Solved Infected Machine Permissions Keep Changing

CallMeAlex

Posts: 6   +0
Like the title says, this machine is having a hard time accessing some files that could easily be accessed before, when I change permissions they change right back, I have been trying to fix this for some time now and I am exhausting my efforts I now need to call on one of you removal experts to run me through the paces and make it as thorough as you possibly can please, running Windows 10 here. Tell me what I need to download and run and what logs or info you all need from me and let's get to the bottom of this please and thank you!
 
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

====================================

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-01-2022
Ran by Alex (administrator) on ALEXPC (Micro-Star International Co., Ltd. MS-7A38) (04-02-2022 12:42:52)
Running from C:\Users\Alex\Downloads\techspot removal post
Loaded Profiles: Alex
Platform: Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atieclxx.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atiesrxx.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Driver Updater\DriverUpdSvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\DotNET\SwarmAgent.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\Win64\CrashReportClientEditor.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\Win64\UnrealEditor.exe
(Lansweeper -> Fing Limited) C:\Program Files\Fing\resources\extraResources\fingagent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(nordvpn s.a. -> TEFINCOM S.A.) D:\Program Files\NordVPN\nordvpn-service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [157464 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [4336920 2022-01-21] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [286064 2021-01-25] (IDSA Production signing key 2021 -> Intel)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-11-26] (Adobe Inc. -> )
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33637856 2022-02-01] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4268456 2022-01-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [731240 2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [Akamai NetSession Interface] => C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe [4586456 2018-04-17] (Akamai Technologies, Inc. -> Akamai Technologies, Inc.)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [CCleaner Smart Cleaning] => D:\Program Files\CCleaner\CCleaner64.exe [35373696 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [Discord] => C:\Users\Alex\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [utweb] => C:\Users\Alex\AppData\Roaming\uTorrent Web\utweb.exe [5934112 2021-09-30] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [NordVPN] => D:\Program Files\NordVPN\NordVPN.exe [280440 2021-06-05] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [Voicemod] => C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe [4824048 2020-10-09] (Voicemod Sociedad Limitada -> Voicemod)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [electron.app.Pi Network] => C:\Users\Alex\AppData\Local\Programs\pi-network-desktop\Pi Network.exe [92057992 2021-01-29] (SocialChain Inc -> Socialchain Inc.)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [136142896 2022-01-11] (Lansweeper -> Fing Ltd)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Run: [com.messenger] => "C:\Users\Alex\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\MountPoints2: {3d7f0ff6-e3f0-11e8-b239-309c2367901d} - "F:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-20] (Google LLC -> Google LLC)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Multiple_Roblox.exe [2020-03-17] () [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BD9CB39-9237-45FD-B0C2-0223386BAC9C} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [File not signed]
Task: {0BFB577F-D471-43F2-804B-B6FE2120A5CA} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6475544 2022-01-18] (Avast Software s.r.o. -> Avast Software)
Task: {0C9E7810-31F4-4FBA-93EA-C5E5A17FFC2D} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [358912 2021-12-01] (Advanced Micro Devices, Inc.) [File not signed]
Task: {1627051B-0AEA-4AC2-AC6D-1BFC71054294} - System32\Tasks\Microsoft\Windows\NetFramework\Microsoft .NET Framework => C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe -pool us1.ethermine.org:4444 -pool2 us2.ethermine.org:4444 -wal 0xa806700b54d5d5319df6c725ddb52dde20c94221.MyRig -proto 3 (No File)
Task: {16E1BADB-C41D-44D3-BD26-DF6EB345B8FE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [260600 2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {2637E621-C76E-486F-9A14-C79112C23684} - System32\Tasks\CCleanerSkipUAC - Alex => D:\Program Files\CCleaner\CCleaner.exe [29442688 2021-12-07] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\AMDInstallLauncher" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\AMDLinkUpdate" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleanerSkipUAC - Alex" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineCore1d71e744ad6f4ee" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\MicrosoftEdgeUpdateTaskMachineUA" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\ModifyLinkUpdate" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\npcapwatchdog" /ENABLE
Task: {27FCD6F4-A15A-46DB-8DBB-285575E93153} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {28818E05-AD20-4B84-9F8C-CAFB23A3F75E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {32801539-4537-4F67-AAA5-C42F11A76618} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4760344 2022-01-21] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid 8cafdc3a-1523-4fd9-8716-b3a722c21538
Task: {338B0514-B387-48BB-A86E-BAAB98758BF6} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [55288 2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {3819E450-D610-4CCF-9D17-F86E9684F191} - System32\Tasks\CCleaner Update => D:\Program Files\CCleaner\CCUpdate.exe [684976 2021-12-07] (Piriform Software Ltd -> Piriform)
Task: {54C40573-8F2F-4188-B4CD-387BE9EA4EE4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {55404305-3BD0-4ED3-A946-096EF9651805} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2019-02-26] (Google Inc -> Google Inc.)
Task: {7154E928-CC4D-476B-B658-172D99AD7EF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {764BC808-3F1E-4DD6-AAAD-26E7F00A2587} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {7EEF5CA1-E3E7-44B4-B9C3-B7A8D3B0DA7D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {87EFC35B-F49C-4E46-9B76-200BD76772E9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {8EA666D0-108B-4BC9-98E0-82BA68698EC7} - System32\Tasks\cFos\Registration Tasks\Open Browser => "c:\program files\mozilla firefox\firefox.exe" -osint -url "hxxp://localhost:1487/cfosspeed/console.htm"
Task: {9561B8FF-60A5-404A-BA7B-D099FDDA5CBF} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1118200 2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {A2304A73-9178-4D55-94E2-3B1A342B2423} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4969240 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
Task: {C47674DA-6980-4B22-88BE-242435AB696E} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65448 2021-09-07] (Microsoft Corporation -> Microsoft)
Task: {CC398720-6541-4F9A-8424-553978A6E72A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {D2D80059-A792-4EBF-85A7-2ED47018E747} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1709048 2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {D5E5D266-2A2B-45C0-9BE4-5A504E444A84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2019-02-26] (Google Inc -> Google Inc.)
Task: {DBA373EA-DEA1-43B9-85B2-53BC00A44C55} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {DCB8E36D-BC6D-401D-85AA-AACD3C1ACD02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EAE49F08-18DA-45CB-ABFF-BD699AD440FE} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=AME --productVersion=14.0.1 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (No File)
Task: {EDF3FDD6-DB53-4BC2-971F-CF9BF16219BA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1ED2067-24F7-4358-A682-C3A645A0BF19} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{264e63f2-6ad1-4062-b750-6f1f015043b9}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c7a72ab4-7199-4fa9-a4ba-b511b39feafb}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ceadf6e7-7278-44bf-8c67-147bf8682739}: [NameServer] 103.86.99.99,103.86.96.96
Tcpip\..\Interfaces\{f28ceaad-66ff-4447-bea4-f9258474f44c}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (Translator For Microsoft Edge) -> MicrosoftTranslate_MicrosoftTranslatorforMicrosoftEdge_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.TranslatorforMicrosoftEdge_0.91.51.0_neutral__8wekyb3d8bbwe [2021-03-28]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-07]
Edge Notifications: Default -> hxxps://www.facebook.com

FireFox:
========
FF DefaultProfile: if0xl5b9.default-1601569268796
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796 [2022-02-04]
FF Notifications: Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796 -> hxxps://mail.google.com; hxxps://www.instagram.com; hxxps://www.reddit.com; hxxps://mail.protonmail.com; hxxps://www.facebook.com
FF NewTabOverride: Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796 -> Enabled: extension@tabliss.io
FF NewTabOverride: Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796 -> Enabled: @contain-facebook
FF NewTabOverride: Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796 -> Enabled: toolbar@gmx.com
FF Extension: (Facebook Container) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\@contain-facebook.xpi [2021-08-05]
FF Extension: (AdBlocker Ultimate) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\adblockultimate@adblockultimate.net.xpi [2021-12-11]
FF Extension: (Tabliss) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\extension@tabliss.io.xpi [2021-01-28]
FF Extension: (GMX.com MailCheck) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\toolbar@gmx.com.xpi [2021-08-06]
FF Extension: (MetaMask) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\webextension@metamask.io.xpi [2021-12-24]
FF Extension: (Dark Night Mode) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{27c3c9d8-95cd-44e6-ae9c-ff537348b9f3}.xpi [2020-10-01]
FF Extension: (ColorZilla) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2021-09-10]
FF Extension: (Country Flags & IP Whois) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{802a552e-13d1-4683-a40a-1e5325fba4bb}.xpi [2021-09-05]
FF Extension: (square red) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{8de1c33e-d562-43ef-9122-6cfb439df06c}.xpi [2020-10-01]
FF Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2021-12-21]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2021-11-23]
FF Extension: (Always on Top) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi [2021-09-06]
FF Extension: (Bitchute Download) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\if0xl5b9.default-1601569268796\Extensions\{f0545c23-fb7f-411f-8f43-d6b6ffaf167d}.xpi [2021-03-07]

Chrome:
=======
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2022-01-03]
CHR StartupUrls: Default -> "hxxp://roblox.com/"
CHR Extension: (Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-05-11]
CHR Extension: (Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-05-11]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-07]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-05-11]
CHR Extension: (Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-05-11]
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-16]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-11]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8480848 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [452888 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [452888 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-05-20] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7356680 2018-11-07] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3729512 2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7207192 2022-01-21] (Avast Software s.r.o. -> AVAST Software)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-11-24] (Epic Games Inc. -> Epic Games, Inc.)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-10-25] (FUTUREMARK INC -> Futuremark)
S3 LxssManagerUser; C:\WINDOWS\system32\lxss\wslclient.dll [305664 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R2 nordvpn-service; D:\Program Files\NordVPN\nordvpn-service.exe [280440 2021-06-05] (nordvpn s.a. -> TEFINCOM S.A.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-03-21] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-03-21] (Electronic Arts, Inc. -> Electronic Arts)
S4 OVRLibraryService; D:\Oculus\Support\oculus-librarian\OVRLibraryService.exe [145336 2020-12-31] (Oculus VR, LLC -> Facebook Technologies, LLC)
S4 OVRService; D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [512440 2020-12-31] (Oculus VR, LLC -> Facebook Technologies, LLC)
S4 Red Giant Service; C:\Program Files\Red Giant\Services\Red Giant Service.exe [5976136 2020-11-06] (Red Giant LLC -> Red Giant LLC)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14386160 2022-01-20] (ADLICE -> )
S3 VSStandardCollectorService150; D:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Fing.Agent; C:\Program Files\Fing\resources\extraResources\fingagent.exe --servicemode Fing.Agent --agentroot "C:\Users\Alex\AppData\Roaming"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A6100; C:\WINDOWS\System32\drivers\A6100.sys [5004560 2016-02-17] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [33216 2021-10-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [43336 2021-11-30] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_edd3335a4253bf6d\amdsafd.sys [109520 2021-11-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\amdkmdag.sys [82871896 2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [36784 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [223176 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [369216 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [252992 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [100416 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [21936 2021-09-23] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42416 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [186280 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [540056 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [108912 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83976 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [853800 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [545176 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318760 2021-12-15] (Avast Software s.r.o. -> AVAST Software)
R3 bsvad; C:\WINDOWS\system32\drivers\bsvad.sys [48712 2019-08-06] (Bigscreen, Inc. -> Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-11-09] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-11-09] (Disc Soft Ltd -> Disc Soft Ltd)
S3 I2cHkBurn; C:\WINDOWS\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R2 NDivert; D:\Program Files\NordVPN\Drivers\NDivert.sys [128856 2021-06-13] (nordvpn s.a. -> Nordvpn S.A.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-11-02] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [71720 2021-06-22] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\WINDOWS\system32\DRIVERS\npcap.sys [71720 2021-06-22] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 OCULUSUDSVR; C:\WINDOWS\System32\drivers\OCULUSUD.sys [3867552 2019-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Oculus VR, LLC.)
R3 oculusvad_oculusvad; C:\WINDOWS\System32\drivers\oculusvad.sys [72208 2020-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2019-08-04] (Oculus VR, LLC -> Facebook Inc.)
U3 RkFlt; C:\Windows\System32\drivers\rkflt.sys [42056 2022-02-04] (Adlice -> )
R3 t6sta; C:\WINDOWS\System32\Drivers\t6sta.sys [165144 2021-10-15] (MAGIC CONTROL TECHNOLOGY CORPORATION -> Magic Control Technology Corporation)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-04-06] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R3 VOICEMOD_Driver; C:\WINDOWS\system32\drivers\vmdrv.sys [49976 2020-09-08] (Voicemod Sociedad Limitada -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-20] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-10-06] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S2 AMDRyzenMasterDriverV17; \??\C:\Program Files\AMD\CNext\CNext\AMDRyzenMasterDriver.sys [X]
S3 AppleKmdfFilter; \SystemRoot\System32\drivers\AppleKmdfFilter.sys [X]
S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus.sys [X]
S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-04 12:42 - 2022-02-04 12:43 - 000000000 ____D C:\FRST
2022-02-04 12:41 - 2022-02-04 12:42 - 000000000 ____D C:\Users\Alex\Downloads\techspot removal post
2022-02-04 11:10 - 2022-02-04 11:10 - 000042056 _____ C:\WINDOWS\system32\Drivers\rkflt.sys
2022-02-03 22:12 - 2022-02-03 22:12 - 000001009 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2022-02-03 03:43 - 2022-02-03 03:43 - 000001187 ____C C:\Users\Alex\Desktop\MyProject3.uproject - Shortcut.lnk
2022-02-02 01:17 - 2022-02-02 01:17 - 033727048 _____ (Facebook, Inc.) C:\Users\Alex\Downloads\Messenger.137.1.0.8.106.exe
2022-02-01 18:13 - 2022-02-01 18:13 - 011797848 _____ (Tim Kosse) C:\Users\Alex\Downloads\FileZilla_3.57.0_win64-setup.exe
2022-02-01 08:30 - 2022-02-01 08:30 - 000000000 ____D C:\Users\Alex\AppData\Local\enchant
2022-02-01 08:28 - 2022-02-01 11:07 - 000000000 ____D C:\Users\Alex\AppData\Roaming\HexChat
2022-01-26 23:23 - 2022-01-26 23:24 - 165903331 ____C C:\Users\Alex\Desktop\GCC_PREVIEW.mp4
2022-01-26 23:02 - 2022-01-26 23:02 - 000000000 ____D C:\Users\Alex\AppData\Local\Adobe
2022-01-26 23:01 - 2022-01-26 23:10 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2022-01-26 23:01 - 2022-01-26 23:01 - 000000000 ___DC C:\Users\Alex\Documents\Adobe
2022-01-26 23:01 - 2022-01-26 23:01 - 000000000 ____D C:\ProgramData\Adobe
2022-01-26 21:48 - 2022-01-26 21:48 - 000000000 ____D C:\Users\Alex\AppData\Local\HaloInfinite
2022-01-26 20:51 - 2022-01-26 20:51 - 000000223 ____C C:\Users\Alex\Desktop\Halo Infinite.url
2022-01-26 01:32 - 2022-01-26 01:32 - 000002372 ____C C:\Users\Alex\Desktop\blender-launcher.exe - Shortcut.lnk
2022-01-19 00:29 - 2022-01-19 00:29 - 000000000 ____D C:\Program Files\Fing
2022-01-15 01:02 - 2022-01-15 01:02 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-15 01:02 - 2022-01-15 01:02 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-15 01:02 - 2022-01-15 01:02 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-15 00:44 - 2022-01-15 00:46 - 000000000 ___HD C:\$WinREAgent
2022-01-07 19:43 - 2022-01-24 19:39 - 000000000 ____D C:\ProgramData\RogueKiller
2022-01-07 19:43 - 2022-01-20 03:25 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-01-07 19:43 - 2022-01-20 03:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-01-07 19:43 - 2022-01-20 03:25 - 000000000 ____D C:\Program Files\RogueKiller
2022-01-07 19:10 - 2022-02-04 11:14 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Fing
2022-01-07 19:09 - 2022-01-19 00:28 - 000000000 ____D C:\Users\Alex\AppData\Local\fing-updater
2022-01-07 19:09 - 2022-01-07 19:09 - 000001773 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fing.lnk
2022-01-07 19:09 - 2022-01-07 19:09 - 000001761 _____ C:\Users\Public\Desktop\Fing.lnk
2022-01-07 19:09 - 2022-01-07 19:09 - 000000000 ____D C:\Users\Alex\AppData\Roaming\FingAgent
2022-01-07 19:09 - 2022-01-07 19:09 - 000000000 ____D C:\ProgramData\Fingagent
2022-01-07 18:53 - 2022-01-07 18:53 - 000001008 _____ C:\Users\Public\Desktop\PuTTY (64-bit).lnk
2022-01-07 18:53 - 2022-01-07 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)
2022-01-07 18:53 - 2022-01-07 18:53 - 000000000 ____D C:\Program Files\PuTTY
2022-01-07 18:01 - 2022-01-07 18:01 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2022-01-07 18:00 - 2022-01-08 03:17 - 000000000 ____D C:\Users\Alex\.zenmap
2022-01-07 17:42 - 2022-01-07 19:50 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Wireshark
2022-01-07 17:34 - 2022-01-07 17:34 - 000000000 ____D C:\Users\Alex\AppData\Local\Sysinternals
2022-01-07 17:33 - 2022-01-07 17:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2022-01-07 17:33 - 2022-01-07 17:33 - 000000000 ____D C:\WINDOWS\system32\Npcap
2022-01-07 17:28 - 2022-01-07 17:34 - 000000000 ____D C:\Program Files (x86)\Nmap
2022-01-07 17:23 - 2022-01-07 17:23 - 000001834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2022-01-07 17:23 - 2022-01-07 17:23 - 000001822 _____ C:\Users\Public\Desktop\Wireshark.lnk
2022-01-07 17:22 - 2022-02-04 11:51 - 000002218 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2022-01-07 17:22 - 2022-01-07 17:23 - 000000000 ____D C:\Program Files\USBPcap
2022-01-07 17:21 - 2022-01-07 17:23 - 000000000 ____D C:\Program Files\Wireshark
2022-01-07 16:16 - 2022-01-07 16:16 - 000000860 _____ C:\Users\Public\Desktop\Audacity.lnk
2022-01-07 16:15 - 2022-01-07 16:21 - 000000000 ____D C:\Program Files\Audacity
2022-01-07 16:09 - 2022-01-07 16:21 - 000000000 ____D C:\Program Files (x86)\Lame For Audacity
2022-01-07 01:16 - 2022-01-07 01:16 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Streamlabs Desktop
2022-01-05 00:06 - 2022-01-05 00:06 - 000000000 ____D C:\WINDOWS\Panther

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-04 12:03 - 2019-12-07 03:14 - 000000000 ___RD C:\Program Files\WindowsApps
2022-02-04 12:03 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-04 12:00 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-04 11:51 - 2021-12-15 19:14 - 000002732 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2022-02-04 11:51 - 2021-12-15 19:14 - 000002578 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-02-04 11:51 - 2021-12-15 19:14 - 000002570 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-02-04 11:51 - 2021-11-26 06:44 - 000002312 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Alex
2022-02-04 11:51 - 2021-04-12 19:02 - 000003274 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71e744ad6f4ee
2022-02-04 11:51 - 2021-03-21 11:08 - 000003468 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-02-04 11:51 - 2021-03-21 11:08 - 000003048 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-02-04 11:51 - 2021-03-21 11:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-02-04 11:41 - 2021-05-21 05:54 - 000000000 ____D C:\Users\Alex\AppData\Local\Avast Software
2022-02-04 11:24 - 2021-10-21 19:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-02-04 11:24 - 2021-07-13 09:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-02-04 11:24 - 2020-11-08 05:22 - 000000000 ___DC C:\Users\Alex\AppData\LocalLow\Mozilla
2022-02-04 11:24 - 2018-10-30 04:18 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-02-04 11:24 - 2018-10-30 04:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-02-04 11:22 - 2021-06-11 09:37 - 000000000 ____D C:\Users\Alex\AppData\Local\CrashDumps
2022-02-04 11:16 - 2021-03-21 11:08 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-04 11:16 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-04 11:10 - 2021-03-21 11:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-04 11:10 - 2021-03-21 10:51 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-04 11:10 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-04 11:10 - 2018-10-30 00:25 - 000000000 ____D C:\ProgramData\AVAST Software
2022-02-04 11:09 - 2021-03-21 10:54 - 000000000 ____D C:\Users\Alex
2022-02-04 11:09 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-04 11:09 - 2019-04-03 01:43 - 000000000 ___DC C:\Users\Alex\AppData\Roaming\Discord
2022-02-04 11:09 - 2018-07-12 14:48 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2022-02-04 10:57 - 2018-10-31 02:49 - 000000000 ____D C:\Program Files (x86)\Steam
2022-02-04 10:46 - 2019-04-03 01:43 - 000000000 ___DC C:\Users\Alex\AppData\Local\Discord
2022-02-04 04:55 - 2019-03-06 17:45 - 000000000 ___DC C:\Users\Alex\AppData\Roaming\FileZilla
2022-02-03 22:12 - 2019-03-06 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-02-02 05:30 - 2021-09-01 08:56 - 000000000 ____D C:\Users\Alex\AppData\Local\Messenger
2022-02-02 05:30 - 2020-09-04 17:03 - 000000000 ____D C:\Users\Alex\AppData\Roaming\Messenger
2022-02-01 18:03 - 2021-06-09 00:55 - 000000000 ____D C:\Users\Alex\Projects
2022-02-01 17:49 - 2021-06-12 21:03 - 000000000 ___DC C:\Users\Alex\Documents\Text Documents
2022-02-01 08:24 - 2018-10-30 00:08 - 000000000 ____D C:\ProgramData\Packages
2022-02-01 08:24 - 2018-10-29 23:55 - 000000000 ___DC C:\Users\Alex\AppData\Local\PlaceholderTileLogoFolder
2022-02-01 08:24 - 2018-09-13 16:38 - 000000000 ___DC C:\Users\Alex\AppData\Local\Packages
2022-01-31 03:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-01-30 09:04 - 2020-08-27 08:31 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-30 09:00 - 2021-03-21 10:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-30 08:59 - 2019-04-03 08:48 - 000000000 ___DC C:\Users\Alex\AppData\Roaming\slobs-client
2022-01-26 23:08 - 2020-02-24 23:05 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-01-26 22:51 - 2018-09-13 16:37 - 000000000 ___DC C:\Users\Alex\AppData\Local\D3DSCache
2022-01-26 22:48 - 2019-04-03 08:44 - 000000000 ____D C:\Program Files\Streamlabs OBS
2022-01-19 00:24 - 2021-03-21 10:51 - 000293992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-19 00:23 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-19 00:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-19 00:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-19 00:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-19 00:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-19 00:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-19 00:23 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-19 00:22 - 2018-11-02 01:44 - 000000000 ____D C:\Program Files (x86)\mIRC
2022-01-18 21:04 - 2020-05-29 21:56 - 000000000 ____D C:\Users\Alex\AppData\Roaming\audacity
2022-01-15 01:04 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-01-14 09:02 - 2018-10-30 00:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-14 08:59 - 2018-10-30 00:04 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-13 04:45 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-08 03:28 - 2018-11-24 08:26 - 000000000 ___DC C:\Users\Alex\Desktop\shortcuts
2022-01-07 21:44 - 2021-10-31 02:30 - 000000000 ___DC C:\Users\Alex\Desktop\Wii
2022-01-07 21:44 - 2021-10-21 16:35 - 000000000 ___DC C:\Users\Alex\Desktop\yuy
2022-01-07 18:54 - 2020-09-19 22:53 - 000000128 _____ C:\Users\Alex\AppData\Local\PUTTY.RND
2022-01-07 18:02 - 2021-03-21 10:54 - 000000000 ____D C:\Users\OVRLibraryService
2022-01-07 17:55 - 2022-01-03 05:08 - 000000000 ___DC C:\Users\Alex\Desktop\Unreal Engine
2022-01-07 17:33 - 2019-02-09 13:20 - 000000000 ____D C:\Program Files\Npcap
2022-01-07 16:21 - 2020-05-29 21:56 - 000000000 ____D C:\Users\Alex\AppData\Local\Audacity
2022-01-07 16:16 - 2020-05-29 21:56 - 000000872 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2022-01-07 10:37 - 2018-12-20 15:51 - 000000000 ___DC C:\Users\Alex\AppData\Roaming\MPC-HC
2022-01-07 01:16 - 2018-09-13 16:37 - 000000000 ___DC C:\Users\Alex\AppData\Local\AMD
2022-01-07 01:15 - 2018-05-18 13:09 - 000000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories ========

2020-10-14 04:04 - 2020-10-14 04:04 - 000003584 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-02-24 23:17 - 2022-01-26 01:40 - 000025625 _____ () C:\Users\Alex\AppData\Local\oobelibMkey.log
2020-09-19 22:53 - 2022-01-07 18:54 - 000000128 _____ () C:\Users\Alex\AppData\Local\PUTTY.RND
2021-01-17 15:41 - 2021-01-17 15:41 - 000001553 _____ () C:\Users\Alex\AppData\Local\recently-used.xbel
2021-03-21 15:23 - 2021-03-21 15:23 - 000007598 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2019-02-09 13:38 - 2019-02-09 13:38 - 000000000 ____C () C:\Users\Alex\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 
PART 1 of ADDITION LOG

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-01-2022
Ran by Alex (04-02-2022 12:45:28)
Running from C:\Users\Alex\Downloads\techspot removal post
Microsoft Windows 10 Home Version 21H1 19043.1466 (X64) (2021-03-21 17:08:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1554008632-2707299731-3271863535-500 - Administrator - Disabled)
Alex (S-1-5-21-1554008632-2707299731-3271863535-1003 - Administrator - Enabled) => C:\Users\Alex
DefaultAccount (S-1-5-21-1554008632-2707299731-3271863535-503 - Limited - Disabled)
Guest (S-1-5-21-1554008632-2707299731-3271863535-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1554008632-2707299731-3271863535-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark (HKLM\...\{4951649C-3DF1-44FE-9D1C-2894D2D84698}) (Version: 2.6.6174.0 - UL) Hidden
3DMark (HKLM-x32\...\{d4d743ac-3702-4de2-9a4e-6a2f9bfd2004}) (Version: 2.6.6174.0 - UL)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_4_1) (Version: 25.4.1 - Adobe Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 3.10.08.506 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{716F53C3-0B3F-4FB7-9AD7-9BC7DB7134A1}) (Version: 1.4.0.0659 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{aebb22c8-1fcb-4e7d-92ae-98f1012da7a2}) (Version: 3.10.08.506 - Advanced Micro Devices, Inc.) Hidden
Application Verifier x64 External Package (HKLM\...\{10CA1677-8F02-3131-F25C-780BAB52E468}) (Version: 10.1.18362.1 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden
Application Verifier x64 External Package (HKLM\...\{B27BC1FC-8474-9E32-73C2-6F7CD58AD1E3}) (Version: 10.1.17763.132 - Microsoft) Hidden
Audacity 3.0.0 (HKLM-x32\...\Audacity_is1) (Version: 3.0.0 - Audacity Team)
Audacity 3.1.3 (64-bit) (HKLM\...\Audacity_is1) (Version: 3.1.3 - Audacity Team)
Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 21.4.2258.8120 - Avast Software)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 21.11.2500 - Avast Software)
Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.)
Branding64 (HKLM\...\{8400E550-2340-4FC4-8B46-93D7C7646A6A}) (Version: 1.00.0007 - Advanced Micro Devices, Inc.) Hidden
Bridge 2021.0.1 (HKLM\...\{d31b3501-1485-515e-b9cc-ec663e464c2a}) (Version: 2021.0.1 - Quixel)
CCleaner (HKLM\...\CCleaner) (Version: 5.88 - Piriform)
ccsetup (HKLM\...\{E2499D63-E650-4C7E-A5D1-B73E0008FB6B}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.9.0.0650 - Disc Soft Ltd)
Deathcounter and Soundboard (HKLM-x32\...\DCSB) (Version: 4.0.0.9 - Kalejin)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\Discord) (Version: 0.0.309 - Discord Inc.)
Documentation Manager (HKLM\...\{87CA98A2-FF74-4CBE-81D8-0E9145F4A97C}) (Version: 22.30.0.11 - Intel Corporation) Hidden
DOOM Eternal (HKLM-x32\...\DOOM Eternal_is1) (Version: - )
Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Online Services (HKLM-x32\...\{32C68D93-D32F-4B01-8250-61642BFC22F8}) (Version: 2.0.28.0 - Epic Games, Inc.)
FileZilla Client 3.57.0 (HKLM-x32\...\FileZilla Client) (Version: 3.57.0 - Tim Kosse)
FINAL FANTASY IX (HKLM-x32\...\FINAL FANTASY IX_is1) (Version: - )
Final Fantasy VIII Remastered (HKLM-x32\...\Final Fantasy VIII Remastered_is1) (Version: - )
Fing 2.8.0 (HKLM\...\Fing Desktop) (Version: 2.8.0 - Fing Ltd)
Futuremark SystemInfo (HKLM-x32\...\{54A3802E-DFED-4235-85A7-A604FE1CC64D}) (Version: 5.14.693.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{CDD0EC5B-EBEE-4822-B994-78AD30D90874}) (Version: 16.8.30607 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{8A64881A-8735-4C75-91BE-BCE0A45BCDB0}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Driver && Support Assistant (HKLM-x32\...\{F0E9774D-C5A1-4C83-89F9-191E1334D476}) (Version: 21.1.5.2 - Intel) Hidden
Intel® Driver & Support Assistant (HKLM-x32\...\{3f5ceda7-9b48-4fa4-af57-8feaf8ab1e46}) (Version: 21.1.5.2 - Intel)
Intel® Software Installer (HKLM-x32\...\{469cd1ee-2994-481c-ad19-874d4d32525b}) (Version: 22.30.0.11 - Intel Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
ISO to WBFS (HKLM-x32\...\{10FD06B0-A517-4604-97C2-8D55F9D80F5F}_is1) (Version: - isotowbfs.com)
Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Messenger (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 138.0.347181757 - Facebook, Inc.)
Microsoft .NET Core Runtime - 2.1.30 (x64) (HKLM-x32\...\{e6e5b73d-9aea-4a61-9110-4f93d1b9bc75}) (Version: 2.1.30.30411 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.617 (x64) (HKLM-x32\...\{c9536db7-722a-42e4-9e16-5caa8c576724}) (Version: 2.1.617 - Microsoft Corporation)
Microsoft .NET Core SDK 3.1.416 (x64) (HKLM-x32\...\{a3f6b727-7a69-4e86-95ab-22befeaea6ff}) (Version: 3.1.416.15882 - Microsoft Corporation)
Microsoft .NET SDK 5.0.101 (x64) from Visual Studio (HKLM\...\{D623A466-38A7-4E39-9D69-7B07951D3406}) (Version: 5.1.120.60105 - Microsoft Corporation)
Microsoft .NET SDK 5.0.104 (x64) (HKLM-x32\...\{ffd9c013-1ec9-45ed-8ca2-104e6a0800b7}) (Version: 5.1.421.11822 - Microsoft Corporation)
Microsoft ASP.NET Core 2.1.30 - Shared Framework (HKLM-x32\...\{614a1747-bef3-44e7-86a8-799e4d2ab88d}) (Version: 2.1.30.60071 - Microsoft Corporation)
Microsoft ASP.NET Core 3.1.22 - Shared Framework (x86) (HKLM-x32\...\{89272f3e-0704-400d-89fb-b387e078671e}) (Version: 3.1.22.21579 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.13 - Shared Framework (x64) (HKLM-x32\...\{e5c8ae14-43c4-4a21-b3ae-5f979243b47d}) (Version: 5.0.13.21572 - Microsoft Corporation)
Microsoft ASP.NET Core 5.0.13 - Shared Framework (x86) (HKLM-x32\...\{3bdb87ca-ac65-4df7-80f6-c72b79cdab49}) (Version: 5.0.13.21572 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.35.61819 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.22 (x86) (HKLM-x32\...\{675abf0e-683c-414e-8b1b-9cd40aeb368b}) (Version: 3.1.22.30721 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.13 (x64) (HKLM-x32\...\{e2d1ae32-dd1d-4ad7-a298-10e42e7840fc}) (Version: 5.0.13.30717 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.13 (x86) (HKLM-x32\...\{90d6e4fa-5611-4c73-a0ab-58daa849d84a}) (Version: 5.0.13.30717 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.64 - mIRC Co. Ltd.)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.3 (x64 en-US)) (Version: 96.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{6C961B30-A670-8A05-3BFE-3947E84DD4E4}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
MSI Development Tools (HKLM-x32\...\{DB4DB790-64DD-1902-4BF2-833B3B6DBCA1}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
MultiWall version 1.0.36 (HKLM-x32\...\{54384F46-6346-4BDC-A137-4D4037D362D3}_is1) (Version: 1.0.36 - MultiWall)
Nmap 7.92 (HKLM-x32\...\Nmap) (Version: 7.92 - Nmap Project)
Node.js (HKLM\...\{553327D7-A52C-44F2-896F-D4C7DF3FFF53}) (Version: 16.9.0 - Node.js Foundation)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.41.10.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.9.3 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.50 - Nmap Project)
Observation (HKLM-x32\...\Observation_is1) (Version: - )
Oculus (HKLM\...\Oculus) (Version: <3 - Facebook Technologies, LLC)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.93.46608 - Electronic Arts, Inc.)
Pi Network 0.4.2 (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\375fce00-6280-59a8-8dfe-c557d5fd3e90) (Version: 0.4.2 - Socialchain Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{E3210211-B3F1-4EBC-AF27-4D35148E7AB5}) (Version: 2.76.0 - The Pokémon Company International)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)
PyCharm 2021.3 (HKLM-x32\...\PyCharm 2021.3) (Version: 213.5744.248 - JetBrains s.r.o.)
Python 3.9.7 (64-bit) (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\{0f0bf1a5-3ec1-459b-ab7c-916db941f50d}) (Version: 3.9.7150.0 - Python Software Foundation)
Python 3.9.7 Add to Path (64-bit) (HKLM\...\{832BFE8B-69A2-4E1D-8998-DFB9CBA4B4D3}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Core Interpreter (64-bit) (HKLM\...\{88D4EF59-607D-43AD-B7C7-F5A753740FD1}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Development Libraries (64-bit) (HKLM\...\{97496FC6-5044-4A2A-BACD-40A44F38D483}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Documentation (64-bit) (HKLM\...\{AA408E09-EBB3-470F-8D63-5AA0C46C2DA2}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Executables (64-bit) (HKLM\...\{870EC220-FEAE-481D-8B29-B4B0DF5402FA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 pip Bootstrap (64-bit) (HKLM\...\{F1280AA2-AAC3-41AB-9616-CCF00814E626}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Standard Library (64-bit) (HKLM\...\{05903EEF-72A2-4C1A-AD35-41AD6C7094A8}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Tcl/Tk Support (64-bit) (HKLM\...\{6E8EAD3C-6F0C-494C-9C12-E10C5B5EE7EA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Test Suite (64-bit) (HKLM\...\{67D79D6E-8497-4EE6-850B-834D3A27553F}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Utility Scripts (64-bit) (HKLM\...\{4110826A-903C-410C-9785-7848A51B9CC9}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{99719382-D7A9-4DC2-BF0C-C23B730A313D}) (Version: 3.9.7546.0 - Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2_is1) (Version: 0.0.0 - DODI-Repacks)
RetroArch 1.9.0 (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\RetroArch) (Version: 1.9.0 - libretro)
Roblox Player (HKLM-x32\...\roblox-player-admin) (Version: - Roblox Corporation)
Roblox Player for Alex (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio (HKLM-x32\...\roblox-studio-admin) (Version: - Roblox Corporation)
Roblox Studio for Alex (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\roblox-studio) (Version: - Roblox Corporation)
RogueKiller version 15.2.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.2.0.0 - Adlice Software)
RyzenMasterSDK (HKLM\...\{D75CF983-4F9F-4EB7-B15B-AC6E615982C2}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamLabels 0.4.2 (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.4.2 - Streamlabs)
Streamlabs Chatbot version 1.0.2.62 (HKLM-x32\...\{08D3C5BB-C492-4916-B111-725081845380}_is1) (Version: 1.0.2.62 - Streamlabs)
Streamlabs OBS 0.15.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 0.15.1 - General Workings, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
Trapcode Suite (HKLM\...\Trapcode Suite v15.1.8) (Version: - Red Giant LLC)
TypeScript SDK (HKLM-x32\...\{873B2737-D587-4FC9-993D-086DBF507461}) (Version: 4.0.3.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{13952D7A-B7B3-F4F8-5F29-5CD18E8168B7}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{7D225043-6CC5-7B56-11DD-AFF90E4C1C0C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{74CBC330-ED16-31B9-E8BE-0C6A8E67DE32}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{CB19DBA2-C210-5646-9522-695A1317CD34}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{5F577A45-3C65-352B-061D-D6A57F05402C}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{847D4DAF-0182-265B-324F-406462E8A90D}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6F54BF87-2EE6-FA6D-431D-33A665992D49}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{CE83D0BD-418A-F3D1-D6CE-687E96D1EBD0}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 72.0 - Ubisoft)
USBPcap 1.5.4.0 (HKLM\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
uTorrent Web (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\utweb) (Version: 1.2.6 - BitTorrent, Inc.)
UXP WebView Support (HKLM-x32\...\UXPW_1_0_0) (Version: 1.0.0 - Adobe Inc.)
vcpp_crt.redist.clickonce (HKLM-x32\...\{10D9FDCA-0D16-4C80-91DD-EDDA62A0F29D}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{C93A88C2-6DE4-4035-AAC8-341435549BBB}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Visual Studio Build Tools 2019 (2) (HKLM-x32\...\e0e60741) (Version: 16.11.2 - Microsoft Corporation)
Visual Studio Community 2019 (HKLM-x32\...\79f3d968) (Version: 16.8.30804.86 - Microsoft Corporation)
Voicemod (HKLM\...\{8435A407-F778-4647-9CDB-46E5EC50BAD0}_is1) (Version: 2.1.1.5 - Voicemod S.L.)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{CE912A42-1D6A-4F54-A263-F54E7D3F8E09}) (Version: 16.11.31613 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{2EE7854B-D67F-41D8-94F4-D885FA7C4385}) (Version: 16.8.30608 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{4085E209-B871-4079-B58D-778D5293AFD5}) (Version: 16.8.30608 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{53D1C36A-E35A-45B3-801B-F49BDD425293}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{716AE8F2-1BE3-7657-DF6B-F23DEEC75AF9}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{8E3AE0EF-D067-700C-BDB4-10D5552155DC}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\WinDirStat) (Version: - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17763.132 (HKLM-x32\...\{5fe95b9d-9219-4d8b-a031-71323ae48a81}) (Version: 10.1.17763.132 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.18362.1 (HKLM-x32\...\{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Version: 10.1.18362.1 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation)
Windows Subsystem for Linux Update (HKLM\...\{8BC9BA1B-F6F3-471D-8773-5283F0C52B84}) (Version: 5.10.60.1 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{00B12DF9-5428-9406-DE2C-8E8A1A062B05}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{E67F1F03-FB4A-3D61-8999-E6A4C4B26F34}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{7EF010FF-7800-28BA-FF49-2D219EC7BA82}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E82A4A6C-C21C-35FE-B805-3E44318F6D63}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{36AE12FB-4349-6EAA-B6E4-5F4E06FA8AE8}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{7E898893-9C42-A572-7F57-FDE55CE812F7}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{6B03A6A4-643C-57CE-CA6F-4E19BF47497A}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E8B1CB29-5C24-D882-3CEF-F8A7263BC63D}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{918A448F-59E8-FBF5-B087-D3F07160C7E0}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{F6F11150-93DE-0507-FCA0-F746E0207017}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{66483041-F590-EC46-4AF0-EE39C62FB680}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{8329C3A0-8582-D1C2-67FF-800654BFDF45}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{771C9DEF-7C0B-85DA-6426-7A20F06BEC94}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{9C61E6D2-C43E-6746-B519-6185558C4A24}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{6B37CC5B-78DF-5050-2215-68479716A587}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{B047C746-63E8-41C7-A5C0-7ABD390CF3E6}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0063AF94-397B-9C64-1C71-D404B27C5D96}) (Version: 10.1.17763.132 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{250D5341-0879-4016-399C-BBCD87B80E95}) (Version: 10.1.18362.1 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Wireshark 3.6.1 64-bit (HKLM-x32\...\Wireshark) (Version: 3.6.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Zoom (HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\ZoomUMX) (Version: 5.8.4 (1736) - Zoom Video Communications, Inc.)

Packages:
=========
Blender -> C:\Program Files\WindowsApps\BlenderFoundation.Blender_3.0.1.0_x64__ppwjx1n5r4v9t [2022-01-27] (Blender Foundation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.11.277.0_x64__rz1tebttyb220 [2022-01-22] (Dolby Laboratories)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-10-31] (Apple Inc.) [Startup Task]
Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.10.0.0_x64__ey8k8hqnwqnmg [2021-12-20] (Kali Linux)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2018-10-30] (LinkedIn)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-21] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.14827.20158.0_x86__8wekyb3d8bbwe [2022-02-04] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.14827.20158.0_x86__8wekyb3d8bbwe [2022-02-04] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.14827.20158.0_x86__8wekyb3d8bbwe [2022-02-04] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.14827.20158.0_x86__8wekyb3d8bbwe [2022-02-04] (Microsoft Corporation)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-20] (Pandora Media Inc) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-12-05] (Microsoft Corporation)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.511.267.0_x86__55nm5eh3cm0pr [2022-01-27] (ROBLOX Corporation)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2021-11-16] (Ookla)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1554008632-2707299731-3271863535-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-07726D647F07} -> [Creative Cloud Files] => C:\Users\Alex\Creative Cloud Files [2021-08-20 17:57]
CustomCLSID: HKU\S-1-5-21-1554008632-2707299731-3271863535-1003_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-15] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-12-08] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-10-19] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-12-01] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-11-26] (Adobe Inc. -> )
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-12-15] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\Windows\System32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2014-10-19] (Electronic Arts -> On2.com)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-05-27 10:55 - 2021-05-27 10:55 - 001418240 _____ () [File not signed] [File is in use] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\Intel\ISPCTexComp\Win64-Release\ispc_texcomp.dll
2021-05-27 10:55 - 2021-05-27 10:55 - 001810944 _____ () [File not signed] [File is in use] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\libsndfile\Win64\libsndfile-1.dll
2021-05-27 10:56 - 2021-05-27 10:56 - 000752128 _____ () [File not signed] [File is in use] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\QualComm\Win64\TextureConverter.dll
2021-05-27 10:56 - 2021-05-27 10:56 - 001839616 _____ () [File not signed] [File is in use] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\ShaderConductor\Win64\ShaderConductor.dll
2021-05-27 10:56 - 2021-05-27 10:56 - 029624832 _____ () [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\ShaderConductor\Win64\dxcompiler.dll
2021-05-27 10:55 - 2021-05-27 10:55 - 000049152 _____ (Epic Games, Inc.) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\Ogg\Win64\VS2015\libogg_64.dll
2021-05-27 10:56 - 2021-05-27 10:56 - 001714176 _____ (Epic Games, Inc.) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\Vorbis\Win64\VS2015\libvorbis_64.dll
2021-05-27 10:56 - 2021-05-27 10:56 - 000037888 _____ (Epic Games, Inc.) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\Vorbis\Win64\VS2015\libvorbisfile_64.dll
2021-09-18 11:27 - 2021-09-18 11:27 - 000214528 _____ (Epic Games, Inc.) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Plugins\Bridge\Binaries\Win64\UnrealEditor-Bridge.dll
2021-09-18 11:27 - 2021-09-18 11:27 - 000493568 _____ (Epic Games, Inc.) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Plugins\Bridge\Binaries\Win64\UnrealEditor-MegascansPlugin.dll
2021-05-27 10:56 - 2021-05-27 10:56 - 001364256 _____ (Microsoft Corporation -> Microsoft Corporation) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\ShaderConductor\Win64\dxil.dll
2021-05-27 10:55 - 2021-05-27 10:55 - 001425920 _____ (NVIDIA Corporation) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\NVIDIA\NVaftermath\Win64\GFSDK_Aftermath_Lib.x64.dll
2021-05-27 10:55 - 2021-05-27 10:55 - 000160256 _____ (NVIDIA Corporation) [File not signed] D:\Program Files\Epic Games\UE_5.0EA\Engine\Binaries\ThirdParty\nvTextureTools\Win64\AVX2\nvtt_64.dll

==================== Alternate Data Streams (Whitelisted) ========
 
Part 2 of ADDITION LOG


==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-1554008632-2707299731-3271863535-1003 -> {92C69525-27B0-4CC7-B6B9-07D32FC1CE05} URL =

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 17:38 - 2022-01-08 03:23 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-01-02 10:31 - 2021-03-30 15:19 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python39\Scripts\;C:\Python39\;D:\Oculus\Support\oculus-runtime;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\dotnet\;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\nodejs\;C:\ProgramData\chocolatey\bin;D:\Downloads\Apps\ghidra_10.1-BETA_PUBLIC_20211116\ghidra_10.1-BETA_PUBLIC\jdk-11.0.13+8\bin;C:\Program Files\PuTTY\
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\Pictures\144465.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled)
NordLynx: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled)
NordLynx 1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AGSService => 3
MSCONFIG\Services: AMD Crash Defender Service => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: avast! Tools => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: DriverUpdSvc => 2
MSCONFIG\Services: DSAService => 3
MSCONFIG\Services: DSAUpdateService => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 3
MSCONFIG\Services: OVRLibraryService => 3
MSCONFIG\Services: OVRService => 3
MSCONFIG\Services: Red Giant Service => 3
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "Avast Cleanup Premium.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "MSIRegister"
HKLM\...\StartupApproved\Run32: => "Super Charger"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\StartupFolder: => "Tamriel Trade Centre Client.lnk"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\StartupFolder: => "Multiple_Roblox.exe"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\StartupFolder: => "Reallusion Hub.lnk"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "Keybase.Keybase.GUI"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-1554008632-2707299731-3271863535-1003\...\StartupApproved\Run: => "electron.app.Pi Network"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{28D4AF1F-F428-4514-9B4F-9BE546F21A05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8EBA6ADD-A758-4533-B56A-83D58EFEAC44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6E5F7831-B269-49B9-8643-7564E9792FED}] => (Allow) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{ECAAE5A6-F0CB-416B-BBA6-9FF7C3544821}] => (Allow) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{8015E21C-C4F7-4A7A-BA0A-9FE010F839E4}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{6DB7FE4E-9443-4B52-A670-D13B7F07EFEB}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4251935A-E068-4489-B78D-0E3D843162C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{11A54799-C44F-4B5E-B306-98A98CB2B7D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{83F40EFF-A9DE-48C0-B376-B9072D4C0952}] => (Allow) D:\Program Files\Steam\SteamLibrary\steamapps\common\Halo Infinite\HaloInfinite.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)
FirewallRules: [{1BF62BD5-4236-4DA7-B778-5A25DA91DD4E}] => (Allow) D:\Program Files\Steam\SteamLibrary\steamapps\common\Halo Infinite\HaloInfinite.exe (343 Industries (Microsoft Corporation) -> Microsoft Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: TAP-NordVPN Windows Adapter V9
Description: TAP-NordVPN Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-NordVPN Windows Provider V9
Service: tapnordvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Dual Band Wireless-AC 3168
Description: Intel(R) Dual Band Wireless-AC 3168
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/04/2022 11:55:51 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: ALEXPC)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/04/2022 11:22:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.19041.1320, time stamp: 0xce7b1aee
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1466, time stamp: 0xe01c7650
Exception code: 0xc0000409
Fault offset: 0x000000000010b362
Faulting process id: 0x2770
Faulting application start time: 0x01d819ebd151c08a
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 1aca2fd7-6e61-4eb3-8934-645e54cd66c7
Faulting package full name:
Faulting package-relative application ID:

Error: (02/04/2022 11:14:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fing.exe, version: 2.8.0.297, time stamp: 0x613f7e87
Faulting module name: Fing.exe, version: 2.8.0.297, time stamp: 0x613f7e87
Exception code: 0xc0000409
Fault offset: 0x0000000003821545
Faulting process id: 0x199c
Faulting application start time: 0x01d819ea38e38ab6
Faulting application path: C:\Program Files\Fing\Fing.exe
Faulting module path: C:\Program Files\Fing\Fing.exe
Report Id: 00209580-0b98-4fde-accc-a988083651b5
Faulting package full name:
Faulting package-relative application ID:

Error: (02/04/2022 11:09:29 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (02/04/2022 11:09:29 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (02/03/2022 05:16:07 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: ALEXPC)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/03/2022 03:48:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 91.5.0.8188 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 536c

Start Time: 01d817759c1e6a40

Termination Time: 307

Application Path: D:\Users\Alex\Tor Browser\Browser\firefox.exe

Report Id: dd7cdfd8-ced1-4073-b42e-fa0616dacd93

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (02/03/2022 03:47:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program filezilla.exe version 3.55.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 25fc

Start Time: 01d817c154b5e060

Termination Time: 803

Application Path: D:\Program Files\FileZilla FTP Client\filezilla.exe

Report Id: 00baf713-b350-4579-9cac-ea7fbb9ae66e

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown


System errors:
=============
Error: (02/04/2022 12:42:04 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/04/2022 12:42:04 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/04/2022 11:26:13 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/04/2022 11:26:13 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/04/2022 11:22:42 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/04/2022 11:22:42 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (02/04/2022 11:11:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Tools service.

Error: (02/04/2022 11:11:17 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.


CodeIntegrity:
===============
Date: 2022-02-04 12:00:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2022-02-04 11:11:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.E0 04/24/2018
Motherboard: Micro-Star International Co., Ltd. B350M BAZOOKA (MS-7A38)
Processor: AMD Ryzen 5 2600 Six-Core Processor
Percentage of memory in use: 51%
Total physical RAM: 16335.29 MB
Available physical RAM: 7950.05 MB
Total Virtual: 35614.59 MB
Available Virtual: 14793.66 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:222.97 GB) (Free:22.73 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1863 GB) (Free:497.17 GB) NTFS
Drive e: (Elements) (Fixed) (Total:698.63 GB) (Free:1.5 GB) NTFS

\\?\Volume{5f3ca7dd-707c-47b4-8044-fc18aa0e2fc7}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{8218c6d2-a48c-4ed3-9643-5ff9d4b4c99e}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 223.6 GB) (Disk ID: 6E3167A4)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 00027032)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
So far, I don't see much.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
All the detections I already knew what they were I believe them to be false positives besides 2 of them that were in the macro recorder folder I wasn't aware of those but went ahead and removed everything and still getting error messages and permission issues upon restart

Rouge Log

Program : RogueKiller Anti-Malware
Version : 15.2.0.0
x64 : Yes
Program Date : Jan 20 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : Yes
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Alex
User is Admin : Yes
Date : 2022/02/04 19:56:11
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 1514
Found items : 5
Total scanned : 140303
Signatures Version : 20220204_075642
Truesight Driver : Yes
Updates Count : 12

************************* Warnings *************************

************************* Removal *************************
[Tr.Gen (Malicious)] HKEY_USERS\S-1-5-21-1554008632-2707299731-3271863535-1003\Software\Microsoft\Windows\CurrentVersion\Run|com.messenger -- [%localappdata%\Programs\Messenger\Messenger.exe] -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : HKEY_USERS\S-1-5-21-1554008632-2707299731-3271863535-1003\Software\Microsoft\Windows\CurrentVersion\Run|com.messenger
[+] value : [%localappdata%\Programs\Messenger\Messenger.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[MalPE.99 (Potentially Malicious)] Adobe Photoshop 2020.lnk -- %_Alex_appdata%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop 2020.lnk (lnk => D:\Downloads\Apps\ps port\negoziodifoto202\Adobe Photoshop 2020 Portable.exe []) -> Deleted
[+] scan_what : 1
[+] vendors : MalPE.99
[+] Name : Adobe Photoshop 2020.lnk
[+] value : %_Alex_appdata%\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop 2020.lnk (lnk => D:\Downloads\Apps\ps port\negoziodifoto202\Adobe Photoshop 2020 Portable.exe [])
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 99

[Tr.Gen (Malicious)] Messenger -- %localappdata%\Programs\Messenger -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : Messenger
[+] value : %localappdata%\Programs\Messenger
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 2
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Cloud.Generic (Malicious)] extp.etl -- %programfiles(x86)%\MacroRecorder\extp.etl -> Deleted
[+] scan_what : 1
[+] vendors : Cloud.Generic
[+] Name : extp.etl
[+] value : %programfiles(x86)%\MacroRecorder\extp.etl
[+] Type : File/Folder
[+] file_hash : 3E4E1E26F8DD7C4168DCBB19E924C613DB7BC8B732210341193F608EC1650405
[+] file_vtscore : 5
[+] file_vttotal : 64
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 3
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 95

[Cloud.Generic (Malicious)] test.exe -- %programfiles(x86)%\MacroRecorder\test.exe -> Deleted
[+] scan_what : 1
[+] vendors : Cloud.Generic
[+] Name : test.exe
[+] value : %programfiles(x86)%\MacroRecorder\test.exe
[+] Type : File/Folder
[+] file_hash : 3BC947A9591D0BD3CE2D03B80B007D8BEE55C21A7D51E2B248A014C37846F7A5
[+] file_vtscore : 7
[+] file_vttotal : 65
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 95



MWB LOG

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/4/22
Scan Time: 2:06 PM
Log File: f30fea1c-85f5-11ec-9639-309c2367901d.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.50711
License: Trial

-System Information-
OS: Windows 10 (Build 19043.1466)
CPU: x64
File System: NTFS
User: AlexPC\Alex

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 436922
Threats Detected: 7
Threats Quarantined: 7
Time Elapsed: 9 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 7
HackTool.FilePatch, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\75A5009E6618106A.VIR, Quarantined, 7267, 281135, 1.0.50711, 37ACC780B9C11CEF0608DBF8, dds, 01628284, 3AFE75DC624E42FC7DC6E4765D208119, F387F9B9B76D3653AAFFB4E4D668B715F01A08E3B21E7BDC0B9DC78A85EA8C03
Malware.AI.3559850011, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\391E176444FAC4D2.VIR, Quarantined, 1000000, 0, 1.0.50711, 0E1CE23EF78B0151D42F001B, dds, 01628284, 848C6A05973206C2596D3593FBEE4E3B, E670B5B92F2565D83DB6CDAD1BEAFE5D571B50D625EB1BAF72C5C393B19DBA64
Malware.Heuristic.1003, C:\USERS\ALEX\DESKTOP\SHORTCUTS\HACKS\CSGO HACKS\CORSAIR INJECTOR V3.EXE, Quarantined, 1000001, 0, 1.0.50711, 0000000000000000000003EB, dds, 01628284, BA816FE913169F65E5FCE0D3B476399F, 09C0EC0B87A5018D93D327B43C0C6ABC5C12CE652D65DBF6BA54904787F790A4
Malware.AI.1152507994, C:\USERS\ALEX\DESKTOP\SHORTCUTS\HACKS\PHASMO HACK\SHARPMONOINJECTOR.DLL, Quarantined, 1000000, 0, 1.0.50711, BCE5931CC343209544B1E05A, dds, 01628284, A14B50C4B8D13AF2A42FCEAFDCEA837C, 63A6DCBCC717094BFBE8098B904D72DBF28DCFD7723136B939F3EF9BE59A3DE6
Malware.AI.1649169948, C:\USERS\ALEX\DESKTOP\SHORTCUTS\HACKS\CSGO HACKS\OSIRIS.DLL, Quarantined, 1000000, 0, 1.0.50711, CA1CBFAD2661A0CB624C561C, dds, 01628284, 34DFF07147E3F51655EDC45D294F7FF3, DE1C7AC798CD3E486253CA6628370636359ED0860D556E04700B57B5700BA6A2
Malware.AI.215723681, C:\USERS\ALEX\DESKTOP\SHORTCUTS\HACKS\CSGO HACKS\BOYNEXTHOOK_05.03.20.DLL, Quarantined, 1000000, 0, 1.0.50711, A3B28CA738E4941D0CDBAEA1, dds, 01628284, 2CCF595DFF87AFBE743AA6CCE4AC8977, 3B0A7DE96C2FCB4AEA90FB5B1FFD9D37C11192202BD51B090A6703E682FA8746
Malware.AI.3559850011, C:\USERS\ALEX\DESKTOP\WII\USBEXTREME_WININST.ZIP, Quarantined, 1000000, 0, 1.0.50711, 0E1CE23EF78B0151D42F001B, dds, 01628284, 68B0BD78D4532C0EBB4B2385CE12D051, 0BF6CB4F3FBBB5E79814D4BEAD00F53D68D75B3CBA126F74238F7405DC1934EC

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)


ADW LOG

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-02-03.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-04-2022
# Duration: 00:00:06
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock
[+] Reset Windows Installer

*************************

AdwCleaner[S00].txt - [1406 octets] - [19/12/2021 19:09:24]
AdwCleaner[C00].txt - [1842 octets] - [19/12/2021 19:10:32]
AdwCleaner[S01].txt - [1528 octets] - [08/01/2022 03:22:08]
AdwCleaner[S02].txt - [1589 octets] - [08/01/2022 03:23:15]
AdwCleaner[C02].txt - [1996 octets] - [08/01/2022 03:23:23]
AdwCleaner[S03].txt - [1711 octets] - [04/02/2022 14:24:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########
 
I don't see anything malicious there.
Whatever is causing your issue is not malware related.
I suggest new topic in Windows forum.
 
Back