 – 002298368 _____ (Farbar) C:UsersonextDesktopFRST64.exe

2021-04-07 13:40 – 2021-04-07 13:40 – 000286624 _____ C:UsersonextDesktopminidump_new.zip

2021-04-07 13:39 – 2021-04-07 13:30 – 002012924 _____ C:UsersonextDesktop40721-8468-01.dmp

2021-04-07 13:30 – 2021-04-07 13:30 – 002012924 _____ C:WINDOWSMinidump40721-8468-01.dmp

2021-04-07 13:30 – 2021-04-07 13:30 – 000208216 _____ C:WINDOWSsystem32Drivers39112344.sys

2021-04-07 13:30 – 2021-04-07 13:30 – 000000522 _____ C:TDSSKiller.2.8.16.0_07.04.2021_13.30.02_log.txt

2021-04-07 13:29 – 2021-04-07 13:29 – 002237968 _____ (Kaspersky Lab ZAO) C:UsersonextDesktoptdsskiller.exe

2021-04-05 16:06 – 2021-04-05 16:06 – 000001181 _____ C:ProgramDataDesktopLibreOffice 7.1.lnk

2021-04-05 16:06 – 2021-04-05 16:06 – 000000000 ___SD C:ProgramDataMicrosoftWindowsStart MenuProgramsLibreOffice 7.1

2021-04-05 16:05 – 2021-04-05 16:05 – 000000000 ____D C:Program FilesLibreOffice

2021-04-05 14:15 – 2021-04-05 14:15 – 000000000 ____D C:UsersAAmanAppDataRoamingmpv

2021-04-05 14:13 – 2021-04-05 14:14 – 000000000 ____D C:Program Files (x86)MP3Gain

2021-04-05 14:13 – 2021-04-05 14:13 – 000000000 ____D C:UsersAAmanAppDataRoamingMicrosoftWindowsStart MenuProgramsMP3Gain

2021-04-05 00:03 – 2021-04-05 00:03 – 000255928 _____ (Malwarebytes) C:WINDOWSsystem32Drivers65234784.sys

2021-04-05 00:02 – 2021-04-05 11:59 – 000000000 ____D C:ProgramDataMalwarebytes’ Anti-Malware (portable)

2021-04-04 09:33 – 2021-04-04 09:33 – 000000000 ____D C:UsersonextAppDataRoamingSUPERAntiSpyware.com

2021-04-03 14:15 – 2021-04-03 14:16 – 000000000 ____D C:Usersonextperformance

2021-04-03 12:35 – 2021-04-03 12:35 – 000000000 ____D C:SymCache

2021-04-03 12:33 – 2021-04-03 12:41 – 000000000 ____D C:UsersonextAppDataLocalWindows Performance Analyzer

2021-04-03 12:33 – 2021-04-03 12:33 – 000000000 ____D C:UsersonextDocumentsWPA Files

2021-04-03 12:32 – 2021-04-03 12:32 – 000000000 ____D C:UsersAAmanDocumentsWPR Files

2021-04-03 12:27 – 2021-04-03 12:27 – 000000000 ____D C:ProgramDataWindowsPerformanceRecorder

2021-04-02 22:51 – 2021-04-02 22:57 – 637560832 _____ C:UsersonextDownloadskrd.iso

2021-04-02 21:14 – 2021-04-02 21:14 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPlex Media Server

2021-04-02 21:13 – 2021-04-02 21:13 – 000000000 ____D C:Program Files (x86)Plex

2021-04-02 13:01 – 2021-04-02 13:01 – 000036200 _____ (Sysinternals – www.sysinternals.com) C:WINDOWSsystem32DriversPROCEXP152.SYS

2021-04-01 22:30 – 2021-04-07 13:30 – 000000000 ____D C:WINDOWSsystem32TasksPowerToys

2021-04-01 22:30 – 2021-04-01 22:30 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsPowerToys (Preview)

2021-04-01 22:30 – 2021-04-01 22:30 – 000000000 ____D C:Program FilesPowerToys

2021-03-31 19:05 – 2021-04-01 06:46 – 000000000 ____D C:ProgramDataHitmanPro

2021-03-31 18:54 – 2021-04-07 13:30 – 1237314764 _____ C:WINDOWSMEMORY.DMP

2021-03-31 18:54 – 2021-03-31 18:55 – 003041556 _____ C:WINDOWSMinidump33121-12078-01.dmp

2021-03-31 18:46 – 2021-04-01 06:41 – 000003020 _____ C:UsersAAmanDesktopRkill.txt

2021-03-31 18:36 – 2021-03-31 18:36 – 000220616 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys

2021-03-30 22:39 – 2021-03-30 22:39 – 000000000 ____D C:WINDOWSsystem32TasksMozilla

2021-03-29 13:16 – 2021-03-31 18:54 – 000000000 ____D C:Program FilesMozilla Firefox

2021-03-25 19:40 – 2021-03-25 19:40 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsqBittorrent

2021-03-25 19:40 – 2021-03-25 19:40 – 000000000 ____D C:Program FilesqBittorrent

2021-03-20 19:38 – 2021-03-20 19:38 – 002534855 _____ C:UsersonextDownloadsChina The Bubble that Never Pops by Thomas Orlik (z-lib.org).epub

2021-03-19 21:07 – 2021-03-19 21:07 – 000000000 ____D C:ProgramDataGlassWire

2021-03-17 00:33 – 2021-03-17 00:33 – 000000120 _____ C:UsersonextAppDataRoamingFixVTS.ini

2021-03-16 23:02 – 2007-08-31 19:36 – 000036864 _____ (Robdogg Inc.) C:WINDOWSSysWOW64trayicon_handler.ocx

2021-03-16 23:02 – 2003-01-26 14:41 – 000040960 _____ (vbAccelerator) C:WINDOWSSysWOW64ssubtmr6.dll

2021-03-16 23:01 – 2021-03-16 23:01 – 012951423 _____ (Dennis Meuwissen ) C:UsersonextDownloadsdvdflick_setup_1.3.0.7.exe

2021-03-16 22:38 – 2021-03-16 22:38 – 000000000 ____D C:Usersonext.fontconfig

2021-03-16 22:37 – 2021-03-16 22:38 – 000000000 ____D C:UsersonextAppDataLocalMovavi

2021-03-16 22:37 – 2021-03-16 22:37 – 000012653 _____ C:ProgramDatamerjmevq.cmt

2021-03-16 22:37 – 2021-03-16 22:37 – 000000016 _____ C:ProgramDatamntemp

2021-03-16 22:37 – 2021-03-16 22:37 – 000000000 ____D C:UsersonextAppDataLocalCrashRpt

2021-03-16 22:37 – 2021-03-16 22:37 – 000000000 ____D C:UsersonextAppDataLocalConverterAgent

2021-03-16 22:37 – 2021-03-16 22:37 – 000000000 ____D C:UsersonextAppDataLocalconverter

2021-03-16 22:37 – 2021-03-16 22:37 – 000000000 ____D C:ProgramDatamovavi

2021-03-16 22:33 – 2021-03-16 22:33 – 000000000 ____D C:UsersonextAppDataRoamingAshampoo

2021-03-16 22:33 – 2021-03-16 22:33 – 000000000 ____D C:UsersonextAppDataLocalAshampoo

2021-03-16 22:32 – 2021-03-17 00:34 – 000000000 ____D C:ProgramDataAshampoo

2021-03-16 22:32 – 2021-03-16 22:32 – 000000000 ____D C:UsersAAmanAppDataLocalashampoo

2021-03-16 21:10 – 2021-03-16 23:17 – 000099384 _____ C:UsersAAmanAppDataRoaminginst.exe

2021-03-16 21:10 – 2021-03-16 23:17 – 000082816 _____ (VSO Software) C:UsersAAmanAppDataRoamingpcouffin.sys

2021-03-16 21:10 – 2021-03-16 23:17 – 000007859 _____ C:UsersAAmanAppDataRoamingpcouffin.cat

2021-03-16 21:10 – 2021-03-16 21:24 – 000000000 ____D C:UsersonextDocumentsConvertXtoDVD_Resources

2021-03-16 21:10 – 2021-03-16 21:10 – 000000000 ____D C:UsersonextAppDataRoamingVSO

2021-03-16 21:10 – 2021-03-16 21:10 – 000000000 ____D C:UsersAAmanDocumentsPcSetup

2021-03-16 21:09 – 2021-03-16 23:17 – 000000000 ____D C:UsersAAmanAppDataRoamingVSO

2021-03-16 21:09 – 2021-03-16 23:17 – 000000000 ____D C:ProgramDataVSO

2021-03-16 21:02 – 2021-03-16 21:02 – 000000000 ____D C:UsersonextAppDataRoamingWondershare

2021-03-16 21:02 – 2021-03-16 21:02 – 000000000 ____D C:UsersonextAppDataRoamingTransferSupport

2021-03-16 21:02 – 2021-03-16 21:02 – 000000000 ____D C:UsersonextAppDataLocalWondershare

2021-03-16 21:02 – 2021-03-16 21:02 – 000000000 ____D C:UsersAAmanAppDataLocalCrashDumps

2021-03-16 20:50 – 2021-03-16 20:50 – 000000000 ____D C:Program Files (x86)WondershareUpdate

2021-03-16 20:49 – 2021-03-16 20:49 – 000000000 ____D C:UsersAAmanAppDataRoamingWondershare

2021-03-16 20:49 – 2021-03-16 20:49 – 000000000 ____D C:UsersAAmanAppDataRoamingNVIDIA

2021-03-16 20:49 – 2021-03-16 20:49 – 000000000 ____D C:UsersAAmanAppDataLocalWondershare

2021-03-16 20:49 – 2021-03-16 20:49 – 000000000 ____D C:ProgramDataGraphicsType

2021-03-16 20:48 – 2021-03-16 21:08 – 000000000 ____D C:Program FilesWondershare

2021-03-16 20:00 – 2021-03-16 20:00 – 004246756 _____ C:WINDOWSMinidump31621-15531-01.dmp

2021-03-14 16:38 – 2021-03-14 17:53 – 000000000 ____D C:UsersonextAppDataRoamingWireshark

2021-03-14 16:38 – 2021-03-14 16:38 – 000003166 _____ C:WINDOWSsystem32Tasksnpcapwatchdog

2021-03-14 16:38 – 2021-03-14 16:38 – 000001827 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsWireshark.lnk

2021-03-14 16:38 – 2021-03-14 16:38 – 000000000 ____D C:WINDOWSSysWOW64Npcap

2021-03-14 16:38 – 2021-03-14 16:38 – 000000000 ____D C:WINDOWSsystem32Npcap

2021-03-14 16:37 – 2021-03-14 16:38 – 000000000 ____D C:Program FilesNpcap

2021-03-14 16:36 – 2021-03-14 16:38 – 000000000 ____D C:Program FilesWireshark

2021-03-12 18:48 – 2021-03-12 18:48 – 000874572 _____ C:UsersonextDownloadsCritique of Pure Reason by Immanuel Kant Paul Guyer, Allen W. Wood (z-lib.org).epub

2021-03-12 18:43 – 2021-03-12 18:43 – 040178886 _____ C:UsersonextDownloadsCritique of Pure Reason by Immanuel Kant, Paul Guyer (Editor, Translator), Allen W. Wood (Editor, Translator) (z-lib.org).pdf

2021-03-12 15:18 – 2021-03-12 15:18 – 000000000 ____D C:ProgramDataSony Mobile

2021-03-12 15:18 – 2021-03-12 15:18 – 000000000 ____D C:Program FilesDIFX

2021-03-12 15:01 – 2021-03-12 15:01 – 000000000 ____D C:UsersonextDocumentsSony

2021-03-12 15:01 – 2021-03-12 15:01 – 000000000 ____D C:UsersonextAppDataRoamingApple Computer

2021-03-12 15:01 – 2021-03-12 15:01 – 000000000 ____D C:UsersAAmanDocumentsSony

2021-03-09 23:51 – 2021-03-09 23:51 – 002755584 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.tlb

2021-03-09 23:51 – 2021-03-09 23:51 – 002755584 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.tlb

2021-03-09 23:51 – 2021-03-09 23:51 – 001822272 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi

2021-03-09 23:51 – 2021-03-09 23:51 – 001394024 _____ (Microsoft Corporation) C:WINDOWSsystem32winresume.efi

2021-03-09 23:51 – 2021-03-09 23:51 – 001314128 _____ (Microsoft Corporation) C:WINDOWSsystem32SecConfig.efi

2021-03-09 23:51 – 2021-03-09 23:51 – 001163776 _____ C:WINDOWSsystem32MBR2GPT.EXE

2021-03-09 23:51 – 2021-03-09 23:51 – 000611952 _____ C:WINDOWSSysWOW64TextShaping.dll

2021-03-09 23:51 – 2021-03-09 23:51 – 000480256 _____ C:WINDOWSsystem32AssignedAccessCsp.dll

2021-03-09 23:51 – 2021-03-09 23:51 – 000011359 _____ C:WINDOWSsystem32DrtmAuthTxt.wim

2021-03-09 23:50 – 2021-03-09 23:50 – 000707016 _____ C:WINDOWSsystem32TextShaping.dll

2021-03-09 23:50 – 2021-03-09 23:50 – 000231248 _____ C:WINDOWSsystem32containerdevicemanagement.dll

2021-03-09 23:50 – 2021-03-09 23:50 – 000091136 _____ C:WINDOWSsystem32Driverscimfs.sys

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-04-07 14:21 – 2020-09-13 11:36 – 000000000 ____D C:ProgramDataSonarr

2021-04-07 14:20 – 2019-08-07 20:57 – 000000000 ____D C:ProgramDataRadarr

2021-04-07 14:17 – 2019-07-23 14:49 – 000000000 ____D C:UsersonextAppDataRoamingqBittorrent

2021-04-07 14:15 – 2019-12-07 12:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-04-07 14:11 – 2019-07-30 18:55 – 000000000 ____D C:UsersonextAppDataRoaminguTorrent

2021-04-07 14:08 – 2019-03-05 10:45 – 000000000 ____D C:Tautulli

2021-04-07 13:52 – 2019-07-23 14:25 – 000000000 ____D C:UsersonextAppDataRoamingKeePass

2021-04-07 13:40 – 2021-01-31 14:06 – 000000000 ____D C:UsersAAman

2021-04-07 13:37 – 2020-08-11 11:16 – 000551756 _____ C:WINDOWSsystem32perfh008.dat

2021-04-07 13:37 – 2020-08-11 11:16 – 000088752 _____ C:WINDOWSsystem32perfc008.dat

2021-04-07 13:37 – 2020-08-11 11:14 – 000487072 _____ C:WINDOWSsystem32perfh011.dat

2021-04-07 13:37 – 2020-08-11 11:14 – 000132800 _____ C:WINDOWSsystem32perfc011.dat

2021-04-07 13:37 – 2020-08-11 03:52 – 002079026 _____ C:WINDOWSsystem32PerfStringBackup.INI

2021-04-07 13:37 – 2019-12-07 12:13 – 000000000 ____D C:WINDOWSINF

2021-04-07 13:37 – 2017-06-11 02:00 – 000000000 ____D C:UsersonextDesktop245

2021-04-07 13:31 – 2020-10-20 09:22 – 000000000 ____D C:WINDOWSMinidump

2021-04-07 13:31 – 2020-09-18 15:53 – 000000000 ____D C:UsersonextAppDataLocalTailscale

2021-04-07 13:31 – 2020-07-03 14:02 – 000000000 ____D C:UsersonextAppDataLocalVideostream

2021-04-07 13:31 – 2019-07-23 14:54 – 000000000 ____D C:UsersonextAppDataLocalPlex Media Server

2021-04-07 13:30 – 2020-08-11 03:53 – 000000006 ____H C:WINDOWSTasksSA.DAT

2021-04-07 13:30 – 2020-08-11 03:43 – 000000000 ____D C:Usersonext

2021-04-07 13:30 – 2020-08-11 03:40 – 000527592 _____ C:WINDOWSsystem32FNTCACHE.DAT

2021-04-07 13:30 – 2020-08-11 03:40 – 000008192 ___SH C:DumpStack.log.tmp

2021-04-07 13:30 – 2020-08-11 03:40 – 000000000 ____D C:WINDOWSsystem32SleepStudy

2021-04-07 13:30 – 2019-07-23 13:54 – 000000000 ____D C:ProgramDataNVIDIA

2021-04-07 11:59 – 2017-03-23 22:57 – 000000000 ____D C:UsersonextDocumentsShareX

2021-04-07 11:19 – 2020-12-09 18:42 – 000002159 _____ C:UsersonextDesktopDeepL.lnk

2021-04-07 11:19 – 2020-12-09 18:42 – 000000000 ____D C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsDeepL GmbH

2021-04-07 11:19 – 2020-12-09 18:42 – 000000000 ____D C:UsersonextAppDataLocalDeepL_GmbH

2021-04-07 11:19 – 2020-12-09 18:42 – 000000000 ____D C:UsersonextAppDataLocalDeepL

2021-04-07 04:21 – 2020-05-31 10:02 – 000000000 ____D C:ProgramDataJackett

2021-04-07 00:53 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSAppReadiness

2021-04-06 17:38 – 2019-07-25 20:56 – 000000000 ____D C:UsersonextAppDataRoamingAnki2

2021-04-05 16:04 – 2021-02-18 23:32 – 000007610 _____ C:UsersAAmanAppDataLocalResmon.ResmonCfg

2021-04-05 15:56 – 2020-09-29 17:35 – 000000000 ____D C:UsersonextAppDataRoamingTaiga

2021-04-05 13:21 – 2019-09-05 21:06 – 000000000 ___RD C:UsersonextDocumentsScanned Documents

2021-04-05 00:03 – 2020-05-22 15:42 – 000000000 ____D C:ProgramDataMalwarebytes

2021-04-04 14:21 – 2019-12-07 12:03 – 000000000 ____D C:WINDOWSCbsTemp

2021-04-04 14:19 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSSystemResources

2021-04-04 14:19 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSPolicyDefinitions

2021-04-04 04:34 – 2019-12-07 12:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-04-04 00:18 – 2021-01-30 01:11 – 000000000 ____D C:UsersonextAppDataLocalLowIGDump

2021-04-03 15:58 – 2019-07-23 14:54 – 000000000 ____D C:ProgramDataPackage Cache

2021-04-03 11:18 – 2020-09-02 07:10 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-04-03 11:18 – 2020-09-02 07:10 – 000002276 _____ C:ProgramDataDesktopMicrosoft Edge.lnk

2021-04-03 01:18 – 2019-08-22 17:57 – 000002357 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge Beta.lnk

2021-04-03 01:18 – 2019-08-22 17:57 – 000002316 _____ C:ProgramDataDesktopMicrosoft Edge Beta.lnk

2021-04-02 23:07 – 2019-12-07 12:03 – 001048576 _____ C:WINDOWSsystem32configBBI

2021-04-02 23:06 – 2020-05-21 16:20 – 000000000 ____D C:UsersonextAppDataLocalCrashDumps

2021-04-02 17:18 – 2019-09-22 12:48 – 000000000 ____D C:UsersonextAppDataLocalAirflow

2021-04-02 03:02 – 2017-04-20 18:57 – 000002301 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-04-02 03:02 – 2017-04-20 18:57 – 000002260 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2021-03-31 18:54 – 2019-07-30 23:03 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service

2021-03-31 18:25 – 2020-08-01 09:54 – 000000000 ____D C:UsersonextDesktopTools

2021-03-31 18:25 – 2018-08-09 18:26 – 000000877 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsNotepad++.lnk

2021-03-30 22:46 – 2019-07-30 23:03 – 000000000 ____D C:ProgramDataMozilla

2021-03-30 22:46 – 2017-11-15 10:36 – 000000000 ____D C:UsersonextAppDataLocalLowMozilla

2021-03-30 22:39 – 2019-07-03 18:10 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk

2021-03-26 12:57 – 2019-07-29 12:51 – 000000128 _____ C:UsersonextAppDataLocalPUTTY.RND

2021-03-24 10:05 – 2019-01-25 17:22 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBackup and Sync from Google

2021-03-23 19:27 – 2019-08-09 14:23 – 000000000 ____D C:UsersonextAppDataRoamingvlc

2021-03-23 19:26 – 2019-09-03 20:29 – 000000000 ____D C:UsersonextAppDataLocalPlex

2021-03-22 21:23 – 2019-09-04 18:02 – 000000000 ____D C:UsersonextAppDataLocalSpotify

2021-03-22 21:22 – 2019-09-04 18:01 – 000000000 ____D C:UsersonextAppDataRoamingSpotify

2021-03-18 21:18 – 2020-01-15 16:59 – 000000000 ____D C:UsersonextDesktopΚΑΠΕΛΑΣ

2021-03-16 21:22 – 2020-07-03 17:56 – 000000000 ____D C:UsersonextAppDataRoamingdvdcss

2021-03-16 20:49 – 2018-06-28 18:26 – 000000000 ____D C:ProgramDataDocumentsWondershare

2021-03-15 12:44 – 2019-05-31 03:34 – 000015824 _____ (ESET) C:WINDOWSsystem32Driverseelam.sys

2021-03-15 05:16 – 2020-08-11 03:53 – 000003352 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3472972625-813258079-3912501916-1001

2021-03-15 05:16 – 2020-08-11 03:43 – 000002363 _____ C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-03-15 05:16 – 2017-03-22 00:00 – 000000000 ___RD C:UsersonextOneDrive

2021-03-10 01:52 – 2019-12-07 12:54 – 000000000 ___SD C:WINDOWSsystem32AppV

2021-03-10 01:52 – 2019-12-07 12:54 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSSysWOW64setup

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSSysWOW64oobe

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSSysWOW64Dism

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSsystem32WinBioPlugIns

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSsystem32SystemResetPlatform

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSsystem32setup

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSsystem32oobe

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSsystem32Dism

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSProvisioning

2021-03-10 01:52 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSbcastdvr

2021-03-09 23:39 – 2019-07-23 19:58 – 000000000 ____D C:WINDOWSsystem32MRT

2021-03-09 23:34 – 2020-10-09 21:10 – 000000000 ____D C:Program Filesdotnet

2021-03-09 23:34 – 2019-07-23 19:58 – 131005360 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

2021-03-09 23:32 – 2019-12-07 12:14 – 000000000 ____D C:WINDOWSRegistration

2021-03-09 20:53 – 2019-07-23 14:10 – 000000000 ____D C:UsersonextAppDataLocalPlaceholderTileLogoFolder

2021-03-09 20:53 – 2019-07-23 14:06 – 000000000 ____D C:UsersonextAppDataLocalPackages

2021-03-09 20:53 – 2019-07-23 14:06 – 000000000 ____D C:ProgramDataPackages

2021-03-09 00:22 – 2017-10-31 14:25 – 000000000 ____D C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsPopcorn-Time

 

==================== Files in the root of some directories ========

 

2021-03-16 21:10 – 2021-03-16 23:17 – 000099384 _____ () C:UsersAAmanAppDataRoaminginst.exe

2021-03-16 21:10 – 2021-03-16 23:17 – 000007859 _____ () C:UsersAAmanAppDataRoamingpcouffin.cat

2021-03-16 21:10 – 2021-03-16 23:17 – 000001167 _____ () C:UsersAAmanAppDataRoamingpcouffin.inf

2021-03-16 21:10 – 2021-03-16 23:17 – 000000055 _____ () C:UsersAAmanAppDataRoamingpcouffin.log

2021-03-16 21:10 – 2021-03-16 23:17 – 000082816 _____ (VSO Software) C:UsersAAmanAppDataRoamingpcouffin.sys

2021-02-18 23:32 – 2021-04-05 16:04 – 000007610 _____ () C:UsersAAmanAppDataLocalResmon.ResmonCfg

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021

Ran by AAman (07-04-2021 14:21:20)

Running from C:UsersonextDesktop

Windows 10 Enterprise Version 20H2 19042.867 (X64) (2020-08-11 00:53:25)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

AAman (S-1-5-21-3472972625-813258079-3912501916-1015 – Administrator – Enabled) => C:UsersAAman

Administrator (S-1-5-21-3472972625-813258079-3912501916-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-3472972625-813258079-3912501916-503 – Limited – Disabled)

dhmhtra (S-1-5-21-3472972625-813258079-3912501916-1005 – Limited – Enabled) => C:Usersdhmhtra

Guest (S-1-5-21-3472972625-813258079-3912501916-501 – Limited – Disabled)

guest1996 (S-1-5-21-3472972625-813258079-3912501916-1004 – Limited – Enabled) => C:Usersguest1996

user (S-1-5-21-3472972625-813258079-3912501916-1001 – Limited – Enabled) => C:Usersonext

WDAGUtilityAccount (S-1-5-21-3472972625-813258079-3912501916-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: ESET Security (Enabled – Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: ESET Security (Enabled – Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}

AV: ESET Security (Enabled – Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKLM-x32…uTorrent) (Version: 2.2.1 – )

7-Zip 19.00 (x64) (HKLM…7-Zip) (Version: 19.00 – Igor Pavlov)

Airflow (64-bit) (HKLM…Airflow (64-bit)) (Version: 3.2.0 – BitCave)

Anki (HKLM-x32…Anki) (Version: 2.1.35 – )

Authy Desktop (HKUS-1-5-21-3472972625-813258079-3912501916-1001…authy-electron) (Version: 1.8.3 – Twilio Inc.)

Backup and Sync from Google (HKLM…{3CBE1074-3A4F-4BA6-95E3-7A660B54FE33}) (Version: 3.55.3625.9414 – Google, Inc.)

Bazarr (HKLM-x32…{EEC3B85A-0666-4A5A-BD10-9BD1C237FEF0}_is1) (Version:  – Bazarr)

Big Stretch Reminder (HKLM-x32…BigStretch_is1) (Version: 2.1 – MonkeyMatt)

DeepL (HKUS-1-5-21-3472972625-813258079-3912501916-1001…DeepL) (Version: 2.3.1 – DeepL GmbH)

ESET Security (HKLM…{91C0EC98-6614-4E9B-ABD7-6BAC18CD8067}) (Version: 14.0.22.0 – ESET, spol. s r.o.)

Google Chrome (HKLM-x32…Google Chrome) (Version: 89.0.4389.114 – Google LLC)

HexChat (HKLM…HexChat_is1) (Version: 2.14.3 – HexChat)

HP Deskjet 2540 series Basic Device Software (HKLM…{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 – Hewlett-Packard Co.)

HP Deskjet 2540 series Help (HKLM-x32…{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 – Hewlett Packard)

HP Photo Creations (HKLM-x32…HP Photo Creations) (Version: 1.0.0.7702 – HP)

HP Update (HKLM-x32…{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 – Hewlett-Packard)

iCloud Outlook (HKLM…{BC06C9EA-78BE-4B52-BA89-E6FAAFBF3CB0}) (Version: 12.2.0.10 – Apple Inc.)

Jackett (HKLM-x32…{C2A9FC00-AA48-4F17-9A72-62FBCEE2785B}_is1) (Version: 0.16.585.0 – Jackett)

JDownloader 2 (HKLM-x32…jdownloader2) (Version: 2.0 – AppWork GmbH)

KeePass Password Safe 2.47 (HKLM-x32…KeePassPasswordSafe2_is1) (Version: 2.47 – Dominik Reichl)

LibreOffice 7.1.2.2 (HKLM…{07426A34-E0CD-4EC4-843B-F7A47C7BC835}) (Version: 7.1.2.2 – The Document Foundation)

Link Shell Extension (HKLM…HardlinkShellExt) (Version: 3.9.2.5 – Hermann Schinagl)

Malwarebytes version 4.3.0.98 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 – Malwarebytes)

MediaHuman YouTube to MP3 Converter 3.9.9.52 (HKLM-x32…MediaHuman YouTube to MP3 Converter_is1) (Version: 3.9.9.52 – MediaHuman)

MEGAsync (HKLM-x32…MEGAsync) (Version:  – Mega Limited)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 89.0.774.68 – Microsoft Corporation)

Microsoft Edge Beta (HKLM-x32…Microsoft Edge Beta) (Version: 90.0.818.27 – Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM…Microsoft Mouse and Keyboard Center) (Version: 13.222.137.0 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-3472972625-813258079-3912501916-1001…OneDriveSetup.exe) (Version: 21.030.0211.0002 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-3472972625-813258079-3912501916-1004…OneDriveSetup.exe) (Version: 19.152.0927.0012 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-3472972625-813258079-3912501916-1005…OneDriveSetup.exe) (Version: 20.169.0823.0008 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.30319 (HKLM…{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.30319 (HKLM-x32…{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29910 (HKLM-x32…{53f1dc9d-ed94-4650-a079-129785ce7905}) (Version: 14.28.29910.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32…{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)

Microsoft Windows Desktop Runtime – 3.1.13 (x64) (HKLM-x32…{df32638d-0722-47cb-b084-3dd851b1146e}) (Version: 3.1.13.29816 – Microsoft Corporation)

MKVToolNix 48.0.0 (64-bit) (HKLM-x32…MKVToolNix) (Version: 48.0.0 – Moritz Bunkus)

Mozilla Firefox 87.0 (x64 en-US) (HKLM…Mozilla Firefox 87.0 (x64 en-US)) (Version: 87.0 – Mozilla)

Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 68.0.1 – Mozilla)

Notepad++ (64-bit x64) (HKLM…Notepad++) (Version: 7.9.5 – Notepad++ Team)

Npcap (HKLM-x32…NpcapInst) (Version: 1.10 – Nmap Project)

NVIDIA Graphics Driver 456.71 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 – NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.35 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 – NVIDIA Corporation)

Plex (HKLM-x32…Plex) (Version: 1.28.0 – Plex, Inc.)

Plex Media Server (HKLM-x32…{7ea28a32-d463-4bee-88af-6e203874dba6}) (Version: 1.22.1.4275 – Plex, Inc.)

Plex Media Server (HKLM-x32…{D21C3F10-8563-428C-9F84-D7D12435D46D}) (Version: 1.22.1275 – Plex, Inc.) Hidden

PowerToys (Preview) (HKLM…{28C1DE41-8926-479A-901C-A5C9E2CE469B}) (Version: 0.35.0 – Microsoft Corporation)

Product Improvement Study for HP Deskjet 2540 series (HKLM…{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 – Hewlett-Packard Co.)

PuTTY release 0.74 (64-bit) (HKLM…{127B996B-5308-4012-865B-9446451EA326}) (Version: 0.74.0.0 – Simon Tatham)

Python 2.7.17 (64-bit) (HKLM…{9255D53C-6C21-4664-AAF3-6EAC50F867Da}) (Version: 2.7.17150 – Python Software Foundation)

qBittorrent 4.3.4.1 (HKLM-x32…qBittorrent) (Version: 4.3.4.1 – The qBittorrent project)

Recorder Devices for ShareX 0.12.10 (HKLM…Recorder Devices for ShareX_is1) (Version: 0.12.10 – )

ShareX (HKLM…82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.4.0 – ShareX Team)

Skype version 8.69 (HKLM-x32…Skype_is1) (Version: 8.69 – Skype Technologies S.A.)

Sonarr version 3.0 (HKLM-x32…{56C1065D-3523-4025-B76D-6F73F67F7F71}_is1) (Version: 3.0 – Team Sonarr)

Spotify (HKUS-1-5-21-3472972625-813258079-3912501916-1001…Spotify) (Version: 1.1.52.687.gf5565fe5 – Spotify AB)

Stopping Plex (HKLM-x32…{92C52277-DD8B-431D-AAF4-5967A23CB7B2}) (Version: 1.22.1275 – Plex, Inc.) Hidden

Subtitle Edit 3.5.9 (HKLM…SubtitleEdit_is1) (Version: 3.5.9.0 – Nikse)

Subtitle Speech Synchronizer (HKLM…{B4689409-FE7C-46F2-B8A7-9F4A26906056}) (Version: 0.16.0 – sc0ty)

Tailscale (HKLM-x32…Tailscale IPN) (Version: 1.0.4 – Tailscale Inc.)

UPSmart version 1.3 (HKLM-x32…UPSmart_is1) (Version: 1.3 – Guangdong IDBK software technology Inc)

VdhCoApp 1.6.0 (HKLM…weh-iss-net.downloadhelper.coapp_is1) (Version:  – DownloadHelper)

Videostream (HKUS-1-5-21-3472972625-813258079-3912501916-1001…Videostream) (Version: 0.4.0 – Videostream)

VLC media player (HKLM…VLC media player) (Version: 3.0.12 – VideoLAN)

WinDirStat 1.1.2 (HKUS-1-5-21-3472972625-813258079-3912501916-1001…WinDirStat) (Version:  – )

WinSCP 5.17.10 (HKLM-x32…winscp3_is1) (Version: 5.17.10 – Martin Prikryl)

Wireshark 3.4.4 64-bit (HKLM-x32…Wireshark) (Version: 3.4.4 – The Wireshark developer community, hxxps://www.wireshark.org)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-3472972625-813258079-3912501916-1001_ClassesCLSID{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}InprocServer32 -> C:UsersonextAppDataLocalGoogleUpdate1.3.35.442psuser_64.dll => No File

CustomCLSID: HKUS-1-5-21-3472972625-813258079-3912501916-1001_ClassesCLSID{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}InprocServer32 -> C:UsersonextAppDataLocalGoogleUpdate1.3.35.422psuser_64.dll => No File

CustomCLSID: HKUS-1-5-21-3472972625-813258079-3912501916-1001_ClassesCLSID{84EB3779-151B-4C71-AEF0-A0FEE9481401}InprocServer32 -> C:UsersonextAppDataLocalGoogleUpdate1.3.35.342psuser_64.dll => No File

CustomCLSID: HKUS-1-5-21-3472972625-813258079-3912501916-1001_ClassesCLSID{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}InprocServer32 -> C:UsersonextAppDataLocalGoogleUpdate1.3.34.11psuser_64.dll => No File

CustomCLSID: HKUS-1-5-21-3472972625-813258079-3912501916-1001_ClassesCLSID{EF076C91-DC9E-43E3-84ED-3D219E065A4F}InprocServer32 -> C:UsersonextAppDataLocalGoogleUpdate1.3.35.302psuser_64.dll => No File

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:Program FilesGoogleDrivegoogledrivesync64.dll [2021-03-12] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:Program FilesGoogleDrivegoogledrivesync64.dll [2021-03-12] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:Program FilesGoogleDrivegoogledrivesync64.dll [2021-03-12] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ShellIconOverlayIdentifiers: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ShellIconOverlayIdentifiers-x32: [IconOverlayJunction] -> {0A479751-02BC-11d3-A855-0004AC2568FF} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:Program FilesNotepad++NppShell_06.dll [2021-03-22] (Notepad++ -> )

ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:Program FilesESETESET SecurityshellExt.dll [2020-11-04] (ESET, spol. s r.o. -> ESET)

ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:Program FilesGoogleDrivecontextmenu64.dll [2021-03-12] (Google LLC -> Google)

ContextMenuHandlers1: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:Program FilesESETESET SecurityshellExt.dll [2020-11-04] (ESET, spol. s r.o. -> ESET)

ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-22] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:Program FilesPowerToysmodulesPowerRenamePowerRenameExt.dll [2021-03-31] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File

ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:Program FilesGoogleDrivecontextmenu64.dll [2021-03-12] (Google LLC -> Google)

ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:UsersonextAppDataLocalMEGAsyncShellExtX64.dll [2021-03-01] (Mega Limited -> )

ContextMenuHandlers5: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WINDOWSsystem32nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File

ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:Program FilesESETESET SecurityshellExt.dll [2020-11-04] (ESET, spol. s r.o. -> ESET)

ContextMenuHandlers6: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:Program FilesLinkShellExtensionHardlinkShellExt.dll [2019-07-26] (Hermann Schinagl -> Hermann Schinagl) [File not signed]

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2020-05-22] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers1_S-1-5-21-3472972625-813258079-3912501916-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

ContextMenuHandlers4_S-1-5-21-3472972625-813258079-3912501916-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

ContextMenuHandlers5_S-1-5-21-3472972625-813258079-3912501916-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

==================== Loaded Modules (Whitelisted) =============

 

2020-09-15 23:31 – 2020-09-15 23:31 – 000355840 _____ () [File not signed] [File is in use] C:Program FilesPowerToysmoduleslauncherMono.Cecil.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000205824 _____ () [File not signed] [File is in use] C:ProgramDataJackettYamlDotNet.dll

2021-04-07 11:19 – 2021-04-07 11:19 – 001278976 _____ () [File not signed] [File is in use] C:UsersonextAppDataLocalDeepLapp-2.3.1x64CefSharp.BrowserSubprocess.Core.dll

2021-04-07 11:19 – 2021-04-07 11:19 – 001957888 _____ () [File not signed] [File is in use] C:UsersonextAppDataLocalDeepLapp-2.3.1x64CefSharp.Core.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 000629760 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86aac_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 000336896 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86ac3_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 000608256 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86dca_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 001559040 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86h264_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 000818688 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86hevc_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 001800704 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86libx264_encoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 000579072 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86mp2_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 000579072 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86mp3_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 001268224 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86mpeg4_decoder.dll

2021-03-25 22:11 – 2021-03-25 22:11 – 001718784 _____ () [File not signed] \?C:UsersonextAppDataLocalPlex Media ServerCodecs73e06c8-3759-windows-x86vp9_decoder.dll

2020-10-24 22:25 – 2019-12-25 15:34 – 000143872 _____ () [File not signed] C:BazarrWinPythonpython-3.8.0libsite-packageslxml_elementpath.cp38-win32.pyd

2020-10-24 22:25 – 2019-12-25 15:34 – 003564032 _____ () [File not signed] C:BazarrWinPythonpython-3.8.0libsite-packageslxmletree.cp38-win32.pyd

2021-01-30 13:46 – 2020-07-09 12:37 – 001332736 _____ () [File not signed] c:nginxphplibsqlite3.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000281600 _____ () [File not signed] c:nginxphplibssh2.dll

2019-07-23 15:03 – 2013-01-25 14:12 – 000043008 _____ () [File not signed] C:Program Files (x86)IDBKUPSmartlibgcc_s_dw2-1.dll

2019-07-23 15:03 – 2013-01-25 14:12 – 000011362 _____ () [File not signed] C:Program Files (x86)IDBKUPSmartmingwm10.dll

2021-02-18 21:00 – 2021-02-12 22:46 – 002552320 _____ () [File not signed] C:Program Files (x86)MicrosoftSkype for Desktopffmpeg.dll

2021-02-18 21:00 – 2021-02-12 22:46 – 000367104 _____ () [File not signed] C:Program Files (x86)MicrosoftSkype for Desktoplibegl.dll

2021-02-18 21:00 – 2021-02-12 22:46 – 006631936 _____ () [File not signed] C:Program Files (x86)MicrosoftSkype for Desktoplibglesv2.dll

2019-10-19 22:02 – 2019-10-19 22:02 – 000122368 _____ () [File not signed] C:Python27DLLs_ctypes.pyd

2019-10-19 22:02 – 2019-10-19 22:02 – 000186880 _____ () [File not signed] C:Python27DLLs_elementtree.pyd

2019-10-19 22:07 – 2019-10-19 22:07 – 001654784 _____ () [File not signed] C:Python27DLLs_hashlib.pyd

2019-10-19 22:02 – 2019-10-19 22:02 – 000034816 _____ () [File not signed] C:Python27DLLs_multiprocessing.pyd

2019-10-19 22:06 – 2019-10-19 22:06 – 000051200 _____ () [File not signed] C:Python27DLLs_socket.pyd

2019-10-19 22:03 – 2019-10-19 22:03 – 000064000 _____ () [File not signed] C:Python27DLLs_sqlite3.pyd

2019-10-19 22:07 – 2019-10-19 22:07 – 002120704 _____ () [File not signed] C:Python27DLLs_ssl.pyd

2019-10-19 22:03 – 2019-10-19 22:03 – 000092672 _____ () [File not signed] C:Python27DLLsbz2.pyd

2019-10-19 22:02 – 2019-10-19 22:02 – 000185344 _____ () [File not signed] C:Python27DLLspyexpat.pyd

2019-10-19 22:02 – 2019-10-19 22:02 – 000011776 _____ () [File not signed] C:Python27DLLsselect.pyd

2019-10-19 22:03 – 2019-10-19 22:03 – 000926208 _____ () [File not signed] C:Python27DLLssqlite3.dll

2019-10-19 22:02 – 2019-10-19 22:02 – 000692224 _____ () [File not signed] C:Python27DLLsunicodedata.pyd

2018-12-27 21:59 – 2018-12-27 21:59 – 000549888 _____ () [File not signed] C:Python27libsite-packagespywin32_system32pythoncom27.dll

2018-12-27 21:59 – 2018-12-27 21:59 – 000138752 _____ () [File not signed] C:Python27libsite-packagespywin32_system32pywintypes27.dll

2018-12-27 21:59 – 2018-12-27 21:59 – 000008192 _____ () [File not signed] C:Python27libsite-packageswin32_win32sysloader.pyd

2018-12-27 21:59 – 2018-12-27 21:59 – 000130560 _____ () [File not signed] C:Python27libsite-packageswin32win32api.pyd

2018-12-27 21:59 – 2018-12-27 21:59 – 000023040 _____ () [File not signed] C:Python27libsite-packageswin32win32event.pyd

2018-12-27 21:59 – 2018-12-27 21:59 – 000053760 _____ () [File not signed] C:Python27libsite-packageswin32win32service.pyd

2021-04-07 11:19 – 2021-04-07 11:19 – 137093632 _____ () [File not signed] C:UsersonextAppDataLocalDeepLapp-2.3.1x64libcef.dll

2021-04-07 11:19 – 2021-04-07 11:19 – 000396800 _____ () [File not signed] C:UsersonextAppDataLocalDeepLapp-2.3.1x64libegl.dll

2021-04-07 11:19 – 2021-04-07 11:19 – 006338560 _____ () [File not signed] C:UsersonextAppDataLocalDeepLapp-2.3.1x64libglesv2.dll

2020-10-15 12:40 – 2020-10-15 12:40 – 013053440 _____ () [File not signed] C:UsersonextAppDataLocalMEGAsyncavcodec-58.dll

2020-10-15 12:40 – 2020-10-15 12:40 – 002290176 _____ () [File not signed] C:UsersonextAppDataLocalMEGAsyncavformat-58.dll

2020-10-15 12:40 – 2020-10-15 12:40 – 000521728 _____ () [File not signed] C:UsersonextAppDataLocalMEGAsyncavutil-56.dll

2019-05-14 03:06 – 2020-10-15 12:40 – 000065024 _____ () [File not signed] C:UsersonextAppDataLocalMEGAsynccares.dll

2020-10-15 12:40 – 2020-10-15 12:40 – 000145408 _____ () [File not signed] C:UsersonextAppDataLocalMEGAsyncswresample-3.dll

2020-10-15 12:40 – 2020-10-15 12:40 – 000570880 _____ () [File not signed] C:UsersonextAppDataLocalMEGAsyncswscale-5.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 000114176 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_ctypes.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000172544 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_elementtree.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 002255872 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_hashlib.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000032256 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_multiprocessing.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000046080 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_psutil_windows.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000047616 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_socket.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 002824704 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_ssl.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000026112 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722_yappi.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000080896 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722bz2.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000015872 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722common.time34.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000007680 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722hashobjs_ext.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000301568 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722PIL._imaging.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000168448 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722pyexpat.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 001084416 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722pysqlite2._sqlite.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000548864 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722pythoncom27.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 000137728 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722pywintypes27.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 000010752 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722select.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000020992 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722thumbnails_ext.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000689664 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722unicodedata.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000119808 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722usb_ext.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000128512 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32api.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000438784 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32com.shell.shell.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000011776 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32crypt.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000023040 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32event.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000149504 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32file.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000223232 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32gui.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000048128 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32inet.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000029696 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32pdh.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000027648 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32pipe.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000044032 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32process.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000020480 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32profile.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000136192 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32security.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000026624 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722win32ts.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000034304 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722windows.conditional.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000037888 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722windows.connectivity.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000071680 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722windows.device_monitor.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000103936 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722windows.volumes.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000019968 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722windows.winwrap.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 001325056 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wx._controls_.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 001489408 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wx._core_.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 001007104 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wx._gdi_.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000103424 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wx._html2.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 000916992 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wx._misc_.pyd

2021-04-07 13:31 – 2021-04-07 13:31 – 001039872 _____ () [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wx._windows_.pyd

2021-02-06 00:42 – 2021-02-06 00:41 – 000008704 _____ (Andreas Håkansson, Steven Robbins and contributors) [File not signed] [File is in use] C:ProgramDataRadarrbinNancy.Authentication.Basic.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000013824 _____ (Andreas Håkansson, Steven Robbins and contributors) [File not signed] [File is in use] C:ProgramDataRadarrbinNancy.Authentication.Forms.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000919552 _____ (Andreas Håkansson, Steven Robbins and contributors) [File not signed] [File is in use] C:ProgramDataRadarrbinNancy.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000829440 _____ (AngleSharp) [File not signed] [File is in use] C:ProgramDataJackettAngleSharp.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000251904 _____ (Autofac) [File not signed] [File is in use] C:ProgramDataJackettAutofac.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000015872 _____ (Autofac) [File not signed] [File is in use] C:ProgramDataJackettAutofac.Extensions.DependencyInjection.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000014336 _____ (DateTimeRoutines) [File not signed] [File is in use] C:ProgramDataJackettDateTimeRoutines.dll

2020-12-14 10:38 – 2021-04-07 04:21 – 000018432 _____ (Diego Heras (ngosang)) [File not signed] [File is in use] C:ProgramDataJackettFlareSolverrSharp.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000091648 _____ (FluentMigrator Project) [File not signed] [File is in use] C:ProgramDataRadarrbinFluentMigrator.Abstractions.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000054272 _____ (FluentMigrator Project) [File not signed] [File is in use] C:ProgramDataRadarrbinFluentMigrator.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000114176 _____ (FluentMigrator Project) [File not signed] [File is in use] C:ProgramDataRadarrbinFluentMigrator.Runner.Core.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000067072 _____ (FluentMigrator Project) [File not signed] [File is in use] C:ProgramDataRadarrbinFluentMigrator.Runner.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000021504 _____ (FluentMigrator Project) [File not signed] [File is in use] C:ProgramDataRadarrbinFluentMigrator.Runner.SQLite.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000217088 _____ (gsscoder;nemec;ericnewton76;moh-hassan) [File not signed] [File is in use] C:ProgramDataJackettCommandLine.dll

2019-07-26 09:10 – 2019-07-26 09:10 – 000498096 _____ (Hermann Schinagl -> Hermann Schinagl) [File not signed] C:Program FilesLinkShellExtensionHardlinkShellExt.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000206336 _____ (hxxps://nghttp2.org/) [File not signed] c:nginxphpnghttp2.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 000351744 _____ (hxxps://system.data.sqlite.org/) [File not signed] [File is in use] C:ProgramDataRadarrbinSystem.Data.SQLite.dll

2021-02-18 21:00 – 2019-02-21 19:00 – 000078336 _____ (Igor Pavlov) [File not signed] C:Program Files7-Zip7-zip.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 001243136 _____ (Jackett.Common) [File not signed] [File is in use] C:ProgramDataJackettJackett.Common.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000393728 _____ (JackettConsole) [File not signed] [File is in use] C:ProgramDataJackettJackettConsole.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000312832 _____ (JackettService) [File not signed] [File is in use] C:ProgramDataJackettJackettService.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000934400 _____ (JackettTray) [File not signed] [File is in use] C:ProgramDataJackettJackettTray.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000339456 _____ (Jeremy Skinner) [File not signed] [File is in use] C:ProgramDataRadarrbinFluentValidation.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000297472 _____ (Jimmy Bogard) [File not signed] [File is in use] C:ProgramDataJackettAutoMapper.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000080384 _____ (Kveer) [File not signed] [File is in use] C:ProgramDataRadarrbinKveer.XmlRPC.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000010752 _____ (Landon Key) [File not signed] [File is in use] C:ProgramDataJackettSocksWebProxy.dll

2021-03-31 19:59 – 2021-03-31 19:59 – 000006656 _____ (Microsoft Corporation) [File not signed] [File is in use] C:Program FilesPowerToysmoduleslauncherManagedTelemetry.dll

2021-03-31 20:00 – 2021-03-31 20:00 – 000016896 _____ (Microsoft.PowerToys.Run.Plugin.Calculator) [File not signed] C:Program FilesPowerToysmoduleslauncherPluginsCalculatorMicrosoft.PowerToys.Run.Plugin.Calculator.dll

2021-01-06 17:55 – 2021-01-06 17:55 – 000902144 _____ (ModernWpf) [File not signed] [File is in use] C:Program FilesPowerToysmoduleslauncherModernWpf.dll

2020-08-22 10:31 – 2020-08-22 10:31 – 000817152 _____ (NLog) [File not signed] [File is in use] C:Program FilesPowerToysmoduleslauncherNLog.dll

2020-08-27 20:03 – 2020-08-27 20:03 – 000046080 _____ (NLog) [File not signed] [File is in use] C:Program FilesPowerToysmoduleslauncherNLog.Extensions.Logging.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000817152 _____ (NLog) [File not signed] [File is in use] C:ProgramDataJackettNLog.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000046080 _____ (NLog) [File not signed] [File is in use] C:ProgramDataJackettNLog.Extensions.Logging.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000046592 _____ (NLog) [File not signed] [File is in use] C:ProgramDataJackettNLog.Web.AspNetCore.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000803328 _____ (NLog) [File not signed] [File is in use] C:ProgramDataRadarrbinNLog.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000045056 _____ (NLog) [File not signed] [File is in use] C:ProgramDataRadarrbinNLog.Extensions.Logging.dll

2019-07-23 15:03 – 2013-06-26 17:42 – 000083456 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:Program Files (x86)IDBKUPSmartimageformatsqgif4.dll

2019-07-23 15:03 – 2013-01-25 14:28 – 002847232 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:Program Files (x86)IDBKUPSmartQtCore4.dll

2019-07-23 15:03 – 2013-01-25 14:27 – 010137600 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:Program Files (x86)IDBKUPSmartQtGui4.dll

2019-07-23 15:03 – 2013-01-25 14:27 – 001290752 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:Program Files (x86)IDBKUPSmartQtNetwork4.dll

2019-07-23 15:03 – 2013-01-25 14:27 – 000275456 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:Program Files (x86)IDBKUPSmartQtSql4.dll

2019-07-23 15:03 – 2013-06-26 17:43 – 000373760 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:Program Files (x86)IDBKUPSmartQtSvg4.dll

2019-07-23 15:03 – 2012-10-12 08:31 – 000527360 _____ (Nokia Corporation and/or its subsidiary(-ies)) [File not signed] C:Program Files (x86)IDBKUPSmartsqldriversqsqlite4.dll

2020-05-31 10:02 – 2021-04-07 04:21 – 000028672 _____ (Org.Mentalis) [File not signed] [File is in use] C:ProgramDataJackettOrg.Mentalis.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 003043328 _____ (Python Software Foundation) [File not signed] C:UsersonextAppDataLocalTemp_MEI132722python27.dll

2019-10-19 22:02 – 2019-10-19 22:02 – 003429376 _____ (Python Software Foundation) [File not signed] C:WINDOWSSYSTEM32python27.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000192000 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.Api.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000261120 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.Api.V3.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000271360 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.Common.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 001822720 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.Core.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000426496 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000033280 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.Host.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 000090624 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.Http.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 000009216 _____ (radarr.video) [File not signed] [File is in use] C:ProgramDataRadarrbinRadarr.SignalR.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 000010240 _____ (radarr.video) [File not signed] C:ProgramDataRadarrbinRadarr.Windows.dll

2021-02-06 00:42 – 2021-02-06 00:41 – 000190464 _____ (Sam Saffron;Marc Gravell;Nick Craver) [File not signed] [File is in use] C:ProgramDataRadarrbinDapper.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 000011264 _____ (Sentry Team and Contributors) [File not signed] [File is in use] C:ProgramDataRadarrbinSentry.PlatformAbstractions.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 000088576 _____ (Sentry.io) [File not signed] [File is in use] C:ProgramDataRadarrbinSentry.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 000051200 _____ (Sentry.io) [File not signed] [File is in use] C:ProgramDataRadarrbinSentry.Protocol.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 001148928 _____ (Six Labors) [File not signed] [File is in use] C:ProgramDataRadarrbinSixLabors.ImageSharp.dll

2020-12-11 13:52 – 2021-02-06 00:41 – 001947136 _____ (SQLite Development Team) [File not signed] C:ProgramDataRadarrbinsqlite3.DLL

2020-10-25 13:33 – 2020-10-24 15:55 – 000665719 _____ (SQLite Development Team) [File not signed] C:ProgramDataSonarrbinsqlite3.DLL

2020-10-12 22:38 – 2020-10-12 22:38 – 000052224 _____ (Tatham Oddie & friends) [File not signed] [File is in use] C:Program FilesPowerToysmoduleslauncherSystem.IO.Abstractions.dll

2021-04-07 11:19 – 2021-04-07 11:19 – 001010176 _____ (The Chromium Authors) [File not signed] C:UsersonextAppDataLocalDeepLapp-2.3.1x64chrome_elf.dll

2019-05-14 03:06 – 2020-10-15 12:40 – 000295936 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:UsersonextAppDataLocalMEGAsynclibcurl.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 003439616 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] c:nginxphplibcrypto-1_1-x64.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000682496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] c:nginxphplibssl-1_1-x64.dll

2020-10-15 12:40 – 2020-10-15 12:40 – 002444288 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:UsersonextAppDataLocalMEGAsynclibcrypto-1_1.dll

2020-10-15 12:40 – 2020-10-15 12:40 – 000504320 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:UsersonextAppDataLocalMEGAsynclibssl-1_1.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000551936 _____ (The PHP Group) [File not signed] c:nginxphpextphp_curl.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000127488 _____ (The PHP Group) [File not signed] c:nginxphpextphp_openssl.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000028672 _____ (The PHP Group) [File not signed] c:nginxphpextphp_pdo_sqlite.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000045056 _____ (The PHP Group) [File not signed] c:nginxphpextphp_sqlite3.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 000082944 _____ (The PHP Group) [File not signed] c:nginxphpextphp_xmlrpc.dll

2021-01-30 13:46 – 2020-07-09 12:36 – 009360384 _____ (The PHP Group) [File not signed] c:nginxphpphp7.dll

2019-05-14 03:06 – 2020-10-15 12:39 – 005118072 _____ (The Qt Company Oy -> The Qt Company Ltd.) [File not signed] C:UsersonextAppDataLocalMEGAsyncQt5Core.dll

2020-11-13 18:59 – 2019-05-13 17:40 – 000105528 _____ (Un4seen Developments) [File not signed] C:UsersonextAppDataRoamingMicrosoftWindowsStart MenuProgramsMonkeymattBig Stretchbass.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 000202240 _____ (wxWidgets development team) [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wxbase30u_net_vc90_x64.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 002831872 _____ (wxWidgets development team) [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wxbase30u_vc90_x64.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 001654784 _____ (wxWidgets development team) [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wxmsw30u_adv_vc90_x64.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 006542336 _____ (wxWidgets development team) [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wxmsw30u_core_vc90_x64.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 000773632 _____ (wxWidgets development team) [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wxmsw30u_html_vc90_x64.dll

2021-04-07 13:31 – 2021-04-07 13:31 – 000137216 _____ (wxWidgets development team) [File not signed] C:UsersonextAppDataLocalTemp_MEI132722wxmsw30u_webview_vc90_x64.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:ProgramDataTEMP:4FC01C57 [146]

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimal95336843.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetwork95336843.sys => “”=”Driver”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Search Page = 

HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = 

HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = 

HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = 

HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerMain,Local Page = 

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-07-23 21:43 – 2020-09-16 18:00 – 000000823 _____ C:WINDOWSsystem32driversetchosts

127.0.0.1       localhost

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-3472972625-813258079-3912501916-1001Control PanelDesktop\Wallpaper -> C:UsersonextAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper

HKUS-1-5-21-3472972625-813258079-3912501916-1004Control PanelDesktop\Wallpaper -> C:WINDOWSwebwallpaperWindowsimg0.jpg

HKUS-1-5-21-3472972625-813258079-3912501916-1005Control PanelDesktop\Wallpaper -> C:WINDOWSwebwallpaperWindowsimg0.jpg

HKUS-1-5-21-3472972625-813258079-3912501916-1015Control PanelDesktop\Wallpaper -> C:WindowsWebWallpaperWindowsimg0.jpg

DNS Servers: 1.1.1.1 – 8.8.4.4

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

Network Binding:

=============

Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

Ethernet 2: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 

Tailscale: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

Tailscale: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 

Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled) 

Ethernet: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled) 

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM…StartupApprovedRun: => “Everything”

HKUS-1-5-21-3472972625-813258079-3912501916-1001…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-3472972625-813258079-3912501916-1001…StartupApprovedRun: => “NordVPN”

HKUS-1-5-21-3472972625-813258079-3912501916-1001…StartupApprovedRun: => “Opera Browser Assistant”

HKUS-1-5-21-3472972625-813258079-3912501916-1001…StartupApprovedRun: => “electron.app.Fing”

HKUS-1-5-21-3472972625-813258079-3912501916-1001…StartupApprovedRun: => “XperiaCompanionAgent”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{065DDA7F-F737-4E00-AC5F-E3BDAD757ED4}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication85.0.564.30msedgewebview2.exe => No File

FirewallRules: [{0BCE820D-8FD3-4796-82DB-10EC52F075D5}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication85.0.564.23msedgewebview2.exe => No File

FirewallRules: [{997748C8-7803-46CF-809D-C9F5540A76A6}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication85.0.564.18msedgewebview2.exe => No File

FirewallRules: [{F64339A3-913C-4AD8-A535-14D953A62A12}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.44msedgewebview2.exe => No File

FirewallRules: [UDP Query User{83DF18D2-9A64-419B-923D-D4F205FEB393}C:program filesplexplexplex.exe] => (Allow) C:program filesplexplexplex.exe (Plex, Inc. -> )

FirewallRules: [TCP Query User{12D07BB1-A8FF-4E5B-9B87-D375B288473A}C:program filesplexplexplex.exe] => (Allow) C:program filesplexplexplex.exe (Plex, Inc. -> )

FirewallRules: [{7A2F320A-4F1E-4227-BB5B-5B628E405DD3}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.39msedgewebview2.exe => No File

FirewallRules: [UDP Query User{54D41B6B-8D0F-4A61-810A-1D349431DA62}C:usersonextappdatalocalprogramsopera69.0.3686.57opera.exe] => (Block) C:usersonextappdatalocalprogramsopera69.0.3686.57opera.exe => No File

FirewallRules: [TCP Query User{312277D8-5CF5-40D3-82EE-16CB341033CC}C:usersonextappdatalocalprogramsopera69.0.3686.57opera.exe] => (Block) C:usersonextappdatalocalprogramsopera69.0.3686.57opera.exe => No File

FirewallRules: [{478FFD90-9AE5-4273-993D-79CE8D5EAE24}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.35msedgewebview2.exe => No File

FirewallRules: [{EED98BD1-37A0-4D1D-9BDF-0AE4B525C422}] => (Allow) C:UsersonextAppDataLocalVideostreamapp-0.4.0videostream-nativevideostream-native.exe (RouteThis Inc. -> )

FirewallRules: [{03A0E0AE-10CD-4577-9C1B-C0C06FE6CD5A}] => (Allow) C:UsersonextAppDataLocalVideostreamapp-0.4.0videostream-nativevideostream-native.exe (RouteThis Inc. -> )

FirewallRules: [{DA7A5C45-3060-4B30-8285-276AE97D8FF8}] => (Allow) LPort=5557

FirewallRules: [UDP Query User{E747980A-ACF0-42E6-85CD-D4CD5467AC32}C:python27pythonw.exe] => (Allow) C:python27pythonw.exe () [File not signed]

FirewallRules: [TCP Query User{16A55D6B-B2A5-41BC-BC82-85618B1DEB7E}C:python27pythonw.exe] => (Allow) C:python27pythonw.exe () [File not signed]

FirewallRules: [{9BB70852-07D3-4F78-9AAB-24A8A2595FCE}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.28msedgewebview2.exe => No File

FirewallRules: [{A96AD36E-3181-42A2-B00E-2F2441AA413F}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.26msedgewebview2.exe => No File

FirewallRules: [{1EC2A5AF-FD2B-46D3-843A-9FA9A05BEE1E}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.20msedgewebview2.exe => No File

FirewallRules: [UDP Query User{E4DD60E5-0226-4D75-95B3-2D34CC81D1B9}C:usersonextdocumentstools and stuff from desktopiperf-3.1.3-win64iperf3.exe] => (Allow) C:usersonextdocumentstools and stuff from desktopiperf-3.1.3-win64iperf3.exe => No File

FirewallRules: [TCP Query User{85D0D404-E65B-4C34-9030-5FCF044B9326}C:usersonextdocumentstools and stuff from desktopiperf-3.1.3-win64iperf3.exe] => (Allow) C:usersonextdocumentstools and stuff from desktopiperf-3.1.3-win64iperf3.exe => No File

FirewallRules: [{D477C6AB-96DE-426D-94F2-8959CDEDD875}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.15msedgewebview2.exe => No File

FirewallRules: [UDP Query User{6C8292B8-7011-4FA2-8102-489E6C20176B}C:usersonextappdatalocalprogramsopera68.0.3618.125opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera68.0.3618.125opera.exe => No File

FirewallRules: [TCP Query User{01004463-FBE8-4F79-B351-AB3FD705D873}C:usersonextappdatalocalprogramsopera68.0.3618.125opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera68.0.3618.125opera.exe => No File

FirewallRules: [{854440E8-5A99-4266-B094-74431624468C}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication84.0.522.11msedgewebview2.exe => No File

FirewallRules: [{06312A7C-8402-4537-A4A9-B64A69B42016}] => (Allow) LPort=7879

FirewallRules: [UDP Query User{4FDE8100-2280-4118-8FF0-B0A1644237F7}C:usersonextappdatalocalprogramsopera68.0.3618.104opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera68.0.3618.104opera.exe => No File

FirewallRules: [TCP Query User{D6D81303-3EA8-4A0F-A448-6ADF8F5491E2}C:usersonextappdatalocalprogramsopera68.0.3618.104opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera68.0.3618.104opera.exe => No File

FirewallRules: [UDP Query User{641706B8-0BD2-4D22-87BA-0F692C30A0B4}C:usersonextappdatalocalprogramsopera67.0.3575.53opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera67.0.3575.53opera.exe => No File

FirewallRules: [TCP Query User{C4E13F89-B4AD-4EEA-89DF-2BB64A673033}C:usersonextappdatalocalprogramsopera67.0.3575.53opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera67.0.3575.53opera.exe => No File

FirewallRules: [UDP Query User{DC3AA98A-9452-41DB-8F6D-CC5E347456F2}C:usersonextappdatalocalprogramsopera66.0.3515.115opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera66.0.3515.115opera.exe => No File

FirewallRules: [TCP Query User{9CCFD6E6-B221-4CFA-9A9A-5B763206F22C}C:usersonextappdatalocalprogramsopera66.0.3515.115opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera66.0.3515.115opera.exe => No File

FirewallRules: [UDP Query User{824081C1-6A76-449A-B823-A0225E4C7D36}C:usersonextappdatalocalprogramsopera66.0.3515.44opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera66.0.3515.44opera.exe => No File

FirewallRules: [TCP Query User{46B7B2C6-1F7C-4399-A147-5A73241AD6D2}C:usersonextappdatalocalprogramsopera66.0.3515.44opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera66.0.3515.44opera.exe => No File

FirewallRules: [UDP Query User{CAA2DC5F-DCE2-41CF-9F34-EBE9CE504489}C:usersonextappdatalocalprogramsopera64.0.3417.92opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera64.0.3417.92opera.exe => No File

FirewallRules: [TCP Query User{ACAFA798-B046-48CF-B28B-6E960CBC0B14}C:usersonextappdatalocalprogramsopera64.0.3417.92opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera64.0.3417.92opera.exe => No File

FirewallRules: [UDP Query User{BC9513AA-FE70-4B48-81AD-51344DFE2C9C}C:usersonextappdatalocalprogramsopera63.0.3368.107opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera63.0.3368.107opera.exe => No File

FirewallRules: [TCP Query User{2E09045C-DFDE-4075-AC42-C1BA3B07B026}C:usersonextappdatalocalprogramsopera63.0.3368.107opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera63.0.3368.107opera.exe => No File

FirewallRules: [UDP Query User{CC33EEC9-C5C4-43B2-B97A-FA3E2727D06B}C:usersonextappdatalocalprogramsopera63.0.3368.94opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera63.0.3368.94opera.exe => No File

FirewallRules: [TCP Query User{EEAA888E-CAD2-4B67-B34E-DE17D53ECDB4}C:usersonextappdatalocalprogramsopera63.0.3368.94opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera63.0.3368.94opera.exe => No File

FirewallRules: [UDP Query User{C0D58161-6D27-4589-A1A5-8B51A4226D6D}C:usersonextdesktopvlc-3.0.9vlc.exe] => (Allow) C:usersonextdesktopvlc-3.0.9vlc.exe => No File

FirewallRules: [TCP Query User{70DB9882-D1F8-45A2-9375-A5D8D295DFAA}C:usersonextdesktopvlc-3.0.9vlc.exe] => (Allow) C:usersonextdesktopvlc-3.0.9vlc.exe => No File

FirewallRules: [{C7CFB5CF-8884-459E-B007-1BB691100171}] => (Allow) LPort=5558

FirewallRules: [{A9EEBC29-50BF-48C5-A28C-8A4F605D0991}] => (Allow) LPort=5556

FirewallRules: [{6A3F5E98-7A6D-41A8-AF6A-65D3D5AFAB50}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{AEDFF0ED-32FB-4C32-AF76-FBCFF026B785}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{E6E49AF1-F9B7-4C7D-AD40-EE794E8D80EA}] => (Allow) C:Program FilesAirflowAirflow.transcoder.exe (InMethod s.r.o. -> )

FirewallRules: [{5300FFA0-F7FB-4D3E-82EF-5C174088935C}] => (Allow) C:Program FilesAirflowAirflow.transcoder.exe (InMethod s.r.o. -> )

FirewallRules: [{4C33DDB7-BD51-4AFE-8D9D-F3FD36AF01F9}] => (Allow) C:Program FilesAirflowAirflow.server.exe (InMethod s.r.o. -> )

FirewallRules: [{5A813932-E174-4E7A-B549-2FF1D36A740B}] => (Allow) C:Program FilesAirflowAirflow.server.exe (InMethod s.r.o. -> )

FirewallRules: [{062CDC6A-CB60-43C2-A36E-0551EC227217}] => (Allow) C:Program FilesAirflowAirflow.analyzer.exe (InMethod s.r.o. -> )

FirewallRules: [{1FBD9DF1-5629-4356-BDF3-115628F7830D}] => (Allow) C:Program FilesAirflowAirflow.analyzer.exe (InMethod s.r.o. -> )

FirewallRules: [{8C547565-4C2A-4C6D-BD4A-AD9D74EC2A5C}] => (Allow) C:Program FilesAirflowAirflow.exe (InMethod s.r.o. -> inMethod)

FirewallRules: [{0612FA0B-2624-4AC4-991F-72A2A883EDFA}] => (Allow) C:Program FilesAirflowAirflow.exe (InMethod s.r.o. -> inMethod)

FirewallRules: [UDP Query User{1C97891A-D08E-4E7B-AE23-3F15448FEE64}C:usersonextappdataroamingspotifyspotify.exe] => (Allow) C:usersonextappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [TCP Query User{EF07AA57-923D-4F66-9482-907B06F92649}C:usersonextappdataroamingspotifyspotify.exe] => (Allow) C:usersonextappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{83034492-8587-4FE6-AF05-039D43F93731}C:program filesplexplexplex.exe] => (Allow) C:program filesplexplexplex.exe (Plex, Inc. -> )

FirewallRules: [TCP Query User{7F11C4DE-622C-4307-AF4A-3E056CDE7A6E}C:program filesplexplexplex.exe] => (Allow) C:program filesplexplexplex.exe (Plex, Inc. -> )

FirewallRules: [UDP Query User{B4A63124-5C23-425E-B4F8-F1A52B3106D6}C:usersonextappdatalocalprogramsopera62.0.3331.116opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera62.0.3331.116opera.exe => No File

FirewallRules: [TCP Query User{66BE698E-7401-4EED-90DC-F08B3DBBC380}C:usersonextappdatalocalprogramsopera62.0.3331.116opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera62.0.3331.116opera.exe => No File

FirewallRules: [UDP Query User{9FBFE15F-1699-4E2A-B6CA-1E5E6A03C2BD}C:usersonextdesktopiperf-3.1.3-win64iperf3.exe] => (Allow) C:usersonextdesktopiperf-3.1.3-win64iperf3.exe => No File

FirewallRules: [TCP Query User{DCC940BF-4D92-494D-A60E-4F8014C5F1FA}C:usersonextdesktopiperf-3.1.3-win64iperf3.exe] => (Allow) C:usersonextdesktopiperf-3.1.3-win64iperf3.exe => No File

FirewallRules: [{137E8EDD-B8C8-4E34-AB4B-704E2A16165C}] => (Allow) C:Program FilesHPHP Deskjet 2540 seriesBinHPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)

FirewallRules: [{73407E93-344A-4BA9-8C8E-620DFDC732FC}] => (Allow) LPort=5357

FirewallRules: [{3E2DD5DF-1211-4C4D-B50D-2518713905AC}] => (Allow) C:Program FilesHPHP Deskjet 2540 seriesBinDeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)

FirewallRules: [UDP Query User{BF05DF54-AD82-4366-AABE-BAF261038F9A}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [TCP Query User{98A6CCB7-E139-4E5F-9A89-EF87BC6F5612}C:program filesvideolanvlcvlc.exe] => (Allow) C:program filesvideolanvlcvlc.exe (VideoLAN -> VideoLAN)

FirewallRules: [{2B10B491-6620-4281-8975-25D864842E62}] => (Allow) LPort=8989

FirewallRules: [{F59F2046-2B83-4DD4-ABF5-90F2C39F49E0}] => (Allow) LPort=7878

FirewallRules: [UDP Query User{472565CF-B863-4AA7-862B-146773B29F2D}C:usersonextappdatalocalprogramsopera62.0.3331.99opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera62.0.3331.99opera.exe => No File

FirewallRules: [TCP Query User{A28986AD-281A-4CD9-802C-CA2C7AFF128F}C:usersonextappdatalocalprogramsopera62.0.3331.99opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera62.0.3331.99opera.exe => No File

FirewallRules: [UDP Query User{91DA2DD4-FF39-45F6-932D-665443B8B0F6}C:usersonextappdataroamingsynctrayzorsyncthing.exe] => (Allow) C:usersonextappdataroamingsynctrayzorsyncthing.exe => No File

FirewallRules: [TCP Query User{61E628F4-A44A-4421-BC92-AADC3E152F52}C:usersonextappdataroamingsynctrayzorsyncthing.exe] => (Allow) C:usersonextappdataroamingsynctrayzorsyncthing.exe => No File

FirewallRules: [{CA7CE653-6D5C-4911-A17C-77C6C87C343F}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{B6760396-B3CE-47C8-B6AB-2D4C648D84C4}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{C1DBD1FB-3EDD-4A9B-8FE1-0695DC8FCD8E}] => (Allow) C:Program Files (x86)uTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)

FirewallRules: [{7628B115-D6D0-4ABC-8728-7E80FA39E6B6}] => (Allow) C:Program Files (x86)uTorrentuTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)

FirewallRules: [UDP Query User{89F816A8-AF18-4878-8E1C-CDA52035B73C}C:program filesqbittorrentqbittorrent.exe] => (Allow) C:program filesqbittorrentqbittorrent.exe () [File not signed]

FirewallRules: [TCP Query User{3D551DF2-15F7-4E40-84CA-40FC4127F19D}C:program filesqbittorrentqbittorrent.exe] => (Allow) C:program filesqbittorrentqbittorrent.exe () [File not signed]

FirewallRules: [UDP Query User{C54E0FFB-835E-4AAD-9409-A3C209E4105A}C:usersonextappdatalocalprogramsopera62.0.3331.72opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera62.0.3331.72opera.exe => No File

FirewallRules: [TCP Query User{A0751A22-F820-42A4-B15F-140A7A012DD7}C:usersonextappdatalocalprogramsopera62.0.3331.72opera.exe] => (Allow) C:usersonextappdatalocalprogramsopera62.0.3331.72opera.exe => No File

FirewallRules: [{1BA31192-4B9F-4808-99E1-ACB8AA2DE0AF}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication85.0.564.36msedgewebview2.exe => No File

FirewallRules: [{33BB468B-5E3B-4102-AA52-956FFC8475FB}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication85.0.564.40msedgewebview2.exe => No File

FirewallRules: [{59B20667-E4EB-490B-B946-65471B7E25C5}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication85.0.564.41msedgewebview2.exe => No File

FirewallRules: [{492A8A25-FBA9-47CA-A3A0-B1DEEF6E7E86}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication85.0.564.44msedgewebview2.exe => No File

FirewallRules: [{45181E0E-656F-454A-82F3-C09D6AF100AB}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.11msedgewebview2.exe => No File

FirewallRules: [{7B488C42-90B9-4679-A96A-F7F23071C923}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.15msedgewebview2.exe => No File

FirewallRules: [{48286C03-1CBD-405A-8490-E43643468338}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.19msedgewebview2.exe => No File

FirewallRules: [{6FA0A169-9A50-46CB-8298-E1F7A2D6A0D9}] => (Allow) C:ombiOmbi.exe => No File

FirewallRules: [{AEA8498C-85BB-4216-A384-C994CDECCF98}] => (Allow) C:ombiOmbi.exe => No File

FirewallRules: [{DD91BDC0-2229-4AE6-932D-9F7168D4A6EF}] => (Allow) C:ombiOmbi.exe => No File

FirewallRules: [{A87D23F7-D2B9-4D76-85FF-7C4472F536E2}] => (Allow) C:ombiOmbi.exe => No File

FirewallRules: [{312957CC-EE53-40FC-94EF-E68BABB4A545}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.28msedgewebview2.exe => No File

FirewallRules: [{1862D562-1906-4FF8-962F-C544CAF5883C}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.31msedgewebview2.exe => No File

FirewallRules: [{4F38F292-905C-4582-A559-B92C2682E750}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.36msedgewebview2.exe => No File

FirewallRules: [{39422BDF-FE1E-4345-A1B5-CD4A9F6E564D}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.38msedgewebview2.exe => No File

FirewallRules: [{FFAAC026-3312-4AE0-8BBF-A2460314B443}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication86.0.622.43msedgewebview2.exe => No File

FirewallRules: [{8DD32E6F-A902-435A-B977-5846226BC3D2}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.12msedgewebview2.exe => No File

FirewallRules: [{7E73CFD8-0D8C-43E4-B8B3-AB8BC62398F8}] => (Allow) C:BazarrWinPythonpython-3.8.0python.exe (Python Software Foundation -> Python Software Foundation)

FirewallRules: [{3A8BBD8E-04FD-404B-8845-81E5CC08F0AD}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.24msedgewebview2.exe => No File

FirewallRules: [{31204EBE-BCA5-4E3A-9222-2DDBA2AA093A}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.30msedgewebview2.exe => No File

FirewallRules: [{56CA65CE-A249-4962-A73B-2F35DD63E743}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.36msedgewebview2.exe => No File

FirewallRules: [{B242F84C-65CD-48CF-9873-AC36FD31052A}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.40msedgewebview2.exe => No File

FirewallRules: [{AC16255C-C725-452F-B894-34F8BE876C55}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.41msedgewebview2.exe => No File

FirewallRules: [{955B52F8-9587-4438-8E56-130540306FA6}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.47msedgewebview2.exe => No File

FirewallRules: [{CF572304-FD82-47F1-BA79-23BE5AA1D5E2}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.52msedgewebview2.exe => No File

FirewallRules: [{65F5A246-678E-41BB-B295-89F016B643D1}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.55msedgewebview2.exe => No File

FirewallRules: [{D7401357-390F-4E6B-B5FA-D8EC71CA1CDF}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication87.0.664.57msedgewebview2.exe => No File

FirewallRules: [{B04D9769-80DD-4BD5-BD09-3522986B6B4A}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication88.0.705.18msedgewebview2.exe => No File

FirewallRules: [{EEFB1BE0-D494-44F5-BD1E-C98259FC90CB}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication88.0.705.22msedgewebview2.exe => No File

FirewallRules: [{175BCFFA-28C0-4196-AC01-4AC894179FFA}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication88.0.705.29msedgewebview2.exe => No File

FirewallRules: [{A8623C5D-0760-4E8D-B74C-9204254BB63A}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication88.0.705.41msedgewebview2.exe => No File

FirewallRules: [{57C3BB10-6F31-405D-81F8-5EE7712570E4}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication88.0.705.45msedgewebview2.exe => No File

FirewallRules: [{8EEAC7C9-49AA-4125-8A1A-F994A6E965C6}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication88.0.705.49msedgewebview2.exe => No File

FirewallRules: [{406340C0-6E66-49EA-8986-5D4CF52E6EEA}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{46497894-61DD-45BE-99C7-9F36A54FDD8F}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{BE70B1D5-98B9-45F6-9AA3-9B88889A073C}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{0E4C804C-D3A3-4827-BB1F-F7C7C55EF09A}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{45310534-72CD-421F-9E2D-F73F3EEBAD42}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication88.0.705.56msedgewebview2.exe => No File

FirewallRules: [{8C01071B-6860-4BE2-9B7D-F202D66F358C}] => (Allow) LPort=80

FirewallRules: [{EA9ABE2D-D92C-4302-A56F-3E6628BE2BE3}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.18msedgewebview2.exe => No File

FirewallRules: [{82DA819F-056E-4BB5-AE7A-F099D7FCD673}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.23msedgewebview2.exe => No File

FirewallRules: [{CF95C8F2-BC04-4EF2-BBDE-79411AB4605F}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.27msedgewebview2.exe => No File

FirewallRules: [{0FF93BFC-E3AB-4C98-942A-00EE182C3DA4}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{C5EF9479-D8C3-4FC7-97A3-E38C113787DA}] => (Allow) C:Program Files (x86)MicrosoftSkype for DesktopSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{3FE6FD72-A82E-45A5-9F9E-BB4E68C171FD}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.34msedgewebview2.exe => No File

FirewallRules: [{9445EA4A-AED3-489C-AD9C-2205FCA9B6F8}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.39msedgewebview2.exe => No File

FirewallRules: [{895243DC-F37F-45FE-9238-771AC974AF02}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.45msedgewebview2.exe => No File

FirewallRules: [{6C3E58CD-2695-42EF-BB18-6207C7359CC7}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.48msedgewebview2.exe => No File

FirewallRules: [{C958D7BF-8A80-4899-97F3-C2D901EF0D5A}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication89.0.774.50msedgewebview2.exe => No File

FirewallRules: [{CAF9CB1A-01C5-4327-BC4D-8E04FACBF9DA}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe () [File not signed]

FirewallRules: [{9E408771-225B-468A-8D23-C1FEA49FA3DD}] => (Allow) C:Program FilesqBittorrentqbittorrent.exe () [File not signed]

FirewallRules: [{5D16CE75-DF89-4C67-8517-32CDD582F60C}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{851A9878-5EFF-4173-8315-51FA47A64EC6}] => (Allow) C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [{DE34D5DB-1A73-4825-BE68-B8B64001B0A6}] => (Allow) C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe (Plex, Inc. -> Python Software Foundation)

FirewallRules: [{0DDF8637-7A8A-4558-B206-7ECE5E93820A}] => (Allow) C:Program Files (x86)PlexPlex Media ServerPlex DLNA Server.exe (Plex, Inc. -> Plex, Inc.)

FirewallRules: [{31B3A277-2B3B-4081-A4D8-EDB417CA8956}] => (Allow) C:Program Files (x86)PlexPlex Media ServerPlex Tuner Service.exe (Plex, Inc. -> )

FirewallRules: [{382AC4A9-8E88-438A-AF03-8619C5EF4787}] => (Allow) C:Program Files (x86)PlexPlex Media ServerPlex Game TranscoderPlex Game Transcoder.exe (Plex, Inc. -> )

FirewallRules: [{44F4D649-DDB9-4FD8-93F5-37C0FAFC825E}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplicationmsedge.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CF26B53F-265C-41CE-ACC3-1E815AF14BF5}] => (Allow) C:Program Files (x86)MicrosoftEdge BetaApplication90.0.818.27msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

 

==================== Restore Points =========================

 

ATTENTION: System Restore is disabled (Total:100.96 GB) (Free:35.94 GB) (36%)

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (04/07/2021 01:32:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

 

Error: (04/07/2021 01:31:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

 

Error: (04/07/2021 01:31:13 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

 

Error: (04/07/2021 01:31:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=NetworkAvailable

 

Error: (04/07/2021 06:13:23 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn’t complete retrim on 6TB Seagate (H:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

 

Error: (04/06/2021 11:19:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007007B

Command-line arguments:

RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=73111121-5638-40f6-bc11-f1d7b0d64300;NotificationInterval=1440;Trigger=TimerEvent

 

Error: (04/06/2021 03:10:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 10.0.19041.546, time stamp: 0x5da7ab91

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0x80131623

Fault offset: 0x00007ffb8af9200f

Faulting process id: 0x3338

Faulting application start time: 0x01d72addc7b3421f

Faulting application path: C:WINDOWSsystem32wbemwmiprvse.exe

Faulting module path: unknown

Report Id: a24ffa9a-ffa6-4385-95a1-28d5d484bedd

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (04/06/2021 03:10:06 PM) (Source: .NET Runtime) (EventID: 1025) (User: )

Description: Application: wmiprvse.exe

Framework Version: v4.0.30319

Description: The application requested process termination through System.Environment.FailFast(string message).

Message: Unexpected exception thrown from the provider:

 System.IO.FileLoadException: 

File name: ‘Microsoft.AppV.AppvClientComConsumer, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’

   at Microsoft.AppV.AppvPublishingServerWMI.AppvPublishingServer.EnumeratePublishingServers()

 

 

Stack:

   at System.Environment.FailFast(System.String)

   at WmiNative.WbemProvider.WmiNative.IWbemServices.CreateInstanceEnumAsync(System.String, Int32, WmiNative.IWbemContext, WmiNative.IWbemObjectSink)

 

 

System errors:

=============

Error: (04/07/2021 01:30:56 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffff8005bd8108b, 0x0000000000000000, 0xfffff8000e61f1c2, 0x0000000000000002). A dump was saved in: C:WINDOWSMEMORY.DMP. Report Id: a578f374-dd04-4bee-af0b-0891d2fdf09f.

 

Error: (04/07/2021 01:30:45 PM) (Source: NetBT) (EventID: 4311) (User: )

Description: Initialization failed because the driver device could not be created.

Use the string “%2” to identify the interface for which initialization

failed. It represents the MAC address of the failed interface or the 

Globally Unique Interface Identifier (GUID) if NetBT was unable to 

map from GUID to MAC address. If neither the MAC address nor the GUID were 

available, the string represents a cluster device name.

 

Error: (04/07/2021 01:30:45 PM) (Source: NetBT) (EventID: 4311) (User: )

Description: Initialization failed because the driver device could not be created.

Use the string “%2” to identify the interface for which initialization

failed. It represents the MAC address of the failed interface or the 

Globally Unique Interface Identifier (GUID) if NetBT was unable to 

map from GUID to MAC address. If neither the MAC address nor the GUID were 

available, the string represents a cluster device name.

 

Error: (04/07/2021 01:30:39 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The Radarr-GR service depends on the following service: Radarr. This service might not be installed.

 

Error: (04/07/2021 01:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Fing.Agent service failed to start due to the following error: 

The system cannot find the file specified.

 

Error: (04/07/2021 01:30:36 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 1:18:20 PM on ‎4/‎7/‎2021 was unexpected.

 

Error: (04/02/2021 11:18:30 PM) (Source: NetBT) (EventID: 4311) (User: )

Description: Initialization failed because the driver device could not be created.

Use the string “%2” to identify the interface for which initialization

failed. It represents the MAC address of the failed interface or the 

Globally Unique Interface Identifier (GUID) if NetBT was unable to 

map from GUID to MAC address. If neither the MAC address nor the GUID were 

available, the string represents a cluster device name.

 

Error: (04/02/2021 11:18:30 PM) (Source: NetBT) (EventID: 4311) (User: )

Description: Initialization failed because the driver device could not be created.

Use the string “%2” to identify the interface for which initialization

failed. It represents the MAC address of the failed interface or the 

Globally Unique Interface Identifier (GUID) if NetBT was unable to 

map from GUID to MAC address. If neither the MAC address nor the GUID were 

available, the string represents a cluster device name.

 

 

CodeIntegrity:

===============

Date: 2021-04-07 13:32:45

Description: 

Windows is unable to verify the image integrity of the file DeviceHarddiskVolume6Program FilesESETESET Securityeamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. 1302 11/14/2012

Motherboard: ASUSTeK COMPUTER INC. M5A97 R2.0

Processor: AMD FX™-8150 Eight-Core Processor 

Percentage of memory in use: 75%

Total physical RAM: 8093.57 MB

Available physical RAM: 1947.1 MB

Total Virtual: 19737.09 MB

Available Virtual: 11014.46 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:100.96 GB) (Free:35.94 GB) NTFS

Drive h: (6TB Seagate) (Fixed) (Total:5589.01 GB) (Free:1183.53 GB) NTFS

 

\?Volume{0bc56457-e0f9-483b-9685-39db690af4f9} (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS

\?Volume{0b759406-2098-4611-9bc1-44940868106e} () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

\?Volume{1619e4dc-cbd6-40ef-8227-26b944619340} () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Protective MBR) (Size: 5589 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==========================================================

Disk: 1 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt =======================

 



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published. Required fields are marked *

47 + = 53