Solved Malware removal for my son's pc

NonTechyDad

Posts: 26   +0
Greetings,

I am trying to remove virus/malware off of my son's computer and this is my first time using farbar scan. I have generated the FRST and Addition.txt files but I am not sure what to do next. The system has restricted his admin priv's.

Thank you for any help in advance.

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2022
Ran by TheVerbalArteest (administrator) on DESKTOP-RIMVDU7 (Hewlett-Packard HP Compaq dc7900 Small Form Factor) (17-07-2022 06:15:26)
Running from C:\Users\TheVe\Desktop
Loaded Profiles: TheVerbalArteest & temp.fix
Platform: Microsoft Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Users\TheVe\AppData\Local\wdkmbcg\wdkmbcg.exe ->) () [Access Denied] C:\Users\TheVe\AppData\Local\wdkmbcg\raakpmi.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <24>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(services.exe ->) (Andrea Electronics Corporation) [File not signed] C:\Windows\System32\AEADISRV.EXE
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <5>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed] C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe
(services.exe ->) (TOSHIBA CORPORATION) [File not signed] [File is in use] C:\Windows\System32\spsnzersvc.exe
(spsnzersvc.exe ->) () [Access Denied] C:\Users\TheVe\AppData\Local\wdkmbcg\wdkmbcg.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.55.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.580_none_ead976921d8220dc\TiWorker.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe <2>
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) [File not signed]
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\TheVe\AppData\Local\splice\app-3.3.109793\Splice.exe (No File)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [Browser Manager] => C:\Users\TheVe\AppData\Local\Yandex\BrowserManager\MBLauncher.exe (No File)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [MP3 Skype recorder] => C:\Users\TheVe\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [3880584 2018-11-11] (DOMIT LIMITED -> Domit UK LTD)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [GoogleChromeAutoLaunch_C4EF761CAF8184320C85D0131A064097] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2673480 2022-07-01] (Google LLC -> Google LLC)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\MountPoints2: {6cae8016-6a0c-11e9-8827-0050b6294e10} - "F:\MfeEERM.exe"
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\temp.fix\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\temp.fix\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\IppMon: C:\WINDOWS\system32\IPPMon.dll [251392 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-07] (Google LLC -> Google LLC)
Startup: C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-28]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00ADCC9D-F367-488C-ACFF-7AD89E3C1236} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0C02645C-34C1-4AFF-894F-0EB347BDF67B} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0EAE4EF2-C8D0-4E1C-BA7C-324099D4BCAD} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (No File)
Task: {1BAD968B-ADC1-4484-A863-B2A06EAFE2F3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378880 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {231268DA-C332-4852-9926-BAFDEBAAB7FC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560304 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {289FAC5C-A456-425D-9877-8A3A4EF2B0B4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3C3B1D1A-7930-45F4-AF52-29CB173E0C97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {405D6045-7143-4BE5-97EE-F7D0352A2C87} - System32\Tasks\categorizations exasperated relishing => C:\Users\TheVe\AppData\Local\Antigens.exe oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK (No File)
Task: {572F0843-E2DF-4F65-8616-0278EA00AFE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {5CB93FB4-EF3B-4B2C-BD29-1E81715BFE69} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2022-01-31] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {60DA993F-7DA0-4198-84B6-59987281D6AC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6321E5BE-09B8-4234-996E-A28BBAE5AF56} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {67162561-8F50-4C28-9AA0-2327EF46EA96} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FFB5A39-DF90-4F51-821C-773F98FF1AE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {77E46CF6-4F8F-4D7E-A3AF-C93242C36133} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {793B7B22-EA3A-4010-8789-DB8E9801C23D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1003888 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {799EDE7A-1487-41C3-A300-B3D44D41A7EC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8012F695-FA52-47B6-95D5-3FB8261052E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [562544 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85B15520-C670-407E-8397-57FAB64CFE94} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378880 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BC64336-A8E1-4B80-9704-560E560103E1} - System32\Tasks\categorizations exasperated relishingcategorizations exasperated relishing => C:\Users\TheVe\AppData\Local\Antigens.exe oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK (No File)
Task: {A1A3D805-19B0-453D-983B-BCE709E9EF50} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A30A24E9-B197-467B-A1FD-7E3262117A46} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116656 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6F81679-D86A-4D96-9E47-C5E6FFF20F6D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {AA017D50-057E-4683-940B-F79DBF9A27BB} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {AA797A31-5155-491F-A119-4A294BC4B676} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AE888DB4-C560-4D6A-ABC9-ED569DB35432} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B60F94EF-967B-4F92-89F7-DFA38E4268F7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D88B52CD-F1A8-4413-B610-EE2D2B5548B8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {E0243755-C9B2-4D4E-9D7E-FE9CFA0B86C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {E2158A77-C3D3-4EB4-8BDC-390BEA3340FE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {E5CCEF5F-F876-475E-9271-80701F601FCA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F2D357E0-2829-4406-BA91-95667E031E16} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116656 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{665f913f-0411-4e38-b250-529f0438f3e7}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{d99ff61f-598e-4809-921f-9121ab7cc41e}: [DhcpNameServer] 208.59.247.45 208.59.247.46

Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-3999933350-674082219-2972644759-1001 -> hxxps://www.yandex.ru/?win=362&clid=2255618

FireFox:
========
FF DefaultProfile: nahd6ha2.default
FF ProfilePath: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2022-07-17]
FF NewTabOverride: Mozilla\Firefox\Profiles\nahd6ha2.default -> Disabled: vb@yandex.ru
FF Extension: (Visual Bookmarks) - C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru.xpi [2022-06-21]
FF SearchPlugin: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20182703.xml [2018-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2019-05-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-06-06] [Legacy] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default [2022-07-17]
CHR Notifications: Default -> hxxps://go.proctoru.com; hxxps://slimsk.pro; hxxps://www.facebook.com; hxxps://www.tiktok.com
CHR Extension: (Privacy Pass) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2022-06-21]
CHR Extension: (Chrome IG Story) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-13]
CHR Extension: (DownAlbum) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2022-07-04]
CHR Extension: (Video Downloader professional) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2022-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-18]
CHR Extension: (Google Play Books) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Vimeo Downloader Professional) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaallccmjamifmbnammngacjphelonn [2020-03-07]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-07-17]
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec]

Yandex:
=======
YAN Profile: C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default [2018-12-03]
YAN Extension: (Rating Program Extension - Cloud) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\aeblbnaefoaakjgpedmjbogemoegfdfm [2018-12-03]
YAN Extension: (Chrome IG Story) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-12-03]
YAN Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-12-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"ixdog" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\ixdog => C:\WINDOWS\System32\drivers\ianruybe.sys [145744 2022-06-24] (Access Denied) [File not signed] <==== ATTENTION (Rootkit!/Locked Service)
"MBAMInstallerService" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMInstallerService => C:\Users\TheVe\AppData\Local\Temp\MBAMInstallerService.exe [8693208 2022-07-17] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION (Rootkit!/Locked Service)
"MBAMWebProtection" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => \SystemRoot\system32\DRIVERS\mwac.sys <==== ATTENTION (Rootkit!/Locked Service)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111264 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-05-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 Synchro Arts License Manager; C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe [175488 2008-02-22] (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation -> Intel Corporation)
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [X]
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender SRL -> Bitdefender)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 LoopBeMidi1; C:\WINDOWS\system32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de) [File not signed]
S4 lzrutis; C:\WINDOWS\System32\drivers\vdrcuspz.sys [148816 2019-04-23] () [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-22] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-06-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
R3 mpswzc; system32\drivers\svzcfj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-17 06:05 - 2022-07-17 06:11 - 000054253 _____ C:\Users\TheVe\Desktop\Addition.txt
2022-07-17 06:02 - 2022-07-17 06:16 - 000028807 _____ C:\Users\TheVe\Desktop\FRST.txt
2022-07-17 05:54 - 2022-07-17 06:16 - 000000000 ____D C:\FRST
2022-07-17 05:52 - 2022-07-17 05:52 - 002369536 _____ (Farbar) C:\Users\TheVe\Desktop\FRST64.exe
2022-07-17 05:41 - 2022-07-17 05:43 - 000004974 _____ C:\Users\TheVe\Downloads\.6efeab48d0425dd4637604354adea9c6476d2ade.parts
2022-07-17 05:37 - 2022-07-17 05:37 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t334847.torrent
2022-07-17 05:37 - 2022-07-17 05:37 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.6.202.x64.WIN
2022-07-17 05:13 - 2022-07-17 05:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-17 05:13 - 2022-07-17 05:13 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-17 05:12 - 2022-07-17 05:13 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-07-17 05:10 - 2022-07-17 05:10 - 000000000 ____D C:\Users\temp.fix\ansel
2022-07-17 05:07 - 2022-07-17 05:07 - 000001417 _____ C:\Users\temp.fix\Desktop\Microsoft Edge.lnk
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ___HD C:\Users\temp.fix\MicrosoftEdgeBackups
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\MicrosoftEdge
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\CEF
2022-07-17 05:06 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA Corporation
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ___RD C:\Users\temp.fix\3D Objects
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\VirtualStore
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Google
2022-07-17 05:05 - 2022-07-17 05:36 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Packages
2022-07-17 05:05 - 2022-07-17 05:13 - 000002379 _____ C:\Users\temp.fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-17 05:05 - 2022-07-17 05:12 - 000000000 ___RD C:\Users\temp.fix\OneDrive
2022-07-17 05:05 - 2022-07-17 05:10 - 000000000 ____D C:\Users\temp.fix
2022-07-17 05:05 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\ConnectedDevicesPlatform
2022-07-17 05:05 - 2022-07-17 05:05 - 000000020 ___SH C:\Users\temp.fix\ntuser.ini
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Roaming\Adobe
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\TileDataLayer
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Publishers
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Comms
2022-07-17 05:05 - 2016-09-02 11:32 - 000000319 _____ C:\Users\temp.fix\Desktop\Get Office 365 Personal.url
2022-07-17 05:05 - 2016-09-02 11:31 - 000000194 _____ C:\Users\temp.fix\Desktop\Get Office 365 Home.url
2022-07-17 05:05 - 2016-08-31 16:58 - 000000154 _____ C:\Users\temp.fix\Desktop\Microsoft Store.url
2022-07-17 03:53 - 2022-07-17 04:11 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.7.214.x64.WIN
2022-07-17 03:52 - 2022-07-17 03:52 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t339695.torrent
2022-07-10 23:19 - 2022-07-10 23:19 - 001232282 _____ C:\Users\TheVe\Downloads\Blank.zip
2022-07-05 11:59 - 2022-07-05 11:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\aundsgb
2022-07-02 00:29 - 2022-07-02 00:29 - 000000000 _____ C:\Users\TheVe\Downloads\download
2022-06-30 08:34 - 2022-07-17 03:25 - 000000170 _____ C:\WINDOWS\wininit.ini
2022-06-30 04:43 - 2022-06-30 04:43 - 000800839 _____ C:\Users\TheVe\Downloads\Bluster.zip
2022-06-28 04:56 - 2022-06-28 04:58 - 1367096420 _____ C:\Users\TheVe\Downloads\Adobe Flash Pro CS6.exe
2022-06-28 04:46 - 2022-06-28 04:47 - 130656256 _____ C:\Users\TheVe\Downloads\Searching for_ adobe animate in_.iso
2022-06-28 04:45 - 2022-06-28 04:45 - 130656256 _____ C:\Users\TheVe\Downloads\Adobe Animate CC 2017 v16.0.1 (x64) + Crack [Sa....iso
2022-06-24 05:22 - 2022-06-24 05:22 - 000000000 ____D C:\Users\TheVe\AppData\Local\pwhvnux
2022-06-24 05:18 - 2022-06-24 05:18 - 000145744 ____N C:\WINDOWS\system32\Drivers\ianruybe.sys
2022-06-21 09:36 - 2022-06-21 09:36 - 000005473 _____ C:\Users\TheVe\Downloads\index(1).m3u8
2022-06-21 09:36 - 2022-06-21 09:36 - 000005445 _____ C:\Users\TheVe\Downloads\index.m3u8
2022-06-21 09:26 - 2022-06-21 09:26 - 000104140 _____ C:\Users\TheVe\Downloads\NEWDAYLYTvideoplayback.mp4
2022-06-21 09:19 - 2022-06-21 09:20 - 000211848 _____ C:\Users\TheVe\Downloads\DAYLYT “ Battlr rap talk ! Matches I want to seeee.mp4
2022-06-21 09:18 - 2022-06-21 09:19 - 001291014 _____ C:\Users\TheVe\Downloads\DAYLYTvideoplayback.mp4
2022-06-21 08:48 - 2022-07-17 05:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-06-21 08:48 - 2022-07-17 03:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-21 07:33 - 2022-06-24 05:15 - 000000000 ____D C:\Users\TheVe\Desktop\battle life
2022-06-19 07:17 - 2022-06-19 07:17 - 000000000 ____D C:\ProgramData\obs-studio-hook
2022-06-19 05:13 - 2022-06-19 05:13 - 000000798 _____ C:\Users\TheVe\Downloads\init-stream_0.m4s.mp4.mp4
2022-06-18 00:42 - 2022-06-18 00:42 - 000000000 ____D C:\Users\TheVe\AppData\Local\snbdpxc

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-17 06:11 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-17 06:08 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-17 06:05 - 2018-02-08 18:55 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\qBittorrent
2022-07-17 05:54 - 2018-01-26 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-17 05:51 - 2019-04-27 20:20 - 000000000 ____D C:\Users\TheVe\AppData\LocalLow\Mozilla
2022-07-17 05:39 - 2019-04-23 22:47 - 000000000 ____D C:\Users\TheVe\AppData\Local\wdkmbcg
2022-07-17 05:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-17 05:35 - 2018-06-22 18:29 - 000000000 ____D C:\ProgramData\Packages
2022-07-17 05:34 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-17 05:11 - 2018-04-12 16:09 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-17 05:06 - 2016-11-20 14:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-17 04:30 - 2018-04-16 12:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\CrashDumps
2022-07-17 04:18 - 2018-08-14 12:56 - 000000000 ____D C:\Users\TheVe\AppData\Local\D3DSCache
2022-07-17 04:16 - 2018-02-17 21:04 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-17 04:12 - 2018-01-28 18:41 - 000000000 ____D C:\Users\TheVe\AppData\Local\Adobe
2022-07-17 04:12 - 2018-01-28 18:41 - 000000000 ____D C:\ProgramData\Adobe
2022-07-17 03:25 - 2019-04-27 20:20 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-17 03:25 - 2019-04-27 20:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-17 02:32 - 2018-05-22 18:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-15 22:19 - 2018-05-22 19:13 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-15 22:19 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2022-07-14 07:41 - 2022-02-14 11:30 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-14 07:41 - 2018-05-22 19:15 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-14 07:41 - 2018-05-22 19:00 - 000002386 _____ C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-13 07:38 - 2019-06-11 00:17 - 000000132 _____ C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2022-07-09 03:11 - 2017-01-11 15:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-07 10:55 - 2018-01-26 12:10 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-07 10:55 - 2018-01-26 12:10 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-06 05:35 - 2018-01-26 23:45 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\vlc
2022-07-05 11:55 - 2018-05-22 19:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-05 11:54 - 2019-04-23 21:56 - 002930176 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\spsnzersvc.exe
2022-06-30 08:54 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Local\Packages
2022-06-29 08:15 - 2022-02-14 03:49 - 000000000 ____D C:\Users\TheVe\AppData\Local\ElevatedDiagnostics
2022-06-24 05:19 - 2018-04-11 17:04 - 018612224 _____ C:\WINDOWS\system32\config\HARDWARE
2022-06-24 05:19 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-06-21 09:35 - 2018-01-26 13:59 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2022-06-21 08:48 - 2019-04-27 20:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-19 10:59 - 2018-01-26 14:30 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\obs-studio

==================== Files in the root of some directories ========

2018-12-03 16:23 - 2018-12-03 16:24 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2018-12-03 16:23 - 2018-12-03 16:24 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2018-08-09 16:03 - 2018-09-17 18:03 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-08-09 16:03 - 2018-09-17 18:03 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-06-11 00:16 - 2019-06-12 10:41 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2019-06-11 00:17 - 2022-07-13 07:38 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-03-10 17:10 - 2020-11-21 19:35 - 000000032 _____ () C:\Users\TheVe\AppData\Roaming\msregsvv.dll
2018-02-18 15:51 - 2022-02-19 11:25 - 000002824 _____ () C:\Users\TheVe\AppData\Roaming\VoiceMeeterDefault.xml
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_essentials.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000109 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c-4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_bc3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_ds.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eg.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eq.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_lc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_mc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_me.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_sc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_tg.txt
2020-10-16 15:27 - 2020-10-16 15:27 - 000000787 _____ () C:\Users\TheVe\AppData\Local\recently-used.xbel

==================== FLock ==============================

2019-04-23 21:56 C:\WINDOWS\system32\zacldsw
2022-07-05 11:54 C:\WINDOWS\system32\config\SYSTEM
2022-06-24 05:18 C:\WINDOWS\system32\Drivers\ianruybe.sys
2018-12-03 23:25 C:\Users\TheVe\AppData\Roaming\wow64_microsoft-windows-I..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_4025bb8924a11670
2022-07-17 05:39 C:\Users\TheVe\AppData\Local\wdkmbcg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

NonTechyDad

Posts: 26   +0
Greetings,

I am trying to remove virus/malware off of my son's computer and this is my first time using farbar scan. I have generated the FRST and Addition.txt files but I am not sure what to do next. The system has restricted his admin priv's.

Thank you for any help in advance.

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2022
Ran by TheVerbalArteest (administrator) on DESKTOP-RIMVDU7 (Hewlett-Packard HP Compaq dc7900 Small Form Factor) (17-07-2022 06:15:26)
Running from C:\Users\TheVe\Desktop
Loaded Profiles: TheVerbalArteest & temp.fix
Platform: Microsoft Windows 10 Home Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Users\TheVe\AppData\Local\wdkmbcg\wdkmbcg.exe ->) () [Access Denied] C:\Users\TheVe\AppData\Local\wdkmbcg\raakpmi.exe <2>
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <24>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(services.exe ->) (Andrea Electronics Corporation) [File not signed] C:\Windows\System32\AEADISRV.EXE
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel(R) Driver & Support Assistant -> Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <5>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed] C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe
(services.exe ->) (TOSHIBA CORPORATION) [File not signed] [File is in use] C:\Windows\System32\spsnzersvc.exe
(spsnzersvc.exe ->) () [Access Denied] C:\Users\TheVe\AppData\Local\wdkmbcg\wdkmbcg.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.1.55.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.580_none_ead976921d8220dc\TiWorker.exe
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe <2>
(svchost.exe ->) (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) [File not signed]
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\TheVe\AppData\Local\splice\app-3.3.109793\Splice.exe (No File)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [Browser Manager] => C:\Users\TheVe\AppData\Local\Yandex\BrowserManager\MBLauncher.exe (No File)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [MP3 Skype recorder] => C:\Users\TheVe\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [3880584 2018-11-11] (DOMIT LIMITED -> Domit UK LTD)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [GoogleChromeAutoLaunch_C4EF761CAF8184320C85D0131A064097] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2673480 2022-07-01] (Google LLC -> Google LLC)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\MountPoints2: {6cae8016-6a0c-11e9-8827-0050b6294e10} - "F:\MfeEERM.exe"
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\temp.fix\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\temp.fix\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\IppMon: C:\WINDOWS\system32\IPPMon.dll [251392 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-07] (Google LLC -> Google LLC)
Startup: C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-28]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00ADCC9D-F367-488C-ACFF-7AD89E3C1236} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0C02645C-34C1-4AFF-894F-0EB347BDF67B} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0EAE4EF2-C8D0-4E1C-BA7C-324099D4BCAD} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (No File)
Task: {1BAD968B-ADC1-4484-A863-B2A06EAFE2F3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378880 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {231268DA-C332-4852-9926-BAFDEBAAB7FC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560304 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {289FAC5C-A456-425D-9877-8A3A4EF2B0B4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3C3B1D1A-7930-45F4-AF52-29CB173E0C97} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {405D6045-7143-4BE5-97EE-F7D0352A2C87} - System32\Tasks\categorizations exasperated relishing => C:\Users\TheVe\AppData\Local\Antigens.exe oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK (No File)
Task: {572F0843-E2DF-4F65-8616-0278EA00AFE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {5CB93FB4-EF3B-4B2C-BD29-1E81715BFE69} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2022-01-31] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {60DA993F-7DA0-4198-84B6-59987281D6AC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6321E5BE-09B8-4234-996E-A28BBAE5AF56} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {67162561-8F50-4C28-9AA0-2327EF46EA96} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FFB5A39-DF90-4F51-821C-773F98FF1AE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {77E46CF6-4F8F-4D7E-A3AF-C93242C36133} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {793B7B22-EA3A-4010-8789-DB8E9801C23D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1003888 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {799EDE7A-1487-41C3-A300-B3D44D41A7EC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8012F695-FA52-47B6-95D5-3FB8261052E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [562544 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85B15520-C670-407E-8397-57FAB64CFE94} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378880 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BC64336-A8E1-4B80-9704-560E560103E1} - System32\Tasks\categorizations exasperated relishingcategorizations exasperated relishing => C:\Users\TheVe\AppData\Local\Antigens.exe oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK (No File)
Task: {A1A3D805-19B0-453D-983B-BCE709E9EF50} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A30A24E9-B197-467B-A1FD-7E3262117A46} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116656 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6F81679-D86A-4D96-9E47-C5E6FFF20F6D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {AA017D50-057E-4683-940B-F79DBF9A27BB} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {AA797A31-5155-491F-A119-4A294BC4B676} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AE888DB4-C560-4D6A-ABC9-ED569DB35432} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MpCmdRun.exe [469928 2019-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B60F94EF-967B-4F92-89F7-DFA38E4268F7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D88B52CD-F1A8-4413-B610-EE2D2B5548B8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {E0243755-C9B2-4D4E-9D7E-FE9CFA0B86C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {E2158A77-C3D3-4EB4-8BDC-390BEA3340FE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {E5CCEF5F-F876-475E-9271-80701F601FCA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F2D357E0-2829-4406-BA91-95667E031E16} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116656 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{665f913f-0411-4e38-b250-529f0438f3e7}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{d99ff61f-598e-4809-921f-9121ab7cc41e}: [DhcpNameServer] 208.59.247.45 208.59.247.46

Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-3999933350-674082219-2972644759-1001 -> hxxps://www.yandex.ru/?win=362&clid=2255618

FireFox:
========
FF DefaultProfile: nahd6ha2.default
FF ProfilePath: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2022-07-17]
FF NewTabOverride: Mozilla\Firefox\Profiles\nahd6ha2.default -> Disabled: vb@yandex.ru
FF Extension: (Visual Bookmarks) - C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru.xpi [2022-06-21]
FF SearchPlugin: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20182703.xml [2018-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2019-05-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-06-06] [Legacy] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default [2022-07-17]
CHR Notifications: Default -> hxxps://go.proctoru.com; hxxps://slimsk.pro; hxxps://www.facebook.com; hxxps://www.tiktok.com
CHR Extension: (Privacy Pass) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2022-06-21]
CHR Extension: (Chrome IG Story) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2019-02-13]
CHR Extension: (DownAlbum) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2022-07-04]
CHR Extension: (Video Downloader professional) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2022-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-18]
CHR Extension: (Google Play Books) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2018-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Vimeo Downloader Professional) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaallccmjamifmbnammngacjphelonn [2020-03-07]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-07-17]
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec]

Yandex:
=======
YAN Profile: C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default [2018-12-03]
YAN Extension: (Rating Program Extension - Cloud) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\aeblbnaefoaakjgpedmjbogemoegfdfm [2018-12-03]
YAN Extension: (Chrome IG Story) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-12-03]
YAN Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-12-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"ixdog" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\ixdog => C:\WINDOWS\System32\drivers\ianruybe.sys [145744 2022-06-24] (Access Denied) [File not signed] <==== ATTENTION (Rootkit!/Locked Service)
"MBAMInstallerService" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMInstallerService => C:\Users\TheVe\AppData\Local\Temp\MBAMInstallerService.exe [8693208 2022-07-17] (Malwarebytes Inc. -> Malwarebytes) <==== ATTENTION (Rootkit!/Locked Service)
"MBAMWebProtection" => service could not be unlocked. <==== ATTENTION
HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => \SystemRoot\system32\DRIVERS\mwac.sys <==== ATTENTION (Rootkit!/Locked Service)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111264 2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-05-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 Synchro Arts License Manager; C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe [175488 2008-02-22] (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation -> Intel Corporation)
S2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [X]
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender SRL -> Bitdefender)
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 LoopBeMidi1; C:\WINDOWS\system32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de) [File not signed]
S4 lzrutis; C:\WINDOWS\System32\drivers\vdrcuspz.sys [148816 2019-04-23] () [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-22] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-06-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [351968 2019-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
S3 cpuz148; \??\C:\WINDOWS\temp\cpuz148\cpuz148_x64.sys [X]
R3 mpswzc; system32\drivers\svzcfj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-17 06:05 - 2022-07-17 06:11 - 000054253 _____ C:\Users\TheVe\Desktop\Addition.txt
2022-07-17 06:02 - 2022-07-17 06:16 - 000028807 _____ C:\Users\TheVe\Desktop\FRST.txt
2022-07-17 05:54 - 2022-07-17 06:16 - 000000000 ____D C:\FRST
2022-07-17 05:52 - 2022-07-17 05:52 - 002369536 _____ (Farbar) C:\Users\TheVe\Desktop\FRST64.exe
2022-07-17 05:41 - 2022-07-17 05:43 - 000004974 _____ C:\Users\TheVe\Downloads\.6efeab48d0425dd4637604354adea9c6476d2ade.parts
2022-07-17 05:37 - 2022-07-17 05:37 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t334847.torrent
2022-07-17 05:37 - 2022-07-17 05:37 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.6.202.x64.WIN
2022-07-17 05:13 - 2022-07-17 05:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-17 05:13 - 2022-07-17 05:13 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-17 05:12 - 2022-07-17 05:13 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-07-17 05:10 - 2022-07-17 05:10 - 000000000 ____D C:\Users\temp.fix\ansel
2022-07-17 05:07 - 2022-07-17 05:07 - 000001417 _____ C:\Users\temp.fix\Desktop\Microsoft Edge.lnk
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ___HD C:\Users\temp.fix\MicrosoftEdgeBackups
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\MicrosoftEdge
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\CEF
2022-07-17 05:06 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA Corporation
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ___RD C:\Users\temp.fix\3D Objects
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\VirtualStore
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Google
2022-07-17 05:05 - 2022-07-17 05:36 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Packages
2022-07-17 05:05 - 2022-07-17 05:13 - 000002379 _____ C:\Users\temp.fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-17 05:05 - 2022-07-17 05:12 - 000000000 ___RD C:\Users\temp.fix\OneDrive
2022-07-17 05:05 - 2022-07-17 05:10 - 000000000 ____D C:\Users\temp.fix
2022-07-17 05:05 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\ConnectedDevicesPlatform
2022-07-17 05:05 - 2022-07-17 05:05 - 000000020 ___SH C:\Users\temp.fix\ntuser.ini
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Roaming\Adobe
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\TileDataLayer
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Publishers
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Comms
2022-07-17 05:05 - 2016-09-02 11:32 - 000000319 _____ C:\Users\temp.fix\Desktop\Get Office 365 Personal.url
2022-07-17 05:05 - 2016-09-02 11:31 - 000000194 _____ C:\Users\temp.fix\Desktop\Get Office 365 Home.url
2022-07-17 05:05 - 2016-08-31 16:58 - 000000154 _____ C:\Users\temp.fix\Desktop\Microsoft Store.url
2022-07-17 03:53 - 2022-07-17 04:11 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.7.214.x64.WIN
2022-07-17 03:52 - 2022-07-17 03:52 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t339695.torrent
2022-07-10 23:19 - 2022-07-10 23:19 - 001232282 _____ C:\Users\TheVe\Downloads\Blank.zip
2022-07-05 11:59 - 2022-07-05 11:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\aundsgb
2022-07-02 00:29 - 2022-07-02 00:29 - 000000000 _____ C:\Users\TheVe\Downloads\download
2022-06-30 08:34 - 2022-07-17 03:25 - 000000170 _____ C:\WINDOWS\wininit.ini
2022-06-30 04:43 - 2022-06-30 04:43 - 000800839 _____ C:\Users\TheVe\Downloads\Bluster.zip
2022-06-28 04:56 - 2022-06-28 04:58 - 1367096420 _____ C:\Users\TheVe\Downloads\Adobe Flash Pro CS6.exe
2022-06-28 04:46 - 2022-06-28 04:47 - 130656256 _____ C:\Users\TheVe\Downloads\Searching for_ adobe animate in_.iso
2022-06-28 04:45 - 2022-06-28 04:45 - 130656256 _____ C:\Users\TheVe\Downloads\Adobe Animate CC 2017 v16.0.1 (x64) + Crack [Sa....iso
2022-06-24 05:22 - 2022-06-24 05:22 - 000000000 ____D C:\Users\TheVe\AppData\Local\pwhvnux
2022-06-24 05:18 - 2022-06-24 05:18 - 000145744 ____N C:\WINDOWS\system32\Drivers\ianruybe.sys
2022-06-21 09:36 - 2022-06-21 09:36 - 000005473 _____ C:\Users\TheVe\Downloads\index(1).m3u8
2022-06-21 09:36 - 2022-06-21 09:36 - 000005445 _____ C:\Users\TheVe\Downloads\index.m3u8
2022-06-21 09:26 - 2022-06-21 09:26 - 000104140 _____ C:\Users\TheVe\Downloads\NEWDAYLYTvideoplayback.mp4
2022-06-21 09:19 - 2022-06-21 09:20 - 000211848 _____ C:\Users\TheVe\Downloads\DAYLYT “ Battlr rap talk ! Matches I want to seeee.mp4
2022-06-21 09:18 - 2022-06-21 09:19 - 001291014 _____ C:\Users\TheVe\Downloads\DAYLYTvideoplayback.mp4
2022-06-21 08:48 - 2022-07-17 05:52 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-06-21 08:48 - 2022-07-17 03:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-06-21 07:33 - 2022-06-24 05:15 - 000000000 ____D C:\Users\TheVe\Desktop\battle life
2022-06-19 07:17 - 2022-06-19 07:17 - 000000000 ____D C:\ProgramData\obs-studio-hook
2022-06-19 05:13 - 2022-06-19 05:13 - 000000798 _____ C:\Users\TheVe\Downloads\init-stream_0.m4s.mp4.mp4
2022-06-18 00:42 - 2022-06-18 00:42 - 000000000 ____D C:\Users\TheVe\AppData\Local\snbdpxc

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-17 06:11 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-17 06:08 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-17 06:05 - 2018-02-08 18:55 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\qBittorrent
2022-07-17 05:54 - 2018-01-26 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-17 05:51 - 2019-04-27 20:20 - 000000000 ____D C:\Users\TheVe\AppData\LocalLow\Mozilla
2022-07-17 05:39 - 2019-04-23 22:47 - 000000000 ____D C:\Users\TheVe\AppData\Local\wdkmbcg
2022-07-17 05:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-17 05:35 - 2018-06-22 18:29 - 000000000 ____D C:\ProgramData\Packages
2022-07-17 05:34 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-17 05:11 - 2018-04-12 16:09 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-17 05:06 - 2016-11-20 14:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-17 04:30 - 2018-04-16 12:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\CrashDumps
2022-07-17 04:18 - 2018-08-14 12:56 - 000000000 ____D C:\Users\TheVe\AppData\Local\D3DSCache
2022-07-17 04:16 - 2018-02-17 21:04 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-17 04:12 - 2018-01-28 18:41 - 000000000 ____D C:\Users\TheVe\AppData\Local\Adobe
2022-07-17 04:12 - 2018-01-28 18:41 - 000000000 ____D C:\ProgramData\Adobe
2022-07-17 03:25 - 2019-04-27 20:20 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-17 03:25 - 2019-04-27 20:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-17 02:32 - 2018-05-22 18:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-15 22:19 - 2018-05-22 19:13 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-15 22:19 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2022-07-14 07:41 - 2022-02-14 11:30 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-14 07:41 - 2018-05-22 19:15 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-14 07:41 - 2018-05-22 19:00 - 000002386 _____ C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-13 07:38 - 2019-06-11 00:17 - 000000132 _____ C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2022-07-09 03:11 - 2017-01-11 15:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-07 10:55 - 2018-01-26 12:10 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-07 10:55 - 2018-01-26 12:10 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-06 05:35 - 2018-01-26 23:45 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\vlc
2022-07-05 11:55 - 2018-05-22 19:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-05 11:54 - 2019-04-23 21:56 - 002930176 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\spsnzersvc.exe
2022-06-30 08:54 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Local\Packages
2022-06-29 08:15 - 2022-02-14 03:49 - 000000000 ____D C:\Users\TheVe\AppData\Local\ElevatedDiagnostics
2022-06-24 05:19 - 2018-04-11 17:04 - 018612224 _____ C:\WINDOWS\system32\config\HARDWARE
2022-06-24 05:19 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-06-21 09:35 - 2018-01-26 13:59 - 000001146 _____ C:\Users\Public\Desktop\VLC media player.lnk
2022-06-21 08:48 - 2019-04-27 20:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-06-19 10:59 - 2018-01-26 14:30 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\obs-studio

==================== Files in the root of some directories ========

2018-12-03 16:23 - 2018-12-03 16:24 - 000137168 _____ (Mozilla Foundation) C:\ProgramData\mozglue.dll
2018-12-03 16:23 - 2018-12-03 16:24 - 001246160 _____ (Mozilla Foundation) C:\ProgramData\nss3.dll
2018-08-09 16:03 - 2018-09-17 18:03 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-08-09 16:03 - 2018-09-17 18:03 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-06-11 00:16 - 2019-06-12 10:41 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2019-06-11 00:17 - 2022-07-13 07:38 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-03-10 17:10 - 2020-11-21 19:35 - 000000032 _____ () C:\Users\TheVe\AppData\Roaming\msregsvv.dll
2018-02-18 15:51 - 2022-02-19 11:25 - 000002824 _____ () C:\Users\TheVe\AppData\Roaming\VoiceMeeterDefault.xml
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_essentials.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000109 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c-4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_bc3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_ds.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eg.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eq.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_lc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_mc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_me.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_sc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_tg.txt
2020-10-16 15:27 - 2020-10-16 15:27 - 000000787 _____ () C:\Users\TheVe\AppData\Local\recently-used.xbel

==================== FLock ==============================

2019-04-23 21:56 C:\WINDOWS\system32\zacldsw
2022-07-05 11:54 C:\WINDOWS\system32\config\SYSTEM
2022-06-24 05:18 C:\WINDOWS\system32\Drivers\ianruybe.sys
2018-12-03 23:25 C:\Users\TheVe\AppData\Roaming\wow64_microsoft-windows-I..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_4025bb8924a11670
2022-07-17 05:39 C:\Users\TheVe\AppData\Local\wdkmbcg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


also here is the Addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2022
Ran by TheVerbalArteest (17-07-2022 06:17:32)
Running from C:\Users\TheVe\Desktop
Microsoft Windows 10 Home Version 1803 17134.706 (X64) (2018-05-22 23:16:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3999933350-674082219-2972644759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3999933350-674082219-2972644759-503 - Limited - Disabled)
Guest (S-1-5-21-3999933350-674082219-2972644759-501 - Limited - Disabled)
temp.fix (S-1-5-21-3999933350-674082219-2972644759-1002 - Administrator - Enabled) => C:\Users\temp.fix
TheVerbalArteest (S-1-5-21-3999933350-674082219-2972644759-1001 - Administrator - Enabled) => C:\Users\TheVe
WDAGUtilityAccount (S-1-5-21-3999933350-674082219-2972644759-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

NonTechyDad

Posts: 26   +0
also here is the Addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2022
Ran by TheVerbalArteest (17-07-2022 06:17:32)
Running from C:\Users\TheVe\Desktop
Microsoft Windows 10 Home Version 1803 17134.706 (X64) (2018-05-22 23:16:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3999933350-674082219-2972644759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3999933350-674082219-2972644759-503 - Limited - Disabled)
Guest (S-1-5-21-3999933350-674082219-2972644759-501 - Limited - Disabled)
temp.fix (S-1-5-21-3999933350-674082219-2972644759-1002 - Administrator - Enabled) => C:\Users\temp.fix
TheVerbalArteest (S-1-5-21-3999933350-674082219-2972644759-1001 - Administrator - Enabled) => C:\Users\TheVe
WDAGUtilityAccount (S-1-5-21-3999933350-674082219-2972644759-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{569F29BA-2D46-439B-8B7C-01D999B9201D}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9F460796-0348-4B11-BCA0-714C4B85E3D7}) (Version: 3.1.2.2 - Intel) Hidden
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Accusonus Regroover Pro (HKLM\...\Regroover Pro_is1) (Version: 1.6.0 - Accusonus)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.7 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )
Antares Auto-Tune v4.39 (HKLM-x32\...\Antares Auto-Tune v4.39) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.5.101.1001 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\BlueStacks X) (Version: 0.13.2.5 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.0.0 - Canon Inc.)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B32AF677}) (Version: 2.0.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33AF677}) (Version: 2.1.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{e228fee9-3f05-4ed9-9186-26b05094d174}) (Version: 2.1.0.0 - ) Hidden
DirectWave VSTi (HKLM-x32\...\DirectWave VSTi) (Version: - Image-Line)
EDIROL Orchestral (HKLM-x32\...\EDIROL Orchestral) (Version: 1.0.3 - EDIROL)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.114 - Google LLC)
HalfTime 1.0.1 (HKLM\...\HalfTime_is1) (Version: 1.0.1 - CableGuys & Team V.R)
IK Multimedia Authorization Manager version 1.0.19 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.19 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version: - Image-Line)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{644B16B7-3B5D-4316-965C-03E49D749C40}) (Version: 17.0.210 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{CD4D85AB-8C3B-4876-A063-96D8E4090353}) (Version: 17.0.210 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e7adbf16-34ad-490a-a4e8-feb60fb99973}) (Version: 3.1.2.2 - Intel)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.05 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.04 - iZotope, Inc.)
iZotope Nectar 3 (HKLM\...\Nectar 3_is1) (Version: 3.0.0 - iZotope)
iZotope Nectar 3 Elements (HKLM\...\Nectar 3 Elements_is1) (Version: 3.00 - iZotope & Team V.R)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.01) (Version: 7.01 - iZotope, Inc.)
iZotope Ozone 8 (HKLM\...\Ozone 8_is1) (Version: 8.0.2 - iZotope)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.02 - iZotope, Inc.)
iZotope Tonal Balance Control (HKLM\...\Tonal Balance Control_is1) (Version: 2.0.2 - iZotope)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Magic Bullet Suite v13.0.0 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 13.0.0 - Red Giant, LLC)
M-Audio M-Track 1.0.2 (x64) (HKLM\...\{C38CEF46-A4DF-4A1B-BE82-3C8CA706C85C}) (Version: 1.0.2 - M-Audio)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.15330.20230 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.49 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (HKLM\...\{2CD849A7-86A1-34A6-B8F9-D72F5B21A9AE}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (HKLM\...\{C99E2ADC-0347-336E-A603-F1992B09D582}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (HKLM-x32\...\{7FED75A1-600C-394B-8376-712E2A8861F2}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (HKLM-x32\...\{828952EB-5572-3666-8CA9-000B6CE79350}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (HKLM\...\{90BF0360-A1DB-4599-A643-95AB90A52C1E}) (Version: 1.00.0000 - Adobe) Hidden
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mixbus32C-4 (HKLM-x32\...\Mixbus32C-4-w64) (Version: - )
Mixbus4 (HKLM-x32\...\Mixbus4-w32) (Version: - )
Mixbus5 (HKLM-x32\...\Mixbus5-w32) (Version: - )
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{874C11C8-4273-4213-B018-D80878EB3DF3}) (Version: 4.49.1.0 - Domit LTD)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.1.1599 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.6.16 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.1.1 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.1.637 - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: 1.3.0.4 - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: 1.3.0.6 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.1 - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: 1.4.0.6 - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: 1.3.0.3 - Native Instruments)
Neutron 2 Advanced (HKLM-x32\...\Neutron 2) (Version: 2.00 - iZotope, Inc.)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.16.0.122 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.122 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.)
PDF ePub DRM Removal version 4.16 (HKLM-x32\...\{B17EB9DB-FEFD-4943-94E5-5428B3A53467}_is1) (Version: 4.16 - eBook Converter Team)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Plugin Boutique Scaler (HKLM\...\Scaler_is1) (Version: 1.2.0 - Plugin Boutique)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.65.0 - Samsung Electronics Co., Ltd.)
Serato Sample (HKLM\...\{177C2AC3-B53C-45CE-905D-70DE3D5A0399}) (Version: 1.1.0.6200 - Serato) Hidden
Serato Sample (HKLM-x32\...\{9f4422e8-b72f-4c2b-af20-95609c96ef3e}) (Version: 1.1.0.6200 - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SpectraLayers Pro 4.0 (HKLM\...\{7E9B303B-33F1-43B7-9792-EC5ABF96C60C}) (Version: 4.0.87 - MAGIX)
Syntronik version 1.1.0 (HKLM\...\{F4F8EE56-65A3-480C-A0CD-5CCA567A5673}_is1) (Version: 1.1.0 - IK Multimedia)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VocALign Project (HKLM-x32\...\{7E7F3882-48B3-424B-9BE2-D257D1319C59}) (Version: 2.9.1 - Synchro Arts Ltd)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Voxengo SPAN Plus (HKLM\...\Voxengo SPAN Plus_is1) (Version: 1.4 - Voxengo)
Waves Complete (HKLM\...\Complete_is1) (Version: 2018.07.23 - Waves)
Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XLN Audio RC-20 Retro Color (HKLM\...\RC-20 Retro Color_is1) (Version: 1.0.3 - XLN Audio)
Zoom (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)
 

NonTechyDad

Posts: 26   +0
==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{569F29BA-2D46-439B-8B7C-01D999B9201D}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9F460796-0348-4B11-BCA0-714C4B85E3D7}) (Version: 3.1.2.2 - Intel) Hidden
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Accusonus Regroover Pro (HKLM\...\Regroover Pro_is1) (Version: 1.6.0 - Accusonus)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.7 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )
Antares Auto-Tune v4.39 (HKLM-x32\...\Antares Auto-Tune v4.39) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.5.101.1001 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\BlueStacks X) (Version: 0.13.2.5 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.0.0 - Canon Inc.)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B32AF677}) (Version: 2.0.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33AF677}) (Version: 2.1.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{e228fee9-3f05-4ed9-9186-26b05094d174}) (Version: 2.1.0.0 - ) Hidden
DirectWave VSTi (HKLM-x32\...\DirectWave VSTi) (Version: - Image-Line)
EDIROL Orchestral (HKLM-x32\...\EDIROL Orchestral) (Version: 1.0.3 - EDIROL)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.114 - Google LLC)
HalfTime 1.0.1 (HKLM\...\HalfTime_is1) (Version: 1.0.1 - CableGuys & Team V.R)
IK Multimedia Authorization Manager version 1.0.19 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.19 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version: - Image-Line)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{644B16B7-3B5D-4316-965C-03E49D749C40}) (Version: 17.0.210 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{CD4D85AB-8C3B-4876-A063-96D8E4090353}) (Version: 17.0.210 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e7adbf16-34ad-490a-a4e8-feb60fb99973}) (Version: 3.1.2.2 - Intel)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.05 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.04 - iZotope, Inc.)
iZotope Nectar 3 (HKLM\...\Nectar 3_is1) (Version: 3.0.0 - iZotope)
iZotope Nectar 3 Elements (HKLM\...\Nectar 3 Elements_is1) (Version: 3.00 - iZotope & Team V.R)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.01) (Version: 7.01 - iZotope, Inc.)
iZotope Ozone 8 (HKLM\...\Ozone 8_is1) (Version: 8.0.2 - iZotope)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.02 - iZotope, Inc.)
iZotope Tonal Balance Control (HKLM\...\Tonal Balance Control_is1) (Version: 2.0.2 - iZotope)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Magic Bullet Suite v13.0.0 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 13.0.0 - Red Giant, LLC)
M-Audio M-Track 1.0.2 (x64) (HKLM\...\{C38CEF46-A4DF-4A1B-BE82-3C8CA706C85C}) (Version: 1.0.2 - M-Audio)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.15330.20230 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.49 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810 (HKLM\...\{2CD849A7-86A1-34A6-B8F9-D72F5B21A9AE}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810 (HKLM\...\{C99E2ADC-0347-336E-A603-F1992B09D582}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810 (HKLM-x32\...\{7FED75A1-600C-394B-8376-712E2A8861F2}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810 (HKLM-x32\...\{828952EB-5572-3666-8CA9-000B6CE79350}) (Version: 14.12.25810 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (HKLM\...\{90BF0360-A1DB-4599-A643-95AB90A52C1E}) (Version: 1.00.0000 - Adobe) Hidden
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mixbus32C-4 (HKLM-x32\...\Mixbus32C-4-w64) (Version: - )
Mixbus4 (HKLM-x32\...\Mixbus4-w32) (Version: - )
Mixbus5 (HKLM-x32\...\Mixbus5-w32) (Version: - )
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{874C11C8-4273-4213-B018-D80878EB3DF3}) (Version: 4.49.1.0 - Domit LTD)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.1.1599 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.6.16 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.1.1 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.1.637 - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: 1.3.0.4 - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: 1.3.0.6 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.1 - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: 1.4.0.6 - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: 1.3.0.3 - Native Instruments)
Neutron 2 Advanced (HKLM-x32\...\Neutron 2) (Version: 2.00 - iZotope, Inc.)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.16.0.122 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.122 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.)
PDF ePub DRM Removal version 4.16 (HKLM-x32\...\{B17EB9DB-FEFD-4943-94E5-5428B3A53467}_is1) (Version: 4.16 - eBook Converter Team)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Plugin Boutique Scaler (HKLM\...\Scaler_is1) (Version: 1.2.0 - Plugin Boutique)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.65.0 - Samsung Electronics Co., Ltd.)
Serato Sample (HKLM\...\{177C2AC3-B53C-45CE-905D-70DE3D5A0399}) (Version: 1.1.0.6200 - Serato) Hidden
Serato Sample (HKLM-x32\...\{9f4422e8-b72f-4c2b-af20-95609c96ef3e}) (Version: 1.1.0.6200 - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SpectraLayers Pro 4.0 (HKLM\...\{7E9B303B-33F1-43B7-9792-EC5ABF96C60C}) (Version: 4.0.87 - MAGIX)
Syntronik version 1.1.0 (HKLM\...\{F4F8EE56-65A3-480C-A0CD-5CCA567A5673}_is1) (Version: 1.1.0 - IK Multimedia)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VocALign Project (HKLM-x32\...\{7E7F3882-48B3-424B-9BE2-D257D1319C59}) (Version: 2.9.1 - Synchro Arts Ltd)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Voxengo SPAN Plus (HKLM\...\Voxengo SPAN Plus_is1) (Version: 1.4 - Voxengo)
Waves Complete (HKLM\...\Complete_is1) (Version: 2018.07.23 - Waves)
Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XLN Audio RC-20 Retro Color (HKLM\...\RC-20 Retro Color_is1) (Version: 1.0.3 - XLN Audio)
Zoom (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_1.8.5.0_x64__tf1gferkr813w [2019-01-22] (Autodesk Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe [2019-04-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-04-12] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
ReadAloud -> C:\Program Files\WindowsApps\21676OptimiliaStudios.ReadAloud_2.1.20.0_x64__k42naep6bwmrc [2019-04-10] (Optimilia Studios) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c [2019-03-29] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0 [2019-04-08] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\WINDOWS\system32\vorbis.acm [1470976 2012-11-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-04-05 17:13 - 2009-07-24 14:29 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 003703808 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000147456 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000224256 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\xerces-c_2_7.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\StatusStrings.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:5A00B4CCF68F74CD [217]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\TheVe\Cookies:3wk4t3EUHXotkm5UAnWbkHHsL [2270]
AlternateDataStreams: C:\Users\TheVe\Cookies:nsB7kXY5docp4ymNpMrTN7FBK [2448]
AlternateDataStreams: C:\Users\TheVe\Local Settings:IHooD63YiAzAozLBj60s [2490]
AlternateDataStreams: C:\Users\TheVe\AppData\Local:IHooD63YiAzAozLBj60s [2490]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Application Data:IHooD63YiAzAozLBj60s [2490]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\LU2uOCnrhp:qXaO5w9lAtXsTQAsWilbx [2594]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Temp:5zIoqCpFt2rIN86aLh3VNZ [2160]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Temp:A8s7jFWU3PQRkFuJlV09QrAWWx [2156]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Temporary Internet Files:MfbCs6a6Eqi8FS3NLMgcIkhZYX [2274]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
 

NonTechyDad

Posts: 26   +0
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_1.8.5.0_x64__tf1gferkr813w [2019-01-22] (Autodesk Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11425.20190.0_x64__8wekyb3d8bbwe [2019-04-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-04-12] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
ReadAloud -> C:\Program Files\WindowsApps\21676OptimiliaStudios.ReadAloud_2.1.20.0_x64__k42naep6bwmrc [2019-04-10] (Optimilia Studios) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c [2019-03-29] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0 [2019-04-08] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3999933350-674082219-2972644759-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\WINDOWS\system32\vorbis.acm [1470976 2012-11-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-04-05 17:13 - 2009-07-24 14:29 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 003703808 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000147456 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000224256 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\xerces-c_2_7.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\StatusStrings.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:5A00B4CCF68F74CD [217]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\TheVe\Cookies:3wk4t3EUHXotkm5UAnWbkHHsL [2270]
AlternateDataStreams: C:\Users\TheVe\Cookies:nsB7kXY5docp4ymNpMrTN7FBK [2448]
AlternateDataStreams: C:\Users\TheVe\Local Settings:IHooD63YiAzAozLBj60s [2490]
AlternateDataStreams: C:\Users\TheVe\AppData\Local:IHooD63YiAzAozLBj60s [2490]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Application Data:IHooD63YiAzAozLBj60s [2490]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\LU2uOCnrhp:qXaO5w9lAtXsTQAsWilbx [2594]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Temp:5zIoqCpFt2rIN86aLh3VNZ [2160]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Temp:A8s7jFWU3PQRkFuJlV09QrAWWx [2156]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\Temporary Internet Files:MfbCs6a6Eqi8FS3NLMgcIkhZYX [2274]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2019-04-23 22:39 - 000001053 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com
127.0.0.1 www.r2rdownload.net
127.0.0.1 ec2-52-0-114-51.compute-1.amazonaws.com
127.0.0.1 ec2-54-210-240-130.compute-1.amazonaws.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32_win\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "LoopBe1 Monitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "picon"
HKLM\...\StartupApproved\Run: => "Poppin"
HKLM\...\StartupApproved\Run: => "Gluconate"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "SoundMAXPnP"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Electromechanical"
HKLM\...\StartupApproved\Run32: => "Playstation"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "leeching.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "com.squirrel.splice.Splice"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Browser Manager"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "watercolor"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Holmen"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Warrant"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Estar"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Reassure"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "MP3 Skype recorder"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{671AD675-862C-48A3-A7EB-04073BCCF02A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1E7B47FB-81E3-4F5E-BEB2-B4618D472280}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{758A6061-9ABE-40A9-A10C-EB89347CEAED}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6F0CF5E0-3835-49FC-8BB1-1B62F282647C}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{548E09B6-19F9-4015-8D4B-4D3F1D9761D2}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [UDP Query User{B57B57D5-C055-4D0F-8385-93A0EF58DF4A}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [TCP Query User{AB5C7FD0-9F55-43A7-A711-EE31D0D45349}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [UDP Query User{98AA06B2-6FD3-425A-A365-69AD3E88A9F7}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [TCP Query User{EACB5E87-2B09-445D-B638-E023031E60FE}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [UDP Query User{F265FC67-992A-49A7-BB18-F32FD4B7EE1C}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [TCP Query User{ED94180B-3288-4810-BC79-1A8C3B212D9A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{530F3A91-F686-4F66-86D0-AB75C8FB0881}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{A2CF4139-4986-4ACF-97B6-083F40F90FC6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9D9D6F5A-0222-42CD-990A-6E41E25F512F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{B02DC9E2-48B3-40EE-A3ED-0445FB220E6F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9104C4DB-CB9A-46B2-B859-A7D00F173A02}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9735B10A-765A-4AFF-9621-96A47061C215}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7FE1635B-C5F9-460B-9420-6A9E35B962C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EB8AAEE9-51EC-40BD-AC76-6258664CF934}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9FF1A2A1-3084-40E1-BD85-E0D616FD1D15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CD91F3B-F666-47E5-8EB1-B6A3D4E0D2B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3C54700B-E649-47C4-9A66-B699DBD178A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{4B986384-7DE7-46EF-A31E-48E851C02F5F}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [UDP Query User{01ADED74-A836-4BA4-86F5-8DD8FD0345A2}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [TCP Query User{E7B29C4C-8A09-4594-9493-79FFE9642ADE}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [UDP Query User{38888F54-6F86-4781-9583-5E7A42D4F64E}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [TCP Query User{4EACBAED-4428-4D32-B054-C17C4D243967}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [UDP Query User{E4D53A5A-EFA8-4FBB-91F8-A7161198DDA3}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [{B4234A53-9EF7-4051-99DD-68A55E36C04D}] => (Allow) C:\Program Files (x86)\Apologies\Antigens.exe => No File
FirewallRules: [{B7BB098D-7BA0-4CD1-9EB6-FB3A84FEEA54}] => (Allow) C:\Program Files (x86)\Maidens\Antigens.exe => No File
FirewallRules: [{0284F1DD-7339-406F-9986-E23A92B48AB6}] => (Allow) C:\Program Files (x86)\prodigies\Saturdays.exe => No File
FirewallRules: [{9F0FE841-C867-4C73-876F-803301ADFAD0}] => (Allow) C:\Program Files (x86)\Maidens\Saturdays.exe => No File
FirewallRules: [TCP Query User{5101A174-0A04-4368-B8D6-36A7BB01FD84}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [UDP Query User{FBCC6B78-69DB-425C-B94C-6D53481C0055}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [{25E40DDE-22FD-4A1F-BEE6-2B24344A1033}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5250C3EF-15A1-4A47-B548-DC5B0E1447D0}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{11D516A5-431C-4A22-B85A-0BE7546D5188}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{DEDC1614-0DB0-4B98-B14A-6FD8EF3C6742}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{21031684-5E77-42DE-B367-98C0033B0BDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DEF8A252-59C2-4597-B770-1BCBD034D097}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4FE55C06-819C-4B00-8EE3-389599AABC98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2A99B79D-E54E-4201-8EA6-E0058D81EDF4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.49\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{09CCE490-AA2E-4305-8932-2CAE0EA66676}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{45B985BF-0838-4ECC-9F11-B441B3FBFE65}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
 

NonTechyDad

Posts: 26   +0
==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2019-04-23 22:39 - 000001053 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com
127.0.0.1 www.r2rdownload.net
127.0.0.1 ec2-52-0-114-51.compute-1.amazonaws.com
127.0.0.1 ec2-54-210-240-130.compute-1.amazonaws.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32_win\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "LoopBe1 Monitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "picon"
HKLM\...\StartupApproved\Run: => "Poppin"
HKLM\...\StartupApproved\Run: => "Gluconate"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "SoundMAXPnP"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Electromechanical"
HKLM\...\StartupApproved\Run32: => "Playstation"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "leeching.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "com.squirrel.splice.Splice"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Browser Manager"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "watercolor"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Holmen"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Warrant"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Estar"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Reassure"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "MP3 Skype recorder"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{671AD675-862C-48A3-A7EB-04073BCCF02A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1E7B47FB-81E3-4F5E-BEB2-B4618D472280}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{758A6061-9ABE-40A9-A10C-EB89347CEAED}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6F0CF5E0-3835-49FC-8BB1-1B62F282647C}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{548E09B6-19F9-4015-8D4B-4D3F1D9761D2}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [UDP Query User{B57B57D5-C055-4D0F-8385-93A0EF58DF4A}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [TCP Query User{AB5C7FD0-9F55-43A7-A711-EE31D0D45349}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [UDP Query User{98AA06B2-6FD3-425A-A365-69AD3E88A9F7}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [TCP Query User{EACB5E87-2B09-445D-B638-E023031E60FE}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [UDP Query User{F265FC67-992A-49A7-BB18-F32FD4B7EE1C}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [TCP Query User{ED94180B-3288-4810-BC79-1A8C3B212D9A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{530F3A91-F686-4F66-86D0-AB75C8FB0881}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{A2CF4139-4986-4ACF-97B6-083F40F90FC6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{9D9D6F5A-0222-42CD-990A-6E41E25F512F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{B02DC9E2-48B3-40EE-A3ED-0445FB220E6F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9104C4DB-CB9A-46B2-B859-A7D00F173A02}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9735B10A-765A-4AFF-9621-96A47061C215}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7FE1635B-C5F9-460B-9420-6A9E35B962C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EB8AAEE9-51EC-40BD-AC76-6258664CF934}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9FF1A2A1-3084-40E1-BD85-E0D616FD1D15}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CD91F3B-F666-47E5-8EB1-B6A3D4E0D2B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3C54700B-E649-47C4-9A66-B699DBD178A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.104.197.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{4B986384-7DE7-46EF-A31E-48E851C02F5F}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [UDP Query User{01ADED74-A836-4BA4-86F5-8DD8FD0345A2}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [TCP Query User{E7B29C4C-8A09-4594-9493-79FFE9642ADE}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [UDP Query User{38888F54-6F86-4781-9583-5E7A42D4F64E}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [TCP Query User{4EACBAED-4428-4D32-B054-C17C4D243967}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [UDP Query User{E4D53A5A-EFA8-4FBB-91F8-A7161198DDA3}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [{B4234A53-9EF7-4051-99DD-68A55E36C04D}] => (Allow) C:\Program Files (x86)\Apologies\Antigens.exe => No File
FirewallRules: [{B7BB098D-7BA0-4CD1-9EB6-FB3A84FEEA54}] => (Allow) C:\Program Files (x86)\Maidens\Antigens.exe => No File
FirewallRules: [{0284F1DD-7339-406F-9986-E23A92B48AB6}] => (Allow) C:\Program Files (x86)\prodigies\Saturdays.exe => No File
FirewallRules: [{9F0FE841-C867-4C73-876F-803301ADFAD0}] => (Allow) C:\Program Files (x86)\Maidens\Saturdays.exe => No File
FirewallRules: [TCP Query User{5101A174-0A04-4368-B8D6-36A7BB01FD84}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [UDP Query User{FBCC6B78-69DB-425C-B94C-6D53481C0055}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [{25E40DDE-22FD-4A1F-BEE6-2B24344A1033}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5250C3EF-15A1-4A47-B548-DC5B0E1447D0}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{11D516A5-431C-4A22-B85A-0BE7546D5188}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{DEDC1614-0DB0-4B98-B14A-6FD8EF3C6742}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{21031684-5E77-42DE-B367-98C0033B0BDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DEF8A252-59C2-4597-B770-1BCBD034D097}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4FE55C06-819C-4B00-8EE3-389599AABC98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2A99B79D-E54E-4201-8EA6-E0058D81EDF4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.49\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{09CCE490-AA2E-4305-8932-2CAE0EA66676}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{45B985BF-0838-4ECC-9F11-B441B3FBFE65}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
==================== Restore Points =========================

02-07-2022 19:20:07 Scheduled Checkpoint
11-07-2022 21:55:28 Scheduled Checkpoint
17-07-2022 04:17:02 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820

==================== Faulty Device Manager Devices ============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/17/2022 05:08:55 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Image-Line\FL Studio 11\Plugins\VST\Waves\SoundGrid Studio\SoundGrid Studio.exe".Error in manifest or policy file "C:\Program Files (x86)\Image-Line\FL Studio 11\Plugins\VST\Waves\SoundGrid Studio\Modules\Modules.MANIFEST" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is Modules,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is Modules,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/17/2022 05:07:37 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-RIMVDU7)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe-2147024891

Error: (07/17/2022 05:07:30 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (13496,P,98) TILEREPOSITORYS-1-5-21-3999933350-674082219-2972644759-1002: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (07/17/2022 05:07:29 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (13496,P,98) TILEREPOSITORYS-1-5-21-3999933350-674082219-2972644759-1002: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (07/17/2022 05:07:28 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (13496,P,98) TILEREPOSITORYS-1-5-21-3999933350-674082219-2972644759-1002: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (07/17/2022 05:07:26 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-RIMVDU7)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy-2147024891

Error: (07/17/2022 05:07:27 AM) (Source: ESENT) (EventID: 522) (User: )
Description: ShellExperienceHost (13496,P,98) TILEREPOSITORYS-1-5-21-3999933350-674082219-2972644759-1002: An attempt to open the device with name "\\.\C:" containing "C:\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Error: (07/17/2022 05:07:24 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-RIMVDU7)
Description: Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy-2147024891


System errors:
=============
Error: (07/17/2022 06:21:38 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RIMVDU7)
Description: The server {4BD3E4E1-7BD4-4A2B-9964-496400DE5193} did not register with DCOM within the required timeout.

Error: (07/17/2022 06:21:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RIMVDU7)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/17/2022 06:20:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
A dynamic link library (DLL) initialization routine failed.

Error: (07/17/2022 06:20:01 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RIMVDU7)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (07/17/2022 06:19:10 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-RIMVDU7)
Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout.

Error: (07/17/2022 06:18:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
A dynamic link library (DLL) initialization routine failed.

Error: (07/17/2022 06:18:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
and APPID
{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/17/2022 06:18:01 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.


Windows Defender:
================Event[0]:

Date: 2019-11-23 08:15:58.068
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.305.2606.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80080005
Error description: Server execution failed

Date: 2019-11-22 08:15:59.447
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.305.2470.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80080005
Error description: Server execution failed

Date: 2019-11-21 08:15:55.563
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.305.2470.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80080005
Error description: Server execution failed

Date: 2019-11-20 08:17:51.098
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.305.2327.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80080005
Error description: Server execution failed

Date: 2019-11-19 08:15:55.640
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.305.2327.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16500.1
Error code: 0x80080005
Error description: Server execution failed

==================== Memory info ===========================

BIOS: Hewlett-Packard 786G1 v01.16 03/05/2009
Motherboard: Hewlett-Packard 3031h
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 56%
Total physical RAM: 8059.24 MB
Available physical RAM: 3505.99 MB
Total Virtual: 13275.57 MB
Available Virtual: 6846.85 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1742.42 GB) (Free:455.78 GB) (Model: WDC WD10EURX-63FH1Y0 ATA Device) NTFS

\\?\Volume{e7b78f13-0000-0000-0000-703b00000000}\ (System) (Fixed) (Total:1.99 GB) (Free:1.92 GB) NTFS
\\?\Volume{e7b78f13-0000-0000-0000-100000000000}\ (Recovery image) (Fixed) (Total:0.93 GB) (Free:0.54 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E7B78F13)
Partition 1: (Not Active) - (Size=950 MB) - (Type=27)
Partition 2: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1860.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,981   +509
redtarget.gif


Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.


redtarget.gif


Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


redtarget.gif


Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

NonTechyDad

Posts: 26   +0
Thank you very much for your response and help.

here is the RogueKiller:

Program : RogueKiller Anti-Malware
Version : 15.5.3.0
x64 : Yes
Program Date : Jun 13 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : TheVerbalArteest
User is Admin : Yes
Date : 2022/07/17 18:02:03
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 4668
Found items : 13
Total scanned : 88904
Signatures Version : 20220711_090857
Truesight Driver : Yes
Updates Count : 11
Arguments : -minimize

************************* Warnings *************************
(17:4223) C:\Windows\System32, LONG_FOLDER_SCAN
[+] path : C:\Windows\System32
[+] message : LONG_FOLDER_SCAN
[+] int1 : 17
[+] int2 : 4223


************************* Removal *************************
[Suspicious.Path (Potentially Malicious)] wdkmbcg.exe -- %localappdata%\wdkmbcg\wdkmbcg.exe -> Killed [TermThr]
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : wdkmbcg.exe
[+] value : %localappdata%\wdkmbcg\wdkmbcg.exe
[+] Type : Process
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Killed [TermThr]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] raakpmi.exe -- %localappdata%\wdkmbcg\raakpmi.exe ->
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : raakpmi.exe
[+] value : %localappdata%\wdkmbcg\raakpmi.exe
[+] Type : Process
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 773399408
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] raakpmi.exe -- %localappdata%\wdkmbcg\raakpmi.exe -> ERROR [0]
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : raakpmi.exe
[+] value : %localappdata%\wdkmbcg\raakpmi.exe
[+] Type : Process
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gramblr (Malicious)] gramblrclient -- %ProgramFiles%\Gramblr\gramblr.exe -> Stopped
[+] scan_what : 0
[+] vendors : Tr.Gramblr
[+] Name : gramblrclient
[+] value : %ProgramFiles%\Gramblr\gramblr.exe
[+] Type : Service
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 3
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Suspicious.Path (Potentially Malicious)] \categorizations exasperated relishing -- C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK) -> Deleted
[+] scan_what : 0
[+] vendors : Suspicious.Path
[+] Name : \categorizations exasperated relishing
[+] value : C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK)
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] \categorizations exasperated relishingcategorizations exasperated relishing -- C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK) -> Deleted
[+] scan_what : 0
[+] vendors : Suspicious.Path
[+] Name : \categorizations exasperated relishingcategorizations exasperated relishing
[+] value : C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK)
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 5
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3999933350-674082219-2972644759-1001\Software\csastats -- -> Deleted
[+] scan_what : 2
[+] vendors : PUP.Gen1
[+] Name : HKEY_USERS\S-1-5-21-3999933350-674082219-2972644759-1001\Software\csastats
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 6
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Tr.Gramblr (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gramblrclient -- [%ProgramFiles%\Gramblr\gramblr.exe] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gramblr
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gramblrclient
[+] value : [%ProgramFiles%\Gramblr\gramblr.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 7
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.OnlineIO (Potentially Malicious)] AdvinstAnalytics -- %localappdata%\AdvinstAnalytics -> Deleted
[+] scan_what : 1
[+] vendors : PUP.OnlineIO
[+] Name : AdvinstAnalytics
[+] value : %localappdata%\AdvinstAnalytics
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 8
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.Gen2 (Potentially Malicious)] Визуальные закладки -- vb@yandex.ru -> Deleted
[+] scan_what : 1
[+] vendors : PUP.Gen2
[+] Name : Визуальные закладки
[+] value : vb@yandex.ru
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 9
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Ð¯Ð½Ð´ÐµÐºÑ -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : browser.search.defaultenginename
[+] value : ЯндекÑ
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 10
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Ð¯Ð½Ð´ÐµÐºÑ -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : browser.search.selectedEngine
[+] value : ЯндекÑ
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 11
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.Gen0 (Potentially Malicious)] Video Downloader professional -- elicpjhcidhpjomhibiffojpinpmmpil -> ERROR [0]
[+] scan_what : 1
[+] vendors : PUP.Gen0
[+] Name : Video Downloader professional
[+] value : elicpjhcidhpjomhibiffojpinpmmpil
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 12
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : No
[+] status_choice : 2
[+] malpe_score : 0
 

NonTechyDad

Posts: 26   +0
Thank you very much for your response and help.

here is the RogueKiller:

Program : RogueKiller Anti-Malware
Version : 15.5.3.0
x64 : Yes
Program Date : Jun 13 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : TheVerbalArteest
User is Admin : Yes
Date : 2022/07/17 18:02:03
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 4668
Found items : 13
Total scanned : 88904
Signatures Version : 20220711_090857
Truesight Driver : Yes
Updates Count : 11
Arguments : -minimize

************************* Warnings *************************
(17:4223) C:\Windows\System32, LONG_FOLDER_SCAN
[+] path : C:\Windows\System32
[+] message : LONG_FOLDER_SCAN
[+] int1 : 17
[+] int2 : 4223


************************* Removal *************************
[Suspicious.Path (Potentially Malicious)] wdkmbcg.exe -- %localappdata%\wdkmbcg\wdkmbcg.exe -> Killed [TermThr]
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : wdkmbcg.exe
[+] value : %localappdata%\wdkmbcg\wdkmbcg.exe
[+] Type : Process
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Killed [TermThr]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] raakpmi.exe -- %localappdata%\wdkmbcg\raakpmi.exe ->
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : raakpmi.exe
[+] value : %localappdata%\wdkmbcg\raakpmi.exe
[+] Type : Process
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 773399408
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] raakpmi.exe -- %localappdata%\wdkmbcg\raakpmi.exe -> ERROR [0]
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : raakpmi.exe
[+] value : %localappdata%\wdkmbcg\raakpmi.exe
[+] Type : Process
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Tr.Gramblr (Malicious)] gramblrclient -- %ProgramFiles%\Gramblr\gramblr.exe -> Stopped
[+] scan_what : 0
[+] vendors : Tr.Gramblr
[+] Name : gramblrclient
[+] value : %ProgramFiles%\Gramblr\gramblr.exe
[+] Type : Service
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 3
[+] status : 3
[+] status_str : Stopped
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Suspicious.Path (Potentially Malicious)] \categorizations exasperated relishing -- C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK) -> Deleted
[+] scan_what : 0
[+] vendors : Suspicious.Path
[+] Name : \categorizations exasperated relishing
[+] value : C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK)
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 4
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[Suspicious.Path (Potentially Malicious)] \categorizations exasperated relishingcategorizations exasperated relishing -- C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK) -> Deleted
[+] scan_what : 0
[+] vendors : Suspicious.Path
[+] Name : \categorizations exasperated relishingcategorizations exasperated relishing
[+] value : C:\Users\TheVe\AppData\Local\Antigens.exe (oklavwoklavwoklavwoklav.oklavkoklavnoklavmoklav.oklavpoklavwoklav/oklavg2rm0rm1rmoklav9rm0zn4zn2oklavg3grmhtmlroklavuT6gmnRGUFoklavyXjvAeYnK)
[+] Type : Task
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 5
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1

[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-3999933350-674082219-2972644759-1001\Software\csastats -- -> Deleted
[+] scan_what : 2
[+] vendors : PUP.Gen1
[+] Name : HKEY_USERS\S-1-5-21-3999933350-674082219-2972644759-1001\Software\csastats
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 6
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[Tr.Gramblr (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gramblrclient -- [%ProgramFiles%\Gramblr\gramblr.exe] -> Deleted
[+] scan_what : 2
[+] vendors : Tr.Gramblr
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gramblrclient
[+] value : [%ProgramFiles%\Gramblr\gramblr.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 7
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.OnlineIO (Potentially Malicious)] AdvinstAnalytics -- %localappdata%\AdvinstAnalytics -> Deleted
[+] scan_what : 1
[+] vendors : PUP.OnlineIO
[+] Name : AdvinstAnalytics
[+] value : %localappdata%\AdvinstAnalytics
[+] Type : File/Folder
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 8
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.Gen2 (Potentially Malicious)] Визуальные закладки -- vb@yandex.ru -> Deleted
[+] scan_what : 1
[+] vendors : PUP.Gen2
[+] Name : Визуальные закладки
[+] value : vb@yandex.ru
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 9
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUM.SearchEngine (Potentially Malicious)] browser.search.defaultenginename -- Ð¯Ð½Ð´ÐµÐºÑ -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : browser.search.defaultenginename
[+] value : ЯндекÑ
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 10
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUM.SearchEngine (Potentially Malicious)] browser.search.selectedEngine -- Ð¯Ð½Ð´ÐµÐºÑ -> Deleted
[+] scan_what : 2
[+] vendors : PUM.SearchEngine
[+] Name : browser.search.selectedEngine
[+] value : ЯндекÑ
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 4
[+] id : 11
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

[PUP.Gen0 (Potentially Malicious)] Video Downloader professional -- elicpjhcidhpjomhibiffojpinpmmpil -> ERROR [0]
[+] scan_what : 1
[+] vendors : PUP.Gen0
[+] Name : Video Downloader professional
[+] value : elicpjhcidhpjomhibiffojpinpmmpil
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 12
[+] status : 4
[+] status_str : ERROR [0]
[+] removed : No
[+] status_choice : 2
[+] malpe_score : 0
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/17/22
Scan Time: 2:16 PM
Log File: a352e92a-05fc-11ed-98b5-000000000000.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57331
License: Trial

-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: DESKTOP-RIMVDU7\TheVerbalArteest

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 379672
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 24 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MOZGLUE.DLL, Quarantined, 3705, 820422, 1.0.57331, , ame, , 8F73C08A9660691143661BF7332C3C27, 3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\NSS3.DLL, Quarantined, 3705, 820421, 1.0.57331, , ame, , BFAC4E3C5908856BA17D41EDCD455A51, E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
Trojan.MalPack.GS, C:\PROGRAM FILES (X86)\IRRIDIUM\CLEANPC\2215.EXE, Quarantined, 7202, 607742, 1.0.57331, , ame, , 578A1D05684CF8B48405BBE6EE4C6E73, 69F00965E154138C1C6F5A5FA8E39B0D1DE6070215306AD064CFDC7EC4D3EB8F
Malware.AI.4236286419, C:\USERS\THEVE\DOWNLOADS\PLUGIN.BOUTIQUE.SCALER.V1.2.0.INCL.PATCHED.AND.KEYGEN-R2R\R2R-6812.R03, Quarantined, 1000000, -58680877, 1.0.57331, 4D88E35E2A390D32FC8099D3, dds, 01862090, 98723C33E2C01080CA3A0F7D7DC63402, 21BDDC9DB3F18620A7C52C14A1FAD3C1048009BC5CC1ED3A9C0F31E9C6601C44
Malware.AI.3495637517, C:\USERS\THEVE\DOWNLOADS\XLN.AUDIO.RC-20.RETRO.COLOR.V1.0.3.INCL.KEYGEN.HAPPY.NEW.YEAR-R2R\R2R-6638.R03, Quarantined, 1000000, -799329779, 1.0.57331, C3CA89C5D1E32B73D05B320D, dds, 01862090, 86F97BB1F89B206F811C88C719BD8B54, 343F8761025BEA14BA030F2903B0A04FC70BC0B07F8A7995BFFE0404C3950103
Malware.AI.185373464, C:\USERS\THEVE\DOWNLOADS\XLN.AUDIO.RC-20.RETRO.COLOR.V1.0.0.INCL.KEYGEN.HAPPY.NEW.YEAR-R2R\R2R-5634.R03, Quarantined, 1000000, 185373464, 1.0.57331, 2307BFAB720B83600B0C9318, dds, 01862090, 3BC4E4DCF2E31662F0B7296F8804F3D1, 87E4BCA7EF1BC05B601929AB47E77609D01583EF203BDFE632ACFE32EF0D9D03

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

NonTechyDad

Posts: 26   +0
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/17/22
Scan Time: 2:16 PM
Log File: a352e92a-05fc-11ed-98b5-000000000000.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57331
License: Trial

-System Information-
OS: Windows 10 (Build 17134.706)
CPU: x64
File System: NTFS
User: DESKTOP-RIMVDU7\TheVerbalArteest

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 379672
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 24 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\MOZGLUE.DLL, Quarantined, 3705, 820422, 1.0.57331, , ame, , 8F73C08A9660691143661BF7332C3C27, 3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
RiskWare.MisusedLegit.E, C:\PROGRAMDATA\NSS3.DLL, Quarantined, 3705, 820421, 1.0.57331, , ame, , BFAC4E3C5908856BA17D41EDCD455A51, E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
Trojan.MalPack.GS, C:\PROGRAM FILES (X86)\IRRIDIUM\CLEANPC\2215.EXE, Quarantined, 7202, 607742, 1.0.57331, , ame, , 578A1D05684CF8B48405BBE6EE4C6E73, 69F00965E154138C1C6F5A5FA8E39B0D1DE6070215306AD064CFDC7EC4D3EB8F
Malware.AI.4236286419, C:\USERS\THEVE\DOWNLOADS\PLUGIN.BOUTIQUE.SCALER.V1.2.0.INCL.PATCHED.AND.KEYGEN-R2R\R2R-6812.R03, Quarantined, 1000000, -58680877, 1.0.57331, 4D88E35E2A390D32FC8099D3, dds, 01862090, 98723C33E2C01080CA3A0F7D7DC63402, 21BDDC9DB3F18620A7C52C14A1FAD3C1048009BC5CC1ED3A9C0F31E9C6601C44
Malware.AI.3495637517, C:\USERS\THEVE\DOWNLOADS\XLN.AUDIO.RC-20.RETRO.COLOR.V1.0.3.INCL.KEYGEN.HAPPY.NEW.YEAR-R2R\R2R-6638.R03, Quarantined, 1000000, -799329779, 1.0.57331, C3CA89C5D1E32B73D05B320D, dds, 01862090, 86F97BB1F89B206F811C88C719BD8B54, 343F8761025BEA14BA030F2903B0A04FC70BC0B07F8A7995BFFE0404C3950103
Malware.AI.185373464, C:\USERS\THEVE\DOWNLOADS\XLN.AUDIO.RC-20.RETRO.COLOR.V1.0.0.INCL.KEYGEN.HAPPY.NEW.YEAR-R2R\R2R-5634.R03, Quarantined, 1000000, 185373464, 1.0.57331, 2307BFAB720B83600B0C9318, dds, 01862090, 3BC4E4DCF2E31662F0B7296F8804F3D1, 87E4BCA7EF1BC05B601929AB47E77609D01583EF203BDFE632ACFE32EF0D9D03

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-18-2022
# Duration: 00:00:09
# OS: Windows 10 Home
# Cleaned: 7
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files\ACCUSONUS\REGROOVER PRO
Deleted C:\Users\TheVe\Documents\Tongbu

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted veoh.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2087 octets] - [18/07/2022 05:09:51]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Posts: 55,981   +509
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

NonTechyDad

Posts: 26   +0
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by TheVerbalArteest (administrator) on DESKTOP-RIMVDU7 (Hewlett-Packard HP Compaq dc7900 Small Form Factor) (22-07-2022 05:54:32)
Running from C:\Users\TheVe\Desktop\malware and anti virus
Loaded Profiles: TheVerbalArteest
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(services.exe ->) (Andrea Electronics Corporation) [File not signed] C:\Windows\System32\AEADISRV.EXE
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed] C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 

NonTechyDad

Posts: 26   +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by TheVerbalArteest (administrator) on DESKTOP-RIMVDU7 (Hewlett-Packard HP Compaq dc7900 Small Form Factor) (22-07-2022 05:54:32)
Running from C:\Users\TheVe\Desktop\malware and anti virus
Loaded Profiles: TheVerbalArteest
Platform: Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <22>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(services.exe ->) (Andrea Electronics Corporation) [File not signed] C:\Windows\System32\AEADISRV.EXE
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed] C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) [File not signed]
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [MP3 Skype recorder] => C:\Users\TheVe\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [3880584 2018-11-11] (DOMIT LIMITED -> Domit UK LTD)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [GoogleChromeAutoLaunch_C4EF761CAF8184320C85D0131A064097] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2673480 2022-07-01] (Google LLC -> Google LLC)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-07] (Google LLC -> Google LLC)
Startup: C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-28]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C02645C-34C1-4AFF-894F-0EB347BDF67B} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0EAE4EF2-C8D0-4E1C-BA7C-324099D4BCAD} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (No File)
Task: {231268DA-C332-4852-9926-BAFDEBAAB7FC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560304 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {289FAC5C-A456-425D-9877-8A3A4EF2B0B4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3BA0C9B1-7A79-4901-9784-29DDADF6A694} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {572F0843-E2DF-4F65-8616-0278EA00AFE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {5CB93FB4-EF3B-4B2C-BD29-1E81715BFE69} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2022-01-31] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {60DA993F-7DA0-4198-84B6-59987281D6AC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6321E5BE-09B8-4234-996E-A28BBAE5AF56} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {67162561-8F50-4C28-9AA0-2327EF46EA96} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FFB5A39-DF90-4F51-821C-773F98FF1AE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {765875FC-DC17-48FD-A416-ED188275B503} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {793B7B22-EA3A-4010-8789-DB8E9801C23D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1003888 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {799EDE7A-1487-41C3-A300-B3D44D41A7EC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8012F695-FA52-47B6-95D5-3FB8261052E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [562544 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A1A3D805-19B0-453D-983B-BCE709E9EF50} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A6F81679-D86A-4D96-9E47-C5E6FFF20F6D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {AA017D50-057E-4683-940B-F79DBF9A27BB} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {AA797A31-5155-491F-A119-4A294BC4B676} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AEEE40C4-86CB-4365-8931-F0B53187D33F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B60F94EF-967B-4F92-89F7-DFA38E4268F7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB7AC4F0-E42E-497F-B754-5880CF7FF5F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D88B52CD-F1A8-4413-B610-EE2D2B5548B8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {E0243755-C9B2-4D4E-9D7E-FE9CFA0B86C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {E2158A77-C3D3-4EB4-8BDC-390BEA3340FE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {E5CCEF5F-F876-475E-9271-80701F601FCA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 

NonTechyDad

Posts: 26   +0
==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-24] (Intel Corporation -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-03-24] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) [File not signed]
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2019-03-09] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [MP3 Skype recorder] => C:\Users\TheVe\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [3880584 2018-11-11] (DOMIT LIMITED -> Domit UK LTD)
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Run: [GoogleChromeAutoLaunch_C4EF761CAF8184320C85D0131A064097] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 [2673480 2022-07-01] (Google LLC -> Google LLC)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-07] (Google LLC -> Google LLC)
Startup: C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2018-01-28]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C02645C-34C1-4AFF-894F-0EB347BDF67B} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0EAE4EF2-C8D0-4E1C-BA7C-324099D4BCAD} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (No File)
Task: {231268DA-C332-4852-9926-BAFDEBAAB7FC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3560304 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {289FAC5C-A456-425D-9877-8A3A4EF2B0B4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {3BA0C9B1-7A79-4901-9784-29DDADF6A694} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {572F0843-E2DF-4F65-8616-0278EA00AFE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {5CB93FB4-EF3B-4B2C-BD29-1E81715BFE69} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2022-01-31] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {60DA993F-7DA0-4198-84B6-59987281D6AC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [786800 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6321E5BE-09B8-4234-996E-A28BBAE5AF56} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {67162561-8F50-4C28-9AA0-2327EF46EA96} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FFB5A39-DF90-4F51-821C-773F98FF1AE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {765875FC-DC17-48FD-A416-ED188275B503} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {793B7B22-EA3A-4010-8789-DB8E9801C23D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [1003888 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {799EDE7A-1487-41C3-A300-B3D44D41A7EC} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8012F695-FA52-47B6-95D5-3FB8261052E6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [562544 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A1A3D805-19B0-453D-983B-BCE709E9EF50} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A6F81679-D86A-4D96-9E47-C5E6FFF20F6D} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel(R) Software Asset Manager -> Intel Corporation)
Task: {AA017D50-057E-4683-940B-F79DBF9A27BB} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {AA797A31-5155-491F-A119-4A294BC4B676} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855408 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AEEE40C4-86CB-4365-8931-F0B53187D33F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116648 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B60F94EF-967B-4F92-89F7-DFA38E4268F7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [887152 2018-11-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB7AC4F0-E42E-497F-B754-5880CF7FF5F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {D88B52CD-F1A8-4413-B610-EE2D2B5548B8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {E0243755-C9B2-4D4E-9D7E-FE9CFA0B86C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-26] (Google Inc -> Google Inc.)
Task: {E2158A77-C3D3-4EB4-8BDC-390BEA3340FE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {E5CCEF5F-F876-475E-9271-80701F601FCA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{665f913f-0411-4e38-b250-529f0438f3e7}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{d99ff61f-598e-4809-921f-9121ab7cc41e}: [DhcpNameServer] 208.59.247.45 208.59.247.46

Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-3999933350-674082219-2972644759-1001 -> hxxps://www.yandex.ru/?win=362&clid=2255618
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Profile: C:\Users\TheVe\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-20]
Edge HomePage: Default -> hxxps://www.yandex.ru/?win=362&clid=2255618

FireFox:
========
FF DefaultProfile: nahd6ha2.default
FF ProfilePath: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2022-07-21]
FF NewTabOverride: Mozilla\Firefox\Profiles\nahd6ha2.default -> Disabled: vb@yandex.ru
FF SearchPlugin: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20182703.xml [2018-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2019-05-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-06-06] [Legacy] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default [2022-07-22]
CHR Extension: (Privacy Pass) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2022-07-17]
CHR Extension: (DownAlbum) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2022-07-17]
CHR Extension: (Video Downloader professional) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2022-07-17]
CHR Extension: (Google Play Books) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2022-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-18]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-07-17]
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec]

Yandex:
=======
YAN Profile: C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default [2018-12-03]
YAN Extension: (Rating Program Extension - Cloud) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\aeblbnaefoaakjgpedmjbogemoegfdfm [2018-12-03]
YAN Extension: (Chrome IG Story) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-12-03]
YAN Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-12-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
S2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-17] (Malwarebytes Inc. -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14592472 2022-06-13] (ADLICE -> )
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-05-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 Synchro Arts License Manager; C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe [175488 2008-02-22] (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation -> Intel Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender SRL -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 LoopBeMidi1; C:\WINDOWS\system32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de) [File not signed]
S4 lzrutis; C:\WINDOWS\System32\drivers\vdrcuspz.sys [148816 2019-04-23] () [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-21] (Malwarebytes Inc. -> Malwarebytes)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win7.sys [41192 2017-06-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-07-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [452856 2022-07-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-07-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-21 12:38 - 2022-07-21 12:38 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-21 12:38 - 2022-07-21 12:38 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-21 12:38 - 2022-07-21 12:38 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-21 12:38 - 2022-07-21 12:38 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-21 00:31 - 2022-07-21 00:31 - 000001337 _____ C:\Users\Public\Desktop\Adobe Character Animator 2022.lnk
2022-07-21 00:23 - 2022-07-21 00:27 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.0.0.111.x64.WIN
2022-07-21 00:22 - 2022-07-21 00:22 - 000016615 _____ C:\Users\TheVe\Downloads\[audionews.org].t315356.torrent
2022-07-21 00:22 - 2022-07-21 00:22 - 000010921 _____ C:\Users\TheVe\Downloads\[audionews.org].t319649.torrent
2022-07-21 00:08 - 2022-07-21 00:12 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.3.0.65.x64.WIN
2022-07-21 00:08 - 2022-07-21 00:08 - 000014809 _____ C:\Users\TheVe\Downloads\[audionews.org].t330878.torrent
2022-07-20 23:35 - 2022-07-20 23:40 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.4.0.52.x64.WIN
2022-07-20 23:34 - 2022-07-20 23:34 - 000014909 _____ C:\Users\TheVe\Downloads\[audionews.org].t333184.torrent
2022-07-20 22:40 - 2022-07-20 23:17 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.5.0.53.Multilingual.WIN
2022-07-20 22:39 - 2022-07-20 22:39 - 000016056 _____ C:\Users\TheVe\Downloads\[audionews.org].t338940.torrent
2022-07-20 21:46 - 2022-05-24 07:59 - 062666576 _____ (Adobe) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Animate.exe
2022-07-20 17:48 - 2022-07-20 17:48 - 000041920 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2022-07-20 13:26 - 2022-07-20 10:01 - 000000000 ____D C:\Windows.old
2022-07-20 13:21 - 2022-07-20 13:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-07-20 13:16 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000351128 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-07-20 13:16 - 2020-10-05 14:00 - 005972824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-07-20 13:15 - 2022-07-20 13:26 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-07-20 13:13 - 2022-07-20 13:14 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-07-20 13:13 - 2022-07-20 13:13 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-07-20 13:05 - 2022-07-20 13:05 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-07-20 12:57 - 2022-07-20 12:57 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-20 12:57 - 2022-07-20 12:57 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-20 12:57 - 2022-07-20 12:57 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-20 12:56 - 2022-07-20 12:56 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-07-20 12:56 - 2022-07-20 12:56 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-07-20 12:56 - 2022-07-20 12:56 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-20 12:56 - 2022-07-20 12:56 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-07-20 12:55 - 2022-07-20 12:55 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-07-20 12:55 - 2022-07-20 12:55 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-20 12:54 - 2022-07-20 12:54 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-20 12:54 - 2022-07-20 12:54 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-20 12:54 - 2022-07-20 12:54 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-07-20 12:54 - 2022-07-20 12:54 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-07-20 12:50 - 2022-07-20 12:50 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-07-20 12:50 - 2022-07-20 12:50 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-07-20 12:40 - 2019-12-06 20:35 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2022-07-20 12:40 - 2019-12-06 20:34 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2022-07-20 12:40 - 2019-12-06 20:27 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2022-07-20 12:40 - 2019-12-06 20:26 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2022-07-20 12:40 - 2019-10-15 17:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-07-20 12:40 - 2019-04-18 22:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files\MSBuild
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-07-20 10:47 - 2022-07-20 10:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-07-20 10:43 - 2022-07-20 10:43 - 000000020 ___SH C:\Users\TheVe\ntuser.ini
2022-07-20 09:59 - 2022-07-21 11:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-20 09:59 - 2022-07-20 17:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-20 09:59 - 2022-07-20 10:00 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-07-20 09:59 - 2022-07-20 10:00 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-20 09:59 - 2022-07-20 10:00 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-20 09:59 - 2022-07-20 10:00 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2022-07-20 09:59 - 2022-07-20 10:00 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000002970 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2022-07-20 09:59 - 2022-07-20 10:00 - 000002956 _____ C:\WINDOWS\system32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000002956 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2022-07-20 09:59 - 2022-07-20 10:00 - 000002872 _____ C:\WINDOWS\system32\Tasks\Red Giant Link
2022-07-20 09:59 - 2022-07-20 10:00 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-20 09:59 - 2022-07-20 10:00 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-20 09:59 - 2022-07-20 10:00 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-07-20 09:59 - 2022-07-20 10:00 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-07-20 09:59 - 2022-07-20 09:59 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 09:59 - 2022-07-20 09:59 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-07-20 09:59 - 2022-07-20 09:59 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000002838 _____ C:\WINDOWS\system32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000002604 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\H-5-2-54-1149693119-1253883956-1166587040-1664
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-07-20 09:58 - 2022-07-20 09:59 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-07-20 09:58 - 2022-07-20 09:59 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-07-20 09:49 - 2022-07-20 17:54 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-20 09:34 - 2022-07-20 10:43 - 000000000 ____D C:\Users\TheVe
2022-07-20 09:34 - 2022-07-20 09:44 - 000000000 ____D C:\Users\temp.fix
2022-07-20 09:34 - 2019-12-07 05:10 - 000001105 _____ C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-20 09:34 - 2019-12-07 05:10 - 000001105 _____ C:\Users\temp.fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-20 09:32 - 2022-07-20 15:11 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-20 09:32 - 2022-07-20 15:11 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-20 09:28 - 2022-07-22 05:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-20 09:28 - 2022-07-20 09:28 - 005105312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-20 09:27 - 2022-07-20 17:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-20 06:45 - 2022-07-20 10:43 - 000000000 ___DC C:\WINDOWS\Panther
2022-07-20 06:23 - 2022-07-20 06:45 - 000000000 ____D C:\ESD
2022-07-20 06:21 - 2022-07-20 06:21 - 000000000 ___HD C:\$Windows.~WS
2022-07-20 06:11 - 2022-07-20 06:11 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2022-07-18 05:08 - 2022-07-18 05:10 - 000000000 ____D C:\AdwCleaner
2022-07-17 14:15 - 2022-07-17 14:15 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-17 14:15 - 2022-07-17 14:15 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-17 14:15 - 2022-07-17 14:15 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-17 14:14 - 2022-07-17 14:14 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-07-17 14:14 - 2022-07-17 14:13 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-07-17 14:13 - 2022-07-17 14:13 - 002556344 _____ (Malwarebytes) C:\Users\TheVe\Downloads\MBSetup-99830C8B.exe
2022-07-17 14:13 - 2022-07-17 14:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-17 14:05 - 2022-07-17 14:05 - 000000000 ____D C:\Program Files\Google
2022-07-17 12:40 - 2022-07-20 06:03 - 000000000 ____D C:\ProgramData\RogueKiller
2022-07-17 12:39 - 2022-07-20 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-07-17 12:39 - 2022-07-17 12:39 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-07-17 12:39 - 2022-07-17 12:39 - 000000000 ____D C:\Program Files\RogueKiller
2022-07-17 12:38 - 2022-07-17 12:38 - 043599792 _____ (Adlice Software ) C:\Users\TheVe\Downloads\RogueKiller_setup.exe
2022-07-17 09:09 - 2022-07-17 09:09 - 000000000 ____D C:\Users\TheVe\Desktop\pdf
2022-07-17 06:22 - 2022-07-22 05:54 - 000000000 ____D C:\Users\TheVe\Desktop\malware and anti virus
2022-07-17 05:54 - 2022-07-22 05:55 - 000000000 ____D C:\FRST
2022-07-17 05:41 - 2022-07-17 05:43 - 000004974 _____ C:\Users\TheVe\Downloads\.6efeab48d0425dd4637604354adea9c6476d2ade.parts
2022-07-17 05:37 - 2022-07-20 10:57 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.6.202.x64.WIN
2022-07-17 05:37 - 2022-07-17 05:37 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t334847.torrent
2022-07-17 05:10 - 2022-07-17 05:10 - 000000000 ____D C:\Users\temp.fix\ansel
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ___HD C:\Users\temp.fix\MicrosoftEdgeBackups
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\MicrosoftEdge
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\CEF
2022-07-17 05:06 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA Corporation
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ___RD C:\Users\temp.fix\3D Objects
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\VirtualStore
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Google
2022-07-17 05:05 - 2022-07-20 09:35 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Packages
2022-07-17 05:05 - 2022-07-17 05:12 - 000000000 ___RD C:\Users\temp.fix\OneDrive
2022-07-17 05:05 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\ConnectedDevicesPlatform
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Roaming\Adobe
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\TileDataLayer
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Publishers
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Comms
2022-07-17 05:05 - 2016-09-02 11:32 - 000000319 _____ C:\Users\temp.fix\Desktop\Get Office 365 Personal.url
2022-07-17 05:05 - 2016-09-02 11:31 - 000000194 _____ C:\Users\temp.fix\Desktop\Get Office 365 Home.url
2022-07-17 05:05 - 2016-08-31 16:58 - 000000154 _____ C:\Users\temp.fix\Desktop\Microsoft Store.url
2022-07-17 03:53 - 2022-07-17 04:11 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.7.214.x64.WIN
2022-07-17 03:52 - 2022-07-17 03:52 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t339695.torrent
2022-07-10 23:19 - 2022-07-10 23:19 - 001232282 _____ C:\Users\TheVe\Downloads\Blank.zip
2022-07-05 11:59 - 2022-07-05 11:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\aundsgb
2022-07-02 00:29 - 2022-07-02 00:29 - 000000000 _____ C:\Users\TheVe\Downloads\download
2022-06-30 08:34 - 2022-07-17 03:25 - 000000170 _____ C:\WINDOWS\wininit.ini
2022-06-30 04:43 - 2022-06-30 04:43 - 000800839 _____ C:\Users\TheVe\Downloads\Bluster.zip
2022-06-28 04:56 - 2022-06-28 04:58 - 1367096420 _____ C:\Users\TheVe\Downloads\Adobe Flash Pro CS6.exe
2022-06-28 04:46 - 2022-06-28 04:47 - 130656256 _____ C:\Users\TheVe\Downloads\Searching for_ adobe animate in_.iso
2022-06-28 04:45 - 2022-06-28 04:45 - 130656256 _____ C:\Users\TheVe\Downloads\Adobe Animate CC 2017 v16.0.1 (x64) + Crack [Sa....iso
2022-06-24 05:22 - 2022-06-24 05:22 - 000000000 ____D C:\Users\TheVe\AppData\Local\pwhvnux
 

NonTechyDad

Posts: 26   +0
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{665f913f-0411-4e38-b250-529f0438f3e7}: [DhcpNameServer] 208.59.247.45 208.59.247.46
Tcpip\..\Interfaces\{d99ff61f-598e-4809-921f-9121ab7cc41e}: [DhcpNameServer] 208.59.247.45 208.59.247.46

Edge:
=======
Edge HomeButtonPage: HKU\S-1-5-21-3999933350-674082219-2972644759-1001 -> hxxps://www.yandex.ru/?win=362&clid=2255618
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Profile: C:\Users\TheVe\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-20]
Edge HomePage: Default -> hxxps://www.yandex.ru/?win=362&clid=2255618

FireFox:
========
FF DefaultProfile: nahd6ha2.default
FF ProfilePath: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2022-07-21]
FF NewTabOverride: Mozilla\Firefox\Profiles\nahd6ha2.default -> Disabled: vb@yandex.ru
FF SearchPlugin: C:\Users\TheVe\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-20182703.xml [2018-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: (Adobe Contribute Toolbar) - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2019-05-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2019-06-06] [Legacy] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.16 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default [2022-07-22]
CHR Extension: (Privacy Pass) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhmfdgkijocedmfjonnpjfojldioehi [2022-07-17]
CHR Extension: (DownAlbum) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2022-07-17]
CHR Extension: (Video Downloader professional) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2022-07-17]
CHR Extension: (Google Play Books) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2022-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-18]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2022-07-17]
CHR Profile: C:\Users\TheVe\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-28]
CHR HKLM-x32\...\Chrome\Extension: [gndelhfhcfbdhndfpcinebijfcjpmpec]

Yandex:
=======
YAN Profile: C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default [2018-12-03]
YAN Extension: (Rating Program Extension - Cloud) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\aeblbnaefoaakjgpedmjbogemoegfdfm [2018-12-03]
YAN Extension: (Chrome IG Story) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\bojgejgifofondahckoaahkilneffhmf [2018-12-03]
YAN Extension: (vidIQ Vision for YouTube) - C:\Users\TheVe\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-12-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
S2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2018-01-17] (Intel(R) Driver & Support Assistant -> Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-26] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-17] (Malwarebytes Inc. -> Malwarebytes)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14592472 2022-06-13] (ADLICE -> )
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-05-22] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 Synchro Arts License Manager; C:\Program Files (x86)\Common Files\Synchro Arts Shared\License.exe [175488 2008-02-22] (Synchro Arts Ltd -> Synchro Arts Ltd) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-24] (Intel Corporation -> Intel Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [357768 2018-08-22] (Bitdefender SRL -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 edrsensor; C:\WINDOWS\System32\DRIVERS\edrsensor.sys [294000 2018-10-09] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 LoopBeMidi1; C:\WINDOWS\system32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de) [File not signed]
S4 lzrutis; C:\WINDOWS\System32\drivers\vdrcuspz.sys [148816 2019-04-23] () [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-21] (Malwarebytes Inc. -> Malwarebytes)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win7.sys [41192 2017-06-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2022-07-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [452856 2022-07-20] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-07-20] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-21 12:38 - 2022-07-21 12:38 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-21 12:38 - 2022-07-21 12:38 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-21 12:38 - 2022-07-21 12:38 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-21 12:38 - 2022-07-21 12:38 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-21 00:31 - 2022-07-21 00:31 - 000001337 _____ C:\Users\Public\Desktop\Adobe Character Animator 2022.lnk
2022-07-21 00:23 - 2022-07-21 00:27 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.0.0.111.x64.WIN
2022-07-21 00:22 - 2022-07-21 00:22 - 000016615 _____ C:\Users\TheVe\Downloads\[audionews.org].t315356.torrent
2022-07-21 00:22 - 2022-07-21 00:22 - 000010921 _____ C:\Users\TheVe\Downloads\[audionews.org].t319649.torrent
2022-07-21 00:08 - 2022-07-21 00:12 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.3.0.65.x64.WIN
2022-07-21 00:08 - 2022-07-21 00:08 - 000014809 _____ C:\Users\TheVe\Downloads\[audionews.org].t330878.torrent
2022-07-20 23:35 - 2022-07-20 23:40 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.4.0.52.x64.WIN
2022-07-20 23:34 - 2022-07-20 23:34 - 000014909 _____ C:\Users\TheVe\Downloads\[audionews.org].t333184.torrent
2022-07-20 22:40 - 2022-07-20 23:17 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Character.Animator.2022.v22.5.0.53.Multilingual.WIN
2022-07-20 22:39 - 2022-07-20 22:39 - 000016056 _____ C:\Users\TheVe\Downloads\[audionews.org].t338940.torrent
2022-07-20 21:46 - 2022-05-24 07:59 - 062666576 _____ (Adobe) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Animate.exe
2022-07-20 17:48 - 2022-07-20 17:48 - 000041920 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2022-07-20 13:26 - 2022-07-20 10:01 - 000000000 ____D C:\Windows.old
2022-07-20 13:21 - 2022-07-20 13:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-07-20 13:16 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-07-20 13:16 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-07-20 13:16 - 2020-10-05 14:05 - 000351128 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-07-20 13:16 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-07-20 13:16 - 2020-10-05 14:02 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-07-20 13:16 - 2020-10-05 14:00 - 005972824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-07-20 13:15 - 2022-07-20 13:26 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-07-20 13:13 - 2022-07-20 13:14 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-07-20 13:13 - 2022-07-20 13:13 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-07-20 13:05 - 2022-07-20 13:05 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-07-20 12:57 - 2022-07-20 12:57 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-20 12:57 - 2022-07-20 12:57 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-20 12:57 - 2022-07-20 12:57 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-07-20 12:57 - 2022-07-20 12:57 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-07-20 12:57 - 2022-07-20 12:57 - 000011811 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-20 12:56 - 2022-07-20 12:56 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-07-20 12:56 - 2022-07-20 12:56 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-07-20 12:56 - 2022-07-20 12:56 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-07-20 12:56 - 2022-07-20 12:56 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 000093696 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-07-20 12:55 - 2022-07-20 12:55 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-07-20 12:55 - 2022-07-20 12:55 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-07-20 12:55 - 2022-07-20 12:55 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-07-20 12:54 - 2022-07-20 12:54 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-07-20 12:54 - 2022-07-20 12:54 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-07-20 12:54 - 2022-07-20 12:54 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-07-20 12:54 - 2022-07-20 12:54 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-07-20 12:50 - 2022-07-20 12:50 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-07-20 12:50 - 2022-07-20 12:50 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-07-20 12:40 - 2019-12-06 20:35 - 000374784 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2022-07-20 12:40 - 2019-12-06 20:34 - 000417792 _____ C:\WINDOWS\system32\d3dconfig.exe
2022-07-20 12:40 - 2019-12-06 20:27 - 000347136 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2022-07-20 12:40 - 2019-12-06 20:26 - 000365056 _____ C:\WINDOWS\SysWOW64\d3dconfig.exe
2022-07-20 12:40 - 2019-10-15 17:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-07-20 12:40 - 2019-04-18 22:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files\MSBuild
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-07-20 12:37 - 2022-07-20 12:37 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-07-20 10:47 - 2022-07-20 10:47 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-07-20 10:43 - 2022-07-20 10:43 - 000000020 ___SH C:\Users\TheVe\ntuser.ini
2022-07-20 09:59 - 2022-07-21 11:09 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-20 09:59 - 2022-07-20 17:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-20 09:59 - 2022-07-20 10:00 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-07-20 09:59 - 2022-07-20 10:00 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-20 09:59 - 2022-07-20 10:00 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-20 09:59 - 2022-07-20 10:00 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2022-07-20 09:59 - 2022-07-20 10:00 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000003016 _____ C:\WINDOWS\system32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000002970 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2022-07-20 09:59 - 2022-07-20 10:00 - 000002956 _____ C:\WINDOWS\system32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 10:00 - 000002956 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper_nxt
2022-07-20 09:59 - 2022-07-20 10:00 - 000002872 _____ C:\WINDOWS\system32\Tasks\Red Giant Link
2022-07-20 09:59 - 2022-07-20 10:00 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1002
2022-07-20 09:59 - 2022-07-20 10:00 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-20 09:59 - 2022-07-20 10:00 - 000002770 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2022-07-20 09:59 - 2022-07-20 10:00 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2022-07-20 09:59 - 2022-07-20 09:59 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-20 09:59 - 2022-07-20 09:59 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-07-20 09:59 - 2022-07-20 09:59 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000002838 _____ C:\WINDOWS\system32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-07-20 09:59 - 2022-07-20 09:59 - 000002604 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-3999933350-674082219-2972644759-1001
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\H-5-2-54-1149693119-1253883956-1166587040-1664
2022-07-20 09:59 - 2022-07-20 09:59 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-07-20 09:58 - 2022-07-20 09:59 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-07-20 09:58 - 2022-07-20 09:59 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-07-20 09:49 - 2022-07-20 17:54 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-20 09:34 - 2022-07-20 10:43 - 000000000 ____D C:\Users\TheVe
2022-07-20 09:34 - 2022-07-20 09:44 - 000000000 ____D C:\Users\temp.fix
2022-07-20 09:34 - 2019-12-07 05:10 - 000001105 _____ C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-20 09:34 - 2019-12-07 05:10 - 000001105 _____ C:\Users\temp.fix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-20 09:32 - 2022-07-20 15:11 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-20 09:32 - 2022-07-20 15:11 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-20 09:28 - 2022-07-22 05:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-20 09:28 - 2022-07-20 09:28 - 005105312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-20 09:27 - 2022-07-20 17:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-20 06:45 - 2022-07-20 10:43 - 000000000 ___DC C:\WINDOWS\Panther
2022-07-20 06:23 - 2022-07-20 06:45 - 000000000 ____D C:\ESD
2022-07-20 06:21 - 2022-07-20 06:21 - 000000000 ___HD C:\$Windows.~WS
2022-07-20 06:11 - 2022-07-20 06:11 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2022-07-18 05:08 - 2022-07-18 05:10 - 000000000 ____D C:\AdwCleaner
2022-07-17 14:15 - 2022-07-17 14:15 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-17 14:15 - 2022-07-17 14:15 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-17 14:15 - 2022-07-17 14:15 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-17 14:14 - 2022-07-17 14:14 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-07-17 14:14 - 2022-07-17 14:13 - 000021480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-07-17 14:13 - 2022-07-17 14:13 - 002556344 _____ (Malwarebytes) C:\Users\TheVe\Downloads\MBSetup-99830C8B.exe
2022-07-17 14:13 - 2022-07-17 14:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-17 14:05 - 2022-07-17 14:05 - 000000000 ____D C:\Program Files\Google
2022-07-17 12:40 - 2022-07-20 06:03 - 000000000 ____D C:\ProgramData\RogueKiller
2022-07-17 12:39 - 2022-07-20 13:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-07-17 12:39 - 2022-07-17 12:39 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2022-07-17 12:39 - 2022-07-17 12:39 - 000000000 ____D C:\Program Files\RogueKiller
2022-07-17 12:38 - 2022-07-17 12:38 - 043599792 _____ (Adlice Software ) C:\Users\TheVe\Downloads\RogueKiller_setup.exe
2022-07-17 09:09 - 2022-07-17 09:09 - 000000000 ____D C:\Users\TheVe\Desktop\pdf
2022-07-17 06:22 - 2022-07-22 05:54 - 000000000 ____D C:\Users\TheVe\Desktop\malware and anti virus
2022-07-17 05:54 - 2022-07-22 05:55 - 000000000 ____D C:\FRST
2022-07-17 05:41 - 2022-07-17 05:43 - 000004974 _____ C:\Users\TheVe\Downloads\.6efeab48d0425dd4637604354adea9c6476d2ade.parts
2022-07-17 05:37 - 2022-07-20 10:57 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.6.202.x64.WIN
2022-07-17 05:37 - 2022-07-17 05:37 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t334847.torrent
2022-07-17 05:10 - 2022-07-17 05:10 - 000000000 ____D C:\Users\temp.fix\ansel
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ___HD C:\Users\temp.fix\MicrosoftEdgeBackups
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\MicrosoftEdge
2022-07-17 05:07 - 2022-07-17 05:07 - 000000000 ____D C:\Users\temp.fix\AppData\Local\CEF
2022-07-17 05:06 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA Corporation
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ___RD C:\Users\temp.fix\3D Objects
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\VirtualStore
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\NVIDIA
2022-07-17 05:06 - 2022-07-17 05:06 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Google
2022-07-17 05:05 - 2022-07-20 09:35 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Packages
2022-07-17 05:05 - 2022-07-17 05:12 - 000000000 ___RD C:\Users\temp.fix\OneDrive
2022-07-17 05:05 - 2022-07-17 05:08 - 000000000 ____D C:\Users\temp.fix\AppData\Local\ConnectedDevicesPlatform
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Roaming\Adobe
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\TileDataLayer
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Publishers
2022-07-17 05:05 - 2018-01-26 12:01 - 000000000 ____D C:\Users\temp.fix\AppData\Local\Comms
2022-07-17 05:05 - 2016-09-02 11:32 - 000000319 _____ C:\Users\temp.fix\Desktop\Get Office 365 Personal.url
2022-07-17 05:05 - 2016-09-02 11:31 - 000000194 _____ C:\Users\temp.fix\Desktop\Get Office 365 Home.url
2022-07-17 05:05 - 2016-08-31 16:58 - 000000154 _____ C:\Users\temp.fix\Desktop\Microsoft Store.url
2022-07-17 03:53 - 2022-07-17 04:11 - 000000000 ____D C:\Users\TheVe\Downloads\Adobe.Animate.2022.v22.0.7.214.x64.WIN
2022-07-17 03:52 - 2022-07-17 03:52 - 000011379 _____ C:\Users\TheVe\Downloads\[audionews.org].t339695.torrent
2022-07-10 23:19 - 2022-07-10 23:19 - 001232282 _____ C:\Users\TheVe\Downloads\Blank.zip
2022-07-05 11:59 - 2022-07-05 11:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\aundsgb
2022-07-02 00:29 - 2022-07-02 00:29 - 000000000 _____ C:\Users\TheVe\Downloads\download
2022-06-30 08:34 - 2022-07-17 03:25 - 000000170 _____ C:\WINDOWS\wininit.ini
2022-06-30 04:43 - 2022-06-30 04:43 - 000800839 _____ C:\Users\TheVe\Downloads\Bluster.zip
2022-06-28 04:56 - 2022-06-28 04:58 - 1367096420 _____ C:\Users\TheVe\Downloads\Adobe Flash Pro CS6.exe
2022-06-28 04:46 - 2022-06-28 04:47 - 130656256 _____ C:\Users\TheVe\Downloads\Searching for_ adobe animate in_.iso
2022-06-28 04:45 - 2022-06-28 04:45 - 130656256 _____ C:\Users\TheVe\Downloads\Adobe Animate CC 2017 v16.0.1 (x64) + Crack [Sa....iso
2022-06-24 05:22 - 2022-06-24 05:22 - 000000000 ____D C:\Users\TheVe\AppData\Local\pwhvnux
==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-22 05:54 - 2018-01-26 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-22 05:48 - 2019-04-23 22:47 - 000000000 ____D C:\Users\TheVe\AppData\Local\wdkmbcg
2022-07-21 23:48 - 2019-04-27 20:20 - 000000000 ____D C:\Users\TheVe\AppData\LocalLow\Mozilla
2022-07-21 17:33 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-21 13:43 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-21 13:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-21 13:43 - 2018-06-22 18:29 - 000000000 ____D C:\ProgramData\Packages
2022-07-21 13:40 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Local\Packages
2022-07-21 12:48 - 2018-08-14 12:56 - 000000000 ____D C:\Users\TheVe\AppData\Local\D3DSCache
2022-07-21 12:25 - 2018-04-12 16:09 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-21 04:20 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-21 04:20 - 2017-01-11 15:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-21 04:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-07-21 00:32 - 2018-02-08 18:55 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\qBittorrent
2022-07-21 00:32 - 2018-01-28 19:12 - 000000000 ____D C:\Users\TheVe\Documents\Adobe
2022-07-21 00:31 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Adobe
2022-07-21 00:30 - 2018-01-28 18:51 - 000000000 ____D C:\Program Files\Adobe
2022-07-21 00:15 - 2018-04-16 12:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\CrashDumps
2022-07-20 23:34 - 2022-06-21 08:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-20 23:18 - 2018-01-28 18:51 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-07-20 23:18 - 2018-01-28 18:41 - 000000000 ____D C:\Users\TheVe\AppData\Local\Adobe
2022-07-20 21:45 - 2017-04-05 15:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-20 17:49 - 2018-02-21 20:25 - 000000258 __RSH C:\ProgramData\ntuser.pol
2022-07-20 17:47 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-20 17:31 - 2018-04-12 16:15 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-07-20 14:39 - 2018-11-16 11:55 - 000000000 ____D C:\Program Files\rempl
2022-07-20 13:26 - 2022-02-23 06:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2022-07-20 13:26 - 2021-05-27 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office
2022-07-20 13:26 - 2020-11-22 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2022-07-20 13:26 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-07-20 13:26 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-07-20 13:26 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2022-07-20 13:26 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-07-20 13:26 - 2019-09-29 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2022-07-20 13:26 - 2019-06-19 12:00 - 000000000 ____D C:\Program Files\UNP
2022-07-20 13:26 - 2019-06-06 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2022-07-20 13:26 - 2019-05-19 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
2022-07-20 13:26 - 2019-04-29 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2022-07-20 13:26 - 2019-04-23 21:56 - 000000000 ____D C:\WINDOWS\system32\zacldsw
2022-07-20 13:26 - 2019-04-23 21:50 - 000000000 ____D C:\WINDOWS\system32\exagrzd
2022-07-20 13:26 - 2019-04-21 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\digiCamControl
2022-07-20 13:26 - 2018-12-03 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2022-07-20 13:26 - 2018-09-20 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2022-07-20 13:26 - 2018-09-17 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares
2022-07-20 13:26 - 2018-09-17 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixbus4 (x86)
2022-07-20 13:26 - 2018-09-17 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixbus5 (x86)
2022-07-20 13:26 - 2018-08-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Antares
2022-07-20 13:26 - 2018-04-12 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-07-20 13:26 - 2018-04-12 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2022-07-20 13:26 - 2018-04-11 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kinoni
2022-07-20 13:26 - 2018-03-10 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2022-07-20 13:26 - 2018-03-09 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2022-07-20 13:26 - 2018-02-22 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2022-07-20 13:26 - 2018-01-28 19:12 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2022-07-20 13:26 - 2018-01-28 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2022-07-20 13:26 - 2018-01-28 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2022-07-20 13:26 - 2018-01-28 18:17 - 000000000 ____D C:\Program Files\Intel
2022-07-20 13:26 - 2018-01-26 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Softube
2022-07-20 13:26 - 2018-01-26 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SoundToys
2022-07-20 13:26 - 2018-01-26 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixbus32C-4
2022-07-20 13:26 - 2018-01-26 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-07-20 13:26 - 2018-01-26 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-07-20 13:26 - 2018-01-26 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-07-20 13:26 - 2018-01-26 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-07-20 13:26 - 2018-01-26 03:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-20 13:26 - 2017-04-05 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\x64
2022-07-20 13:26 - 2017-04-05 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Lang
2022-07-20 13:26 - 2017-04-05 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Management and Security
2022-07-20 13:26 - 2017-01-11 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2022-07-20 13:26 - 2017-01-10 10:11 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2022-07-20 13:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Help
2022-07-20 13:20 - 2018-04-12 16:18 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-07-20 13:19 - 2018-04-12 16:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-07-20 13:16 - 2018-04-12 16:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-07-20 13:16 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-07-20 13:16 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-07-20 13:16 - 2017-01-10 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-07-20 13:16 - 2017-01-10 10:11 - 000000000 ___RD C:\WINDOWS\WebManagement
2022-07-20 13:15 - 2022-02-14 05:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2022-07-20 13:15 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-07-20 13:15 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-07-20 13:15 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\OCR
2022-07-20 13:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources
2022-07-20 13:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-07-20 13:15 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-07-20 13:15 - 2019-09-29 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2022-07-20 13:15 - 2019-04-23 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLN Audio
2022-07-20 13:15 - 2018-07-19 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugin Boutique
2022-07-20 13:15 - 2018-02-25 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2022-07-20 13:15 - 2018-02-20 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accusonus
2022-07-20 13:15 - 2018-02-19 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
2022-07-20 13:15 - 2018-02-06 02:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2022-07-20 13:15 - 2018-02-06 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2022-07-20 13:15 - 2018-02-04 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBook Converter
2022-07-20 13:15 - 2018-01-26 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synchro Arts Ltd
2022-07-20 13:15 - 2018-01-26 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2022-07-20 13:15 - 2018-01-26 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-20 13:05 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-07-20 12:53 - 2017-04-05 15:49 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-20 12:52 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-20 12:49 - 2018-02-15 20:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-07-20 12:44 - 2017-04-05 15:50 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-07-20 11:12 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-20 10:57 - 2018-02-17 21:04 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-20 10:50 - 2018-01-28 18:48 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-07-20 10:44 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-20 10:44 - 2018-01-26 10:04 - 000000000 ___RD C:\Users\TheVe\3D Objects
2022-07-20 10:44 - 2016-11-20 14:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-20 10:43 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Local\ConnectedDevicesPlatform
2022-07-20 10:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-07-20 10:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-20 10:00 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-07-20 09:59 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-07-20 09:45 - 2018-01-26 12:10 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 09:45 - 2018-01-26 12:10 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-20 09:39 - 2020-12-14 23:14 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-07-20 09:39 - 2018-09-17 18:05 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antares
2022-07-20 09:39 - 2018-04-10 23:29 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\digiCamControl
2022-07-20 09:39 - 2018-02-28 15:55 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plugin Alliance
2022-07-20 09:39 - 2018-01-26 14:32 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2022-07-20 09:39 - 2018-01-26 14:32 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2022-07-20 09:39 - 2018-01-26 12:00 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-07-20 09:37 - 2017-04-05 15:14 - 000000000 ____D C:\Users\Default\AppData\Local\Packages
2022-07-20 09:36 - 2018-02-19 20:22 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2022-07-20 09:36 - 2018-02-05 14:14 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Celemony
2022-07-20 09:36 - 2018-01-26 15:04 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EDIROL
2022-07-20 09:36 - 2018-01-26 14:02 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2022-07-20 09:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-20 03:45 - 2018-01-26 23:45 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\vlc
2022-07-20 00:45 - 2022-05-19 02:04 - 000000000 ____D C:\Users\TheVe\Desktop\credit
2022-07-19 01:08 - 2022-02-14 03:49 - 000000000 ____D C:\Users\TheVe\AppData\Local\ElevatedDiagnostics
2022-07-18 05:10 - 2018-02-20 10:14 - 000000000 ____D C:\Program Files\Accusonus
2022-07-18 00:58 - 2019-04-23 21:29 - 000000000 ____D C:\Users\TheVe\Downloads\XLN.Audio.RC-20.Retro.Color.v1.0.0.Incl.Keygen.HAPPY.NEW.YEAR-R2R
2022-07-18 00:58 - 2019-04-22 13:18 - 000000000 ____D C:\Users\TheVe\Downloads\XLN.Audio.RC-20.Retro.Color.v1.0.3.Incl.Keygen.HAPPY.NEW.YEAR-R2R
2022-07-18 00:58 - 2018-07-19 17:19 - 000000000 ____D C:\Users\TheVe\Downloads\Plugin.Boutique.Scaler.v1.2.0.Incl.Patched.and.Keygen-R2R
2022-07-17 14:13 - 2018-12-03 23:12 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-17 04:12 - 2018-01-28 18:41 - 000000000 ____D C:\ProgramData\Adobe
2022-07-17 03:25 - 2019-04-27 20:20 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-17 03:25 - 2019-04-27 20:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-13 07:38 - 2019-06-11 00:17 - 000000132 _____ C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2022-07-05 11:54 - 2019-04-23 21:56 - 002930176 _____ C:\WINDOWS\system32\spsnzersvc.exe
2022-06-24 05:15 - 2022-06-21 07:33 - 000000000 ____D C:\Users\TheVe\Desktop\battle life
 

NonTechyDad

Posts: 26   +0
==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-22 05:54 - 2018-01-26 12:09 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-22 05:48 - 2019-04-23 22:47 - 000000000 ____D C:\Users\TheVe\AppData\Local\wdkmbcg
2022-07-21 23:48 - 2019-04-27 20:20 - 000000000 ____D C:\Users\TheVe\AppData\LocalLow\Mozilla
2022-07-21 17:33 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-21 13:43 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-21 13:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-21 13:43 - 2018-06-22 18:29 - 000000000 ____D C:\ProgramData\Packages
2022-07-21 13:40 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Local\Packages
2022-07-21 12:48 - 2018-08-14 12:56 - 000000000 ____D C:\Users\TheVe\AppData\Local\D3DSCache
2022-07-21 12:25 - 2018-04-12 16:09 - 000000000 ____D C:\ProgramData\NVIDIA
2022-07-21 04:20 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-21 04:20 - 2017-01-11 15:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2022-07-21 04:17 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-07-21 00:32 - 2018-02-08 18:55 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\qBittorrent
2022-07-21 00:32 - 2018-01-28 19:12 - 000000000 ____D C:\Users\TheVe\Documents\Adobe
2022-07-21 00:31 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Adobe
2022-07-21 00:30 - 2018-01-28 18:51 - 000000000 ____D C:\Program Files\Adobe
2022-07-21 00:15 - 2018-04-16 12:59 - 000000000 ____D C:\Users\TheVe\AppData\Local\CrashDumps
2022-07-20 23:34 - 2022-06-21 08:48 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-20 23:18 - 2018-01-28 18:51 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-07-20 23:18 - 2018-01-28 18:41 - 000000000 ____D C:\Users\TheVe\AppData\Local\Adobe
2022-07-20 21:45 - 2017-04-05 15:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-07-20 17:49 - 2018-02-21 20:25 - 000000258 __RSH C:\ProgramData\ntuser.pol
2022-07-20 17:47 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-20 17:31 - 2018-04-12 16:15 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-07-20 14:39 - 2018-11-16 11:55 - 000000000 ____D C:\Program Files\rempl
2022-07-20 13:26 - 2022-02-23 06:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks X
2022-07-20 13:26 - 2021-05-27 02:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office
2022-07-20 13:26 - 2020-11-22 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2022-07-20 13:26 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-07-20 13:26 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-07-20 13:26 - 2019-12-07 05:18 - 000000000 ____D C:\WINDOWS\Setup
2022-07-20 13:26 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2022-07-20 13:26 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-07-20 13:26 - 2019-09-29 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2022-07-20 13:26 - 2019-06-19 12:00 - 000000000 ____D C:\Program Files\UNP
2022-07-20 13:26 - 2019-06-06 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2022-07-20 13:26 - 2019-05-19 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
2022-07-20 13:26 - 2019-04-29 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2022-07-20 13:26 - 2019-04-23 21:56 - 000000000 ____D C:\WINDOWS\system32\zacldsw
2022-07-20 13:26 - 2019-04-23 21:50 - 000000000 ____D C:\WINDOWS\system32\exagrzd
2022-07-20 13:26 - 2019-04-21 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\digiCamControl
2022-07-20 13:26 - 2018-12-03 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2022-07-20 13:26 - 2018-09-20 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2022-07-20 13:26 - 2018-09-17 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares
2022-07-20 13:26 - 2018-09-17 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixbus4 (x86)
2022-07-20 13:26 - 2018-09-17 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixbus5 (x86)
2022-07-20 13:26 - 2018-08-09 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Antares
2022-07-20 13:26 - 2018-04-12 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-07-20 13:26 - 2018-04-12 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2022-07-20 13:26 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2022-07-20 13:26 - 2018-04-11 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kinoni
2022-07-20 13:26 - 2018-03-10 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2022-07-20 13:26 - 2018-03-09 00:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2022-07-20 13:26 - 2018-02-22 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2022-07-20 13:26 - 2018-01-28 19:12 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2022-07-20 13:26 - 2018-01-28 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2022-07-20 13:26 - 2018-01-28 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2022-07-20 13:26 - 2018-01-28 18:17 - 000000000 ____D C:\Program Files\Intel
2022-07-20 13:26 - 2018-01-26 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Softube
2022-07-20 13:26 - 2018-01-26 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SoundToys
2022-07-20 13:26 - 2018-01-26 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mixbus32C-4
2022-07-20 13:26 - 2018-01-26 14:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2022-07-20 13:26 - 2018-01-26 14:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2022-07-20 13:26 - 2018-01-26 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-07-20 13:26 - 2018-01-26 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-07-20 13:26 - 2018-01-26 03:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-20 13:26 - 2017-04-05 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\x64
2022-07-20 13:26 - 2017-04-05 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Lang
2022-07-20 13:26 - 2017-04-05 17:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Management and Security
2022-07-20 13:26 - 2017-01-11 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2022-07-20 13:26 - 2017-01-10 10:11 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2022-07-20 13:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Help
2022-07-20 13:20 - 2018-04-12 16:18 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-07-20 13:19 - 2018-04-12 16:12 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-07-20 13:16 - 2019-12-07 05:49 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-07-20 13:16 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-07-20 13:16 - 2018-04-12 16:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-07-20 13:16 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-07-20 13:16 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-07-20 13:16 - 2017-01-10 10:13 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-07-20 13:16 - 2017-01-10 10:11 - 000000000 ___RD C:\WINDOWS\WebManagement
2022-07-20 13:15 - 2022-02-14 05:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2022-07-20 13:15 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-07-20 13:15 - 2019-12-07 05:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-07-20 13:15 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\OCR
2022-07-20 13:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Resources
2022-07-20 13:15 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-07-20 13:15 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-07-20 13:15 - 2019-09-29 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2022-07-20 13:15 - 2019-04-23 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLN Audio
2022-07-20 13:15 - 2018-07-19 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugin Boutique
2022-07-20 13:15 - 2018-02-25 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2022-07-20 13:15 - 2018-02-20 10:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accusonus
2022-07-20 13:15 - 2018-02-19 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxengo
2022-07-20 13:15 - 2018-02-06 02:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2022-07-20 13:15 - 2018-02-06 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2022-07-20 13:15 - 2018-02-04 12:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBook Converter
2022-07-20 13:15 - 2018-01-26 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synchro Arts Ltd
2022-07-20 13:15 - 2018-01-26 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2022-07-20 13:15 - 2018-01-26 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-07-20 13:05 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-07-20 13:05 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-07-20 12:53 - 2017-04-05 15:49 - 146546848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-07-20 12:52 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-20 12:49 - 2018-02-15 20:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-07-20 12:44 - 2017-04-05 15:50 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-07-20 11:12 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-07-20 10:57 - 2018-02-17 21:04 - 000000000 ____D C:\ProgramData\Package Cache
2022-07-20 10:50 - 2018-01-28 18:48 - 000000000 ____D C:\Program Files (x86)\Adobe
2022-07-20 10:44 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-07-20 10:44 - 2018-01-26 10:04 - 000000000 ___RD C:\Users\TheVe\3D Objects
2022-07-20 10:44 - 2016-11-20 14:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-07-20 10:43 - 2018-05-22 19:00 - 000000000 ____D C:\Users\TheVe\AppData\Local\ConnectedDevicesPlatform
2022-07-20 10:02 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-07-20 10:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-07-20 10:00 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-07-20 09:59 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-07-20 09:45 - 2018-01-26 12:10 - 000002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-20 09:45 - 2018-01-26 12:10 - 000002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-20 09:39 - 2020-12-14 23:14 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-07-20 09:39 - 2018-09-17 18:05 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antares
2022-07-20 09:39 - 2018-04-10 23:29 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\digiCamControl
2022-07-20 09:39 - 2018-02-28 15:55 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plugin Alliance
2022-07-20 09:39 - 2018-01-26 14:32 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2022-07-20 09:39 - 2018-01-26 14:32 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2022-07-20 09:39 - 2018-01-26 12:00 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2022-07-20 09:37 - 2017-04-05 15:14 - 000000000 ____D C:\Users\Default\AppData\Local\Packages
2022-07-20 09:36 - 2018-02-19 20:22 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2022-07-20 09:36 - 2018-02-05 14:14 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Celemony
2022-07-20 09:36 - 2018-01-26 15:04 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EDIROL
2022-07-20 09:36 - 2018-01-26 14:02 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2022-07-20 09:29 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-20 03:45 - 2018-01-26 23:45 - 000000000 ____D C:\Users\TheVe\AppData\Roaming\vlc
2022-07-20 00:45 - 2022-05-19 02:04 - 000000000 ____D C:\Users\TheVe\Desktop\credit
2022-07-19 01:08 - 2022-02-14 03:49 - 000000000 ____D C:\Users\TheVe\AppData\Local\ElevatedDiagnostics
2022-07-18 05:10 - 2018-02-20 10:14 - 000000000 ____D C:\Program Files\Accusonus
2022-07-18 00:58 - 2019-04-23 21:29 - 000000000 ____D C:\Users\TheVe\Downloads\XLN.Audio.RC-20.Retro.Color.v1.0.0.Incl.Keygen.HAPPY.NEW.YEAR-R2R
2022-07-18 00:58 - 2019-04-22 13:18 - 000000000 ____D C:\Users\TheVe\Downloads\XLN.Audio.RC-20.Retro.Color.v1.0.3.Incl.Keygen.HAPPY.NEW.YEAR-R2R
2022-07-18 00:58 - 2018-07-19 17:19 - 000000000 ____D C:\Users\TheVe\Downloads\Plugin.Boutique.Scaler.v1.2.0.Incl.Patched.and.Keygen-R2R
2022-07-17 14:13 - 2018-12-03 23:12 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-17 04:12 - 2018-01-28 18:41 - 000000000 ____D C:\ProgramData\Adobe
2022-07-17 03:25 - 2019-04-27 20:20 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-17 03:25 - 2019-04-27 20:20 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-13 07:38 - 2019-06-11 00:17 - 000000132 _____ C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2022-07-05 11:54 - 2019-04-23 21:56 - 002930176 _____ C:\WINDOWS\system32\spsnzersvc.exe
2022-06-24 05:15 - 2022-06-21 07:33 - 000000000 ____D C:\Users\TheVe\Desktop\battle life
==================== Files in the root of some directories ========

2018-08-09 16:03 - 2018-09-17 18:03 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-08-09 16:03 - 2018-09-17 18:03 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-06-11 00:16 - 2019-06-12 10:41 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2019-06-11 00:17 - 2022-07-13 07:38 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-03-10 17:10 - 2020-11-21 19:35 - 000000032 _____ () C:\Users\TheVe\AppData\Roaming\msregsvv.dll
2018-02-18 15:51 - 2022-02-19 11:25 - 000002824 _____ () C:\Users\TheVe\AppData\Roaming\VoiceMeeterDefault.xml
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_essentials.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000109 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c-4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_bc3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_ds.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eg.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eq.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_lc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_mc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_me.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_sc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_tg.txt
2020-10-16 15:27 - 2020-10-16 15:27 - 000000787 _____ () C:\Users\TheVe\AppData\Local\recently-used.xbel

==================== FLock ==============================

2018-12-03 23:25 C:\Users\TheVe\AppData\Roaming\wow64_microsoft-windows-I..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_4025bb8924a11670

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

NonTechyDad

Posts: 26   +0
==================== Files in the root of some directories ========

2018-08-09 16:03 - 2018-09-17 18:03 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-08-09 16:03 - 2018-09-17 18:03 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-06-11 00:16 - 2019-06-12 10:41 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2019-06-11 00:17 - 2022-07-13 07:38 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-03-10 17:10 - 2020-11-21 19:35 - 000000032 _____ () C:\Users\TheVe\AppData\Roaming\msregsvv.dll
2018-02-18 15:51 - 2022-02-19 11:25 - 000002824 _____ () C:\Users\TheVe\AppData\Roaming\VoiceMeeterDefault.xml
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_essentials.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000109 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c-4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_bc3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_ds.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eg.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eq.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_lc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_mc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_me.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_sc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_tg.txt
2020-10-16 15:27 - 2020-10-16 15:27 - 000000787 _____ () C:\Users\TheVe\AppData\Local\recently-used.xbel

==================== FLock ==============================

2018-12-03 23:25 C:\Users\TheVe\AppData\Roaming\wow64_microsoft-windows-I..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_4025bb8924a11670

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by TheVerbalArteest (22-07-2022 05:59:33)
Running from C:\Users\TheVe\Desktop\malware and anti virus
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2022-07-20 14:01:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3999933350-674082219-2972644759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3999933350-674082219-2972644759-503 - Limited - Disabled)
Guest (S-1-5-21-3999933350-674082219-2972644759-501 - Limited - Disabled)
temp.fix (S-1-5-21-3999933350-674082219-2972644759-1002 - Administrator - Enabled) => C:\Users\temp.fix
TheVerbalArteest (S-1-5-21-3999933350-674082219-2972644759-1001 - Administrator - Enabled) => C:\Users\TheVe
WDAGUtilityAccount (S-1-5-21-3999933350-674082219-2972644759-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{569F29BA-2D46-439B-8B7C-01D999B9201D}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9F460796-0348-4B11-BCA0-714C4B85E3D7}) (Version: 3.1.2.2 - Intel) Hidden
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Accusonus Regroover Pro (HKLM\...\Regroover Pro_is1) (Version: 1.6.0 - Accusonus)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.7 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )
Antares Auto-Tune v4.39 (HKLM-x32\...\Antares Auto-Tune v4.39) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.5.101.1001 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\BlueStacks X) (Version: 0.13.2.5 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.0.0 - Canon Inc.)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B32AF677}) (Version: 2.0.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33AF677}) (Version: 2.1.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{e228fee9-3f05-4ed9-9186-26b05094d174}) (Version: 2.1.0.0 - ) Hidden
DirectWave VSTi (HKLM-x32\...\DirectWave VSTi) (Version: - Image-Line)
EDIROL Orchestral (HKLM-x32\...\EDIROL Orchestral) (Version: 1.0.3 - EDIROL)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.114 - Google LLC)
HalfTime 1.0.1 (HKLM\...\HalfTime_is1) (Version: 1.0.1 - CableGuys & Team V.R)
IK Multimedia Authorization Manager version 1.0.19 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.19 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version: - Image-Line)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{644B16B7-3B5D-4316-965C-03E49D749C40}) (Version: 17.0.210 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{CD4D85AB-8C3B-4876-A063-96D8E4090353}) (Version: 17.0.210 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e7adbf16-34ad-490a-a4e8-feb60fb99973}) (Version: 3.1.2.2 - Intel)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.05 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.04 - iZotope, Inc.)
iZotope Nectar 3 (HKLM\...\Nectar 3_is1) (Version: 3.0.0 - iZotope)
iZotope Nectar 3 Elements (HKLM\...\Nectar 3 Elements_is1) (Version: 3.00 - iZotope & Team V.R)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.01) (Version: 7.01 - iZotope, Inc.)
iZotope Ozone 8 (HKLM\...\Ozone 8_is1) (Version: 8.0.2 - iZotope)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.02 - iZotope, Inc.)
iZotope Tonal Balance Control (HKLM\...\Tonal Balance Control_is1) (Version: 2.0.2 - iZotope)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Magic Bullet Suite v13.0.0 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 13.0.0 - Red Giant, LLC)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
M-Audio M-Track 1.0.2 (x64) (HKLM\...\{C38CEF46-A4DF-4A1B-BE82-3C8CA706C85C}) (Version: 1.0.2 - M-Audio)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (HKLM\...\{90BF0360-A1DB-4599-A643-95AB90A52C1E}) (Version: 1.00.0000 - Adobe) Hidden
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mixbus32C-4 (HKLM-x32\...\Mixbus32C-4-w64) (Version: - )
Mixbus4 (HKLM-x32\...\Mixbus4-w32) (Version: - )
Mixbus5 (HKLM-x32\...\Mixbus5-w32) (Version: - )
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{874C11C8-4273-4213-B018-D80878EB3DF3}) (Version: 4.49.1.0 - Domit LTD)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.1.1599 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.6.16 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.1.1 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.1.637 - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: 1.3.0.4 - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: 1.3.0.6 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.1 - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: 1.4.0.6 - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: 1.3.0.3 - Native Instruments)
Neutron 2 Advanced (HKLM-x32\...\Neutron 2) (Version: 2.00 - iZotope, Inc.)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.16.0.122 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.122 - NVIDIA Corporation)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.)
PDF ePub DRM Removal version 4.16 (HKLM-x32\...\{B17EB9DB-FEFD-4943-94E5-5428B3A53467}_is1) (Version: 4.16 - eBook Converter Team)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Plugin Boutique Scaler (HKLM\...\Scaler_is1) (Version: 1.2.0 - Plugin Boutique)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
RogueKiller version 15.5.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.5.3.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.65.0 - Samsung Electronics Co., Ltd.)
Serato Sample (HKLM\...\{177C2AC3-B53C-45CE-905D-70DE3D5A0399}) (Version: 1.1.0.6200 - Serato) Hidden
Serato Sample (HKLM-x32\...\{9f4422e8-b72f-4c2b-af20-95609c96ef3e}) (Version: 1.1.0.6200 - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SpectraLayers Pro 4.0 (HKLM\...\{7E9B303B-33F1-43B7-9792-EC5ABF96C60C}) (Version: 4.0.87 - MAGIX)
Syntronik version 1.1.0 (HKLM\...\{F4F8EE56-65A3-480C-A0CD-5CCA567A5673}_is1) (Version: 1.1.0 - IK Multimedia)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VocALign Project (HKLM-x32\...\{7E7F3882-48B3-424B-9BE2-D257D1319C59}) (Version: 2.9.1 - Synchro Arts Ltd)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Voxengo SPAN Plus (HKLM\...\Voxengo SPAN Plus_is1) (Version: 1.4 - Voxengo)
Waves Complete (HKLM\...\Complete_is1) (Version: 2018.07.23 - Waves)
Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version: - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1703 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XLN Audio RC-20 Retro Color (HKLM\...\RC-20 Retro Color_is1) (Version: 1.0.3 - XLN Audio)
Zoom (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)
 

NonTechyDad

Posts: 26   +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by TheVerbalArteest (22-07-2022 05:59:33)
Running from C:\Users\TheVe\Desktop\malware and anti virus
Microsoft Windows 10 Home Version 21H2 19044.1826 (X64) (2022-07-20 14:01:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3999933350-674082219-2972644759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3999933350-674082219-2972644759-503 - Limited - Disabled)
Guest (S-1-5-21-3999933350-674082219-2972644759-501 - Limited - Disabled)
temp.fix (S-1-5-21-3999933350-674082219-2972644759-1002 - Administrator - Enabled) => C:\Users\temp.fix
TheVerbalArteest (S-1-5-21-3999933350-674082219-2972644759-1001 - Administrator - Enabled) => C:\Users\TheVe
WDAGUtilityAccount (S-1-5-21-3999933350-674082219-2972644759-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{569F29BA-2D46-439B-8B7C-01D999B9201D}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{9F460796-0348-4B11-BCA0-714C4B85E3D7}) (Version: 3.1.2.2 - Intel) Hidden
Ableton Live 10 Suite (HKLM\...\{FE06C730-0296-42D9-B869-4E819D7F47A3}) (Version: 10.0.0.0 - Ableton)
Accusonus Regroover Pro (HKLM\...\Regroover Pro_is1) (Version: 1.6.0 - Accusonus)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.7 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\Amazon Kindle) (Version: 1.21.0.48017 - Amazon)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version: - )
Antares Auto-Tune v4.39 (HKLM-x32\...\Antares Auto-Tune v4.39) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}) (Version: 12.2.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.5.101.1001 - BlueStack Systems, Inc.)
BlueStacks X (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\BlueStacks X) (Version: 0.13.2.5 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.0.0 - Canon Inc.)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B32AF677}) (Version: 2.0.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33AF677}) (Version: 2.1.0.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{e228fee9-3f05-4ed9-9186-26b05094d174}) (Version: 2.1.0.0 - ) Hidden
DirectWave VSTi (HKLM-x32\...\DirectWave VSTi) (Version: - Image-Line)
EDIROL Orchestral (HKLM-x32\...\EDIROL Orchestral) (Version: 1.0.3 - EDIROL)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.114 - Google LLC)
HalfTime 1.0.1 (HKLM\...\HalfTime_is1) (Version: 1.0.1 - CableGuys & Team V.R)
IK Multimedia Authorization Manager version 1.0.19 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.19 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Minihost Modular (HKLM-x32\...\IL Minihost Modular) (Version: - Image-Line)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{644B16B7-3B5D-4316-965C-03E49D749C40}) (Version: 17.0.210 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{CD4D85AB-8C3B-4876-A063-96D8E4090353}) (Version: 17.0.210 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM\...\{F0385150-FF86-4A18-AA55-6ED9E5F87DA7}) (Version: 2.1.03638 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{e7adbf16-34ad-490a-a4e8-feb60fb99973}) (Version: 3.1.2.2 - Intel)
iTunes (HKLM\...\{DF90B2B3-5832-4E85-934D-8048B33A1D67}) (Version: 12.9.4.102 - Apple Inc.)
iZotope Insight (HKLM-x32\...\iZotope Insight_is1) (Version: 1.05 - iZotope, Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.04 - iZotope, Inc.)
iZotope Nectar 3 (HKLM\...\Nectar 3_is1) (Version: 3.0.0 - iZotope)
iZotope Nectar 3 Elements (HKLM\...\Nectar 3 Elements_is1) (Version: 3.00 - iZotope & Team V.R)
iZotope Ozone 7 Advanced (HKLM-x32\...\iZotope Ozone 7 Advanced 7.01) (Version: 7.01 - iZotope, Inc.)
iZotope Ozone 8 (HKLM\...\Ozone 8_is1) (Version: 8.0.2 - iZotope)
iZotope RX 5 (HKLM-x32\...\iZotope RX 5_is1) (Version: 5.02 - iZotope, Inc.)
iZotope Tonal Balance Control (HKLM\...\Tonal Balance Control_is1) (Version: 2.0.2 - iZotope)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
KinoniDrivers 2.8.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.8.1 - Kinoni)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Magic Bullet Suite v13.0.0 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 13.0.0 - Red Giant, LLC)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
M-Audio M-Track 1.0.2 (x64) (HKLM\...\{C38CEF46-A4DF-4A1B-BE82-3C8CA706C85C}) (Version: 1.0.2 - M-Audio)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3999933350-674082219-2972644759-1002\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (HKLM-x32\...\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (HKLM\...\{925D058B-564A-443A-B4B2-7E90C6432E55}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (HKLM-x32\...\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (HKLM\...\{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (HKLM-x32\...\{D1A19B02-817E-4296-A45B-07853FD74D57}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (HKLM\...\{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (HKLM-x32\...\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}) (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (HKLM\...\{1E9FC118-651D-4934-97BE-E53CAE5C7D45}) (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (HKLM-x32\...\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (HKLM\...\{8557397C-A42D-486F-97B3-A2CBC2372593}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{08D2E121-7F6A-43EB-97FD-629B44903403}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (HKLM\...\{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (HKLM-x32\...\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (HKLM\...\{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (HKLM-x32\...\{B6D38690-755E-4F40-A35A-23F8BC2B86AC}) (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (HKLM\...\{90BF0360-A1DB-4599-A643-95AB90A52C1E}) (Version: 1.00.0000 - Adobe) Hidden
Minimal ADB and Fastboot version 1.4.3 (HKLM-x32\...\{B561660D-8B3C-491D-9E3E-293F14FCAADA}_is1) (Version: 1.4.3 - Samuel Rodberg)
Mixbus32C-4 (HKLM-x32\...\Mixbus32C-4-w64) (Version: - )
Mixbus4 (HKLM-x32\...\Mixbus4-w32) (Version: - )
Mixbus5 (HKLM-x32\...\Mixbus5-w32) (Version: - )
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
MP3 Skype recorder (HKLM-x32\...\{874C11C8-4273-4213-B018-D80878EB3DF3}) (Version: 4.49.1.0 - Domit LTD)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.1.1599 - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.6.16 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.1.1 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.1.637 - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: 1.3.0.4 - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: 1.3.0.6 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.1 - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: 1.4.0.6 - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: 1.3.0.3 - Native Instruments)
Neutron 2 Advanced (HKLM-x32\...\Neutron 2) (Version: 2.00 - iZotope, Inc.)
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.16.0.122 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.16.0.122 - NVIDIA Corporation)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
PACE License Support Win64 (HKLM\...\{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{15ADFA42-BA79-47e4-945F-A8A997FB990C}) (Version: 4.0.3.2024 - PACE Anti-Piracy, Inc.)
PDF ePub DRM Removal version 4.16 (HKLM-x32\...\{B17EB9DB-FEFD-4943-94E5-5428B3A53467}_is1) (Version: 4.16 - eBook Converter Team)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Plugin Boutique Scaler (HKLM\...\Scaler_is1) (Version: 1.2.0 - Plugin Boutique)
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
qBittorrent 4.0.2 (HKLM-x32\...\qBittorrent) (Version: 4.0.2 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.10.0 - Red Giant, LLC)
RogueKiller version 15.5.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.5.3.0 - Adlice Software)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.65.0 - Samsung Electronics Co., Ltd.)
Serato Sample (HKLM\...\{177C2AC3-B53C-45CE-905D-70DE3D5A0399}) (Version: 1.1.0.6200 - Serato) Hidden
Serato Sample (HKLM-x32\...\{9f4422e8-b72f-4c2b-af20-95609c96ef3e}) (Version: 1.1.0.6200 - )
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.7255 - Analog Devices)
SpectraLayers Pro 4.0 (HKLM\...\{7E9B303B-33F1-43B7-9792-EC5ABF96C60C}) (Version: 4.0.87 - MAGIX)
Syntronik version 1.1.0 (HKLM\...\{F4F8EE56-65A3-480C-A0CD-5CCA567A5673}_is1) (Version: 1.1.0 - IK Multimedia)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VocALign Project (HKLM-x32\...\{7E7F3882-48B3-424B-9BE2-D257D1319C59}) (Version: 2.9.1 - Synchro Arts Ltd)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Voxengo SPAN Plus (HKLM\...\Voxengo SPAN Plus_is1) (Version: 1.4 - Voxengo)
Waves Complete (HKLM\...\Complete_is1) (Version: 2018.07.23 - Waves)
Waves Complete v8.0.11 (HKLM-x32\...\Waves Complete V8_is1) (Version: - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.1703 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XLN Audio RC-20 Retro Color (HKLM\...\RC-20 Retro Color_is1) (Version: 1.0.3 - XLN Audio)
Zoom (HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\ZoomUMX) (Version: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2022-07-20] (Autodesk Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-20] (Microsoft Studios) [MS Ad]
ReadAloud -> C:\Program Files\WindowsApps\21676OptimiliaStudios.ReadAloud_2.1.40.0_x64__k42naep6bwmrc [2022-07-21] (Optimilia Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\WINDOWS\system32\vorbis.acm [1470976 2012-11-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-04-05 17:13 - 2009-07-24 14:29 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 003703808 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000147456 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000224256 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\xerces-c_2_7.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\StatusStrings.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:5A00B4CCF68F74CD [217]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\TheVe\Cookies:3wk4t3EUHXotkm5UAnWbkHHsL [2270]
AlternateDataStreams: C:\Users\TheVe\Cookies:nsB7kXY5docp4ymNpMrTN7FBK [2448]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\LU2uOCnrhp:qXaO5w9lAtXsTQAsWilbx [2594]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2019-04-23 22:39 - 000001053 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com
127.0.0.1 www.r2rdownload.net
127.0.0.1 ec2-52-0-114-51.compute-1.amazonaws.com
127.0.0.1 ec2-54-210-240-130.compute-1.amazonaws.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32_win\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "LoopBe1 Monitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "picon"
HKLM\...\StartupApproved\Run: => "Poppin"
HKLM\...\StartupApproved\Run: => "Gluconate"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "SoundMAXPnP"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Electromechanical"
HKLM\...\StartupApproved\Run32: => "Playstation"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "leeching.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "com.squirrel.splice.Splice"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Browser Manager"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "watercolor"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Holmen"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Warrant"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Estar"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Reassure"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
 

NonTechyDad

Posts: 26   +0
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2022-07-20] (Autodesk Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.7040.0_x64__8wekyb3d8bbwe [2022-07-20] (Microsoft Studios) [MS Ad]
ReadAloud -> C:\Program Files\WindowsApps\21676OptimiliaStudios.ReadAloud_2.1.40.0_x64__k42naep6bwmrc [2022-07-21] (Optimilia Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.vorbis] => C:\WINDOWS\system32\vorbis.acm [1470976 2012-11-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]
HKLM\...\Drivers32: [msacm.vorbis] => C:\Windows\SysWOW64\vorbis.acm [1554944 2009-09-15] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-04-05 17:13 - 2009-07-24 14:29 - 000077824 _____ () [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 003703808 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000147456 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
2014-09-20 19:09 - 2014-09-20 19:09 - 000224256 _____ () [File not signed] C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\xerces-c_2_7.dll
2017-04-05 17:13 - 2009-07-24 14:29 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\StatusStrings.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:5A00B4CCF68F74CD [217]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\TheVe\Cookies:3wk4t3EUHXotkm5UAnWbkHHsL [2270]
AlternateDataStreams: C:\Users\TheVe\Cookies:nsB7kXY5docp4ymNpMrTN7FBK [2448]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\LU2uOCnrhp:qXaO5w9lAtXsTQAsWilbx [2594]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems Incorporated -> Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-10-25] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 07:47 - 2019-04-23 22:39 - 000001053 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 www.r2rdownload.com
127.0.0.1 www.elephantafiles.com
127.0.0.1 www.r2rdownload.net
127.0.0.1 ec2-52-0-114-51.compute-1.amazonaws.com
127.0.0.1 ec2-54-210-240-130.compute-1.amazonaws.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\ia32_win\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3999933350-674082219-2972644759-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "LoopBe1 Monitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "picon"
HKLM\...\StartupApproved\Run: => "Poppin"
HKLM\...\StartupApproved\Run: => "Gluconate"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "SoundMAXPnP"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Electromechanical"
HKLM\...\StartupApproved\Run32: => "Playstation"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\StartupFolder: => "leeching.lnk"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "com.squirrel.splice.Splice"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Browser Manager"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "watercolor"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Holmen"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Warrant"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Estar"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "Reassure"
HKU\S-1-5-21-3999933350-674082219-2972644759-1001\...\StartupApproved\Run: => "MP3 Skype recorder"
 

NonTechyDad

Posts: 26   +0
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{595DF740-5E2B-4184-A9F5-F4723425B841}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{45B985BF-0838-4ECC-9F11-B441B3FBFE65}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{09CCE490-AA2E-4305-8932-2CAE0EA66676}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4FE55C06-819C-4B00-8EE3-389599AABC98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DEF8A252-59C2-4597-B770-1BCBD034D097}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21031684-5E77-42DE-B367-98C0033B0BDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DEDC1614-0DB0-4B98-B14A-6FD8EF3C6742}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{11D516A5-431C-4A22-B85A-0BE7546D5188}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{5250C3EF-15A1-4A47-B548-DC5B0E1447D0}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{25E40DDE-22FD-4A1F-BEE6-2B24344A1033}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FBCC6B78-69DB-425C-B94C-6D53481C0055}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [TCP Query User{5101A174-0A04-4368-B8D6-36A7BB01FD84}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [{9F0FE841-C867-4C73-876F-803301ADFAD0}] => (Allow) C:\Program Files (x86)\Maidens\Saturdays.exe => No File
FirewallRules: [{0284F1DD-7339-406F-9986-E23A92B48AB6}] => (Allow) C:\Program Files (x86)\prodigies\Saturdays.exe => No File
FirewallRules: [{B7BB098D-7BA0-4CD1-9EB6-FB3A84FEEA54}] => (Allow) C:\Program Files (x86)\Maidens\Antigens.exe => No File
FirewallRules: [{B4234A53-9EF7-4051-99DD-68A55E36C04D}] => (Allow) C:\Program Files (x86)\Apologies\Antigens.exe => No File
FirewallRules: [UDP Query User{E4D53A5A-EFA8-4FBB-91F8-A7161198DDA3}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [TCP Query User{4EACBAED-4428-4D32-B054-C17C4D243967}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [UDP Query User{38888F54-6F86-4781-9583-5E7A42D4F64E}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [TCP Query User{E7B29C4C-8A09-4594-9493-79FFE9642ADE}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [UDP Query User{01ADED74-A836-4BA4-86F5-8DD8FD0345A2}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [TCP Query User{4B986384-7DE7-46EF-A31E-48E851C02F5F}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [UDP Query User{9D9D6F5A-0222-42CD-990A-6E41E25F512F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{A2CF4139-4986-4ACF-97B6-083F40F90FC6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{530F3A91-F686-4F66-86D0-AB75C8FB0881}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{ED94180B-3288-4810-BC79-1A8C3B212D9A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{F265FC67-992A-49A7-BB18-F32FD4B7EE1C}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [TCP Query User{EACB5E87-2B09-445D-B638-E023031E60FE}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [UDP Query User{98AA06B2-6FD3-425A-A365-69AD3E88A9F7}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [TCP Query User{AB5C7FD0-9F55-43A7-A711-EE31D0D45349}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [UDP Query User{B57B57D5-C055-4D0F-8385-93A0EF58DF4A}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [TCP Query User{548E09B6-19F9-4015-8D4B-4D3F1D9761D2}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [{6F0CF5E0-3835-49FC-8BB1-1B62F282647C}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{758A6061-9ABE-40A9-A10C-EB89347CEAED}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1E7B47FB-81E3-4F5E-BEB2-B4618D472280}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{671AD675-862C-48A3-A7EB-04073BCCF02A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D41B1140-81DD-4BAB-92A8-BF0A519F8FE4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F0E42338-C442-4D9B-9FAC-B7C0D2A67A70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4983A909-90E2-4835-A8A2-A52D1E948C0A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{181434A2-1DC6-45D5-B1DF-CF0AEB140BA4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78713EBA-0435-46E0-A071-422F14CA172F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F2CD0740-AA95-48D9-BA22-C3C8BEB79C4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C43FF9FE-0629-4B93-8544-71B31F29B19C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6274EEE-8DF5-4934-B28B-8C2FF24C797D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EE8032D8-0D8D-4608-B5FE-E645B3F4E7A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{323B888B-DF3C-4582-B6A1-1DB7A01D5F17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A147AAD2-9447-4554-9291-4AF1433AE832}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F583012C-3D45-4E64-B881-F6B0E0168157}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

20-07-2022 10:54:05 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820
20-07-2022 10:54:16 Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
 

NonTechyDad

Posts: 26   +0
==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{595DF740-5E2B-4184-A9F5-F4723425B841}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{45B985BF-0838-4ECC-9F11-B441B3FBFE65}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{09CCE490-AA2E-4305-8932-2CAE0EA66676}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{4FE55C06-819C-4B00-8EE3-389599AABC98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DEF8A252-59C2-4597-B770-1BCBD034D097}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21031684-5E77-42DE-B367-98C0033B0BDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DEDC1614-0DB0-4B98-B14A-6FD8EF3C6742}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{11D516A5-431C-4A22-B85A-0BE7546D5188}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{5250C3EF-15A1-4A47-B548-DC5B0E1447D0}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{25E40DDE-22FD-4A1F-BEE6-2B24344A1033}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FBCC6B78-69DB-425C-B94C-6D53481C0055}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [TCP Query User{5101A174-0A04-4368-B8D6-36A7BB01FD84}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [{9F0FE841-C867-4C73-876F-803301ADFAD0}] => (Allow) C:\Program Files (x86)\Maidens\Saturdays.exe => No File
FirewallRules: [{0284F1DD-7339-406F-9986-E23A92B48AB6}] => (Allow) C:\Program Files (x86)\prodigies\Saturdays.exe => No File
FirewallRules: [{B7BB098D-7BA0-4CD1-9EB6-FB3A84FEEA54}] => (Allow) C:\Program Files (x86)\Maidens\Antigens.exe => No File
FirewallRules: [{B4234A53-9EF7-4051-99DD-68A55E36C04D}] => (Allow) C:\Program Files (x86)\Apologies\Antigens.exe => No File
FirewallRules: [UDP Query User{E4D53A5A-EFA8-4FBB-91F8-A7161198DDA3}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [TCP Query User{4EACBAED-4428-4D32-B054-C17C4D243967}C:\program files (x86)\digicamcontrol\cameracontrol.exe] => (Allow) C:\program files (x86)\digicamcontrol\cameracontrol.exe () [File not signed]
FirewallRules: [UDP Query User{38888F54-6F86-4781-9583-5E7A42D4F64E}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [TCP Query User{E7B29C4C-8A09-4594-9493-79FFE9642ADE}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [UDP Query User{01ADED74-A836-4BA4-86F5-8DD8FD0345A2}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [TCP Query User{4B986384-7DE7-46EF-A31E-48E851C02F5F}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [UDP Query User{9D9D6F5A-0222-42CD-990A-6E41E25F512F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{A2CF4139-4986-4ACF-97B6-083F40F90FC6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{530F3A91-F686-4F66-86D0-AB75C8FB0881}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{ED94180B-3288-4810-BC79-1A8C3B212D9A}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{F265FC67-992A-49A7-BB18-F32FD4B7EE1C}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [TCP Query User{EACB5E87-2B09-445D-B638-E023031E60FE}C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\pproheadless.exe (Adobe Systems Incorporated -> )
FirewallRules: [UDP Query User{98AA06B2-6FD3-425A-A365-69AD3E88A9F7}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [TCP Query User{AB5C7FD0-9F55-43A7-A711-EE31D0D45349}C:\program files (x86)\image-line\fl studio 11\fl64.exe] => (Block) C:\program files (x86)\image-line\fl studio 11\fl64.exe (Image Line -> Image-Line) [File not signed]
FirewallRules: [UDP Query User{B57B57D5-C055-4D0F-8385-93A0EF58DF4A}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [TCP Query User{548E09B6-19F9-4015-8D4B-4D3F1D9761D2}C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs5.5\adobe premiere pro.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
FirewallRules: [{6F0CF5E0-3835-49FC-8BB1-1B62F282647C}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{758A6061-9ABE-40A9-A10C-EB89347CEAED}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{1E7B47FB-81E3-4F5E-BEB2-B4618D472280}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{671AD675-862C-48A3-A7EB-04073BCCF02A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D41B1140-81DD-4BAB-92A8-BF0A519F8FE4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F0E42338-C442-4D9B-9FAC-B7C0D2A67A70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4983A909-90E2-4835-A8A2-A52D1E948C0A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{181434A2-1DC6-45D5-B1DF-CF0AEB140BA4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.86.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78713EBA-0435-46E0-A071-422F14CA172F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F2CD0740-AA95-48D9-BA22-C3C8BEB79C4D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C43FF9FE-0629-4B93-8544-71B31F29B19C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F6274EEE-8DF5-4934-B28B-8C2FF24C797D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EE8032D8-0D8D-4608-B5FE-E645B3F4E7A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{323B888B-DF3C-4582-B6A1-1DB7A01D5F17}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A147AAD2-9447-4554-9291-4AF1433AE832}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F583012C-3D45-4E64-B881-F6B0E0168157}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

20-07-2022 10:54:05 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820
20-07-2022 10:54:16 Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
==================== Faulty Device Manager Devices ============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (07/21/2022 12:15:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.3.0.65, time stamp: 0x62376497
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0x3518
Faulting application start time: 0x01d89cb8872dc503
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 11c76c3d-ae51-4642-b7d2-5c0738ecca50
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2022 12:01:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.4.0.52, time stamp: 0x626a1feb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0x3064
Faulting application start time: 0x01d89cb683241feb
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fa2cbe33-5ef7-4ead-9e6e-04002e606026
Faulting package full name:
Faulting package-relative application ID:

Error: (07/21/2022 12:00:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.4.0.52, time stamp: 0x626a1feb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0x3690
Faulting application start time: 0x01d89cb6678156c6
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 1c4ca7b0-d010-4481-802c-090abb655d65
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2022 11:59:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.4.0.52, time stamp: 0x626a1feb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0xff4
Faulting application start time: 0x01d89cb62f4a79d2
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 4c9a8b4e-5cba-4d64-9cf5-86a3d6a66fc7
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2022 11:56:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.4.0.52, time stamp: 0x626a1feb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0x2c74
Faulting application start time: 0x01d89cb5df40b65f
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: fcc5b199-46a4-4422-a18b-ee409786b748
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2022 11:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.4.0.52, time stamp: 0x626a1feb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0x16b4
Faulting application start time: 0x01d89cb53bf50892
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 9c832454-9d95-4825-a7e2-1f43dc014470
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2022 11:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.4.0.52, time stamp: 0x626a1feb
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0x2830
Faulting application start time: 0x01d89cb5153fab59
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 71b6ddf3-f53e-4858-b3e7-623e88408076
Faulting package full name:
Faulting package-relative application ID:

Error: (07/20/2022 11:32:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Character Animator.exe, version: 22.5.0.53, time stamp: 0x62a74406
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1826, time stamp: 0x299341e8
Exception code: 0xe06d7363
Fault offset: 0x0000000000034fd9
Faulting process id: 0x226c
Faulting application start time: 0x01d89cb2916fb402
Faulting application path: C:\Program Files\Adobe\Adobe Character Animator 2022\Support Files\Character Animator.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 1395fe7b-cac0-435a-ab90-634e5a77e685
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (07/20/2022 05:48:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DSAService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/20/2022 05:48:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the DSAService service to connect.

Error: (07/20/2022 01:18:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (07/20/2022 01:18:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The NVIDIA LocalSystem Container service terminated with the following error:
A generic command executable returned a result that indicates failure.

Error: (07/20/2022 12:49:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Update for Windows Defender Antivirus antimalware platform - KB4052623 (Version 4.18.2001.10).

Error: (07/20/2022 09:39:52 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Synchro Arts License Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/20/2022 09:39:52 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PACE License Services service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/20/2022 09:38:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.


CodeIntegrity:
===============
Date: 2022-07-22 05:53:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Hewlett-Packard 786G1 v01.16 03/05/2009
Motherboard: Hewlett-Packard 3031h
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 63%
Total physical RAM: 8059.24 MB
Available physical RAM: 2928.62 MB
Total Virtual: 12923.24 MB
Available Virtual: 6248.1 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1742.42 GB) (Free:415.83 GB) (Model: WDC WD10EURX-63FH1Y0 ATA Device) NTFS

\\?\Volume{e7b78f13-0000-0000-0000-703b00000000}\ (System) (Fixed) (Total:1.99 GB) (Free:1.92 GB) NTFS
\\?\Volume{e7b78f13-0000-0000-0000-100000000000}\ (Recovery image) (Fixed) (Total:0.93 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E7B78F13)
Partition 1: (Not Active) - (Size=950 MB) - (Type=27)
Partition 2: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1860.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Broni

Posts: 55,981   +509
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    6.3 KB · Views: 25

NonTechyDad

Posts: 26   +0
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by TheVerbalArteest (24-07-2022 03:30:06) Run:1
Running from C:\Users\TheVe\Desktop\malware and anti virus
Loaded Profiles: TheVerbalArteest
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {0EAE4EF2-C8D0-4E1C-BA7C-324099D4BCAD} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (No File)
Task: {6FFB5A39-DF90-4F51-821C-773F98FF1AE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
2018-08-09 16:03 - 2018-09-17 18:03 - 002722286 _____ () C:\Program Files (x86)\Auto-Tune 8 Manual.pdf
2018-08-09 16:03 - 2018-09-17 18:03 - 000056051 _____ () C:\Program Files (x86)\VST PC Read Me.pdf
2019-06-11 00:16 - 2019-06-12 10:41 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2019-06-11 00:17 - 2022-07-13 07:38 - 000000132 _____ () C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs
2018-03-10 17:10 - 2020-11-21 19:35 - 000000032 _____ () C:\Users\TheVe\AppData\Roaming\msregsvv.dll
2018-02-18 15:51 - 2022-02-19 11:25 - 000002824 _____ () C:\Users\TheVe\AppData\Roaming\VoiceMeeterDefault.xml
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_essentials.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000109 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c-4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus4.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_bc3.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_ds.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eg.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eq.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_lc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_mc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_me.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000107 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_sc.txt
2018-01-26 14:23 - 2018-01-26 14:23 - 000000106 _____ () C:\Users\TheVe\AppData\Local\license_key_harrison_xt_tg.txt
2020-10-16 15:27 - 2020-10-16 15:27 - 000000787 _____ () C:\Users\TheVe\AppData\Local\recently-used.xbel
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [217]
AlternateDataStreams: C:\ProgramData\PACE:5A00B4CCF68F74CD [217]
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\TheVe\Cookies:3wk4t3EUHXotkm5UAnWbkHHsL [2270]
AlternateDataStreams: C:\Users\TheVe\Cookies:nsB7kXY5docp4ymNpMrTN7FBK [2448]
AlternateDataStreams: C:\Users\TheVe\AppData\Local\LU2uOCnrhp:qXaO5w9lAtXsTQAsWilbx [2594]
FirewallRules: [{DEDC1614-0DB0-4B98-B14A-6FD8EF3C6742}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe => No File
FirewallRules: [{11D516A5-431C-4A22-B85A-0BE7546D5188}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [{5250C3EF-15A1-4A47-B548-DC5B0E1447D0}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe => No File
FirewallRules: [UDP Query User{FBCC6B78-69DB-425C-B94C-6D53481C0055}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [TCP Query User{5101A174-0A04-4368-B8D6-36A7BB01FD84}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe] => (Block) C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe => No File
FirewallRules: [{9F0FE841-C867-4C73-876F-803301ADFAD0}] => (Allow) C:\Program Files (x86)\Maidens\Saturdays.exe => No File
FirewallRules: [{0284F1DD-7339-406F-9986-E23A92B48AB6}] => (Allow) C:\Program Files (x86)\prodigies\Saturdays.exe => No File
FirewallRules: [{B7BB098D-7BA0-4CD1-9EB6-FB3A84FEEA54}] => (Allow) C:\Program Files (x86)\Maidens\Antigens.exe => No File
FirewallRules: [{B4234A53-9EF7-4051-99DD-68A55E36C04D}] => (Allow) C:\Program Files (x86)\Apologies\Antigens.exe => No File
FirewallRules: [UDP Query User{38888F54-6F86-4781-9583-5E7A42D4F64E}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [TCP Query User{E7B29C4C-8A09-4594-9493-79FFE9642ADE}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe] => (Allow) C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe => No File
FirewallRules: [UDP Query User{01ADED74-A836-4BA4-86F5-8DD8FD0345A2}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File
FirewallRules: [TCP Query User{4B986384-7DE7-46EF-A31E-48E851C02F5F}C:\program files (x86)\bluestacks\hd-player.exe] => (Allow) C:\program files (x86)\bluestacks\hd-player.exe => No File

*****************

HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EAE4EF2-C8D0-4E1C-BA7C-324099D4BCAD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EAE4EF2-C8D0-4E1C-BA7C-324099D4BCAD}" => removed successfully
C:\WINDOWS\System32\Tasks\Red Giant Link => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Red Giant Link" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FFB5A39-DF90-4F51-821C-773F98FF1AE9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FFB5A39-DF90-4F51-821C-773F98FF1AE9}" => removed successfully
C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
C:\Program Files (x86)\Auto-Tune 8 Manual.pdf => moved successfully
C:\Program Files (x86)\VST PC Read Me.pdf => moved successfully
C:\Users\TheVe\AppData\Roaming\Adobe IllExport Filter CS5 Prefs => moved successfully
C:\Users\TheVe\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
C:\Users\TheVe\AppData\Roaming\msregsvv.dll => moved successfully
C:\Users\TheVe\AppData\Roaming\VoiceMeeterDefault.xml => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_essentials.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus3.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c-4.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus32c.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_mixbus4.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_bc3.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_ds.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eg.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_eq.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_lc.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_mc.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_me.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_sc.txt => moved successfully
C:\Users\TheVe\AppData\Local\license_key_harrison_xt_tg.txt => moved successfully
C:\Users\TheVe\AppData\Local\recently-used.xbel => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
C:\ProgramData => ":482EE99B1E21CE8C" ADS removed successfully
"C:\Users\All Users" => ":482EE99B1E21CE8C" ADS not found.
"C:\ProgramData\Application Data" => ":482EE99B1E21CE8C" ADS not found.
C:\ProgramData\PACE => ":5A00B4CCF68F74CD" ADS removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\TheVe\Cookies => ":3wk4t3EUHXotkm5UAnWbkHHsL" ADS removed successfully
C:\Users\TheVe\Cookies => ":nsB7kXY5docp4ymNpMrTN7FBK" ADS removed successfully
C:\Users\TheVe\AppData\Local\LU2uOCnrhp => ":qXaO5w9lAtXsTQAsWilbx" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DEDC1614-0DB0-4B98-B14A-6FD8EF3C6742}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11D516A5-431C-4A22-B85A-0BE7546D5188}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5250C3EF-15A1-4A47-B548-DC5B0E1447D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FBCC6B78-69DB-425C-B94C-6D53481C0055}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5101A174-0A04-4368-B8D6-36A7BB01FD84}C:\program files (x86)\nero\nero 2019\nero burning rom\nero.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F0FE841-C867-4C73-876F-803301ADFAD0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0284F1DD-7339-406F-9986-E23A92B48AB6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7BB098D-7BA0-4CD1-9EB6-FB3A84FEEA54}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4234A53-9EF7-4051-99DD-68A55E36C04D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{38888F54-6F86-4781-9583-5E7A42D4F64E}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E7B29C4C-8A09-4594-9493-79FFE9642ADE}C:\users\theve\appdata\local\logmein rescue applet\lmir0b7fd001.tmp\lmi_instantchat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{01ADED74-A836-4BA4-86F5-8DD8FD0345A2}C:\program files (x86)\bluestacks\hd-player.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4B986384-7DE7-46EF-A31E-48E851C02F5F}C:\program files (x86)\bluestacks\hd-player.exe" => removed successfully


The system needed a reboot.

==== End of Fixlog 03:30:09 ====
 

Broni

Posts: 55,981   +509
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program