Solved .SCR Virus that tries to change my email recovery

[VygandasE]

Hello,
I'm somewhat tech savvy person, but I was never much into security. Recently my wife was approached by a fake Opera GX representative and she got an offer to advertise their software on her YT channel. This sounded great and all, but email came with a link to download a file. Not knowing any better she downloaded the file, extracted it and tried to open. For her it looked weird that they would try to put information in .SCR file, but now she knows it was probably a trojan.

I've tried scanning pc with different anti-virus software and looking for any services/applications that would look weird, but there was nothing.

Reason why I think that there's a virus is because someone keeps trying to change email recovery phone number once every couple of days even if she keeps changing the password. Gmail keeps saying that the attempt was made with her own pc, what makes me weirded out, since if she's not on pc, the pc is off.

she also started getting email warnings before logging in:


The PDF she received was this one:

https://easyupload.io/dlhgoj

it also has the file attached to download there. I don't know if I should be putting it here

I'm really confused why antivirus is not picking it up and I am even pretty certain that it wasn't ran as an administrator.

 

[Broni]

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[VygandasE]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
Ran by Olivkittie (administrator) on DESKTOP-N6TFA54 (09-02-2022 19:20:13)
Running from C:\Users\Olivkittie\Downloads
Loaded Profiles: Olivkittie
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1503 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe
() [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BUREL VINCENT -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Discord Inc. -> Discord Inc.) C:\Users\Olivkittie\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <15>
(Guangzhou Ugee Computers Technology Co.,Ltd -> ) C:\Program Files\Pentablet\PenTablet.exe
(Guangzhou Ugee Computers Technology Co.,Ltd -> UGEE) C:\Program Files\Pentablet\PentabletService.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Olivkittie\AppData\Local\Programs\Notion\Notion.exe <8>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe <2>
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files\Razer\RzAppEngine\rzappengine.exe <7>
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe
(Spotify AB -> Spotify Ltd) C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe <6>
(Unity Technologies ApS -> ) E:\Program Files\Steam2\steamapps\common\VTube Studio\UnityCrashHandler64.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve Corp. -> Valve Corporation) E:\Program Files\Steam2\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(Valve Corp. -> Valve Corporation) E:\Program Files\Steam2\GameOverlayUI.exe
(Valve Corp. -> Valve Corporation) E:\Program Files\Steam2\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2021-08-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [KeePass 2 PreLoad] => D:\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RZTHXHelper] => C:\WINDOWS\system32\RZTHXHelper.exe (No File)
HKLM\...\Run: [CL-26-F227840A-25B6-4AF8-B9AB-75F30F310594] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-F227840A-25B6-4AF8-B9AB-75F30F310594\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-F227840A-25B6-4AF8-B9AB-75F30F3 (the data entry has 7 more characters). (No File)
HKLM\...\Run: [PentabletService] => C:\Program Files\Pentablet\PentabletService.exe [198096 2017-09-05] (Guangzhou Ugee Computers Technology Co.,Ltd -> UGEE)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-06-05] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Adobe everything\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-11-19] (Adobe Inc. -> Adobe Systems Inc.) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Steam] => E:\Program Files\Steam2\steam.exe [4268456 2022-01-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Discord] => C:\Users\Olivkittie\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1087376 2022-01-15] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [electron.app.Descript] => C:\Users\Olivkittie\AppData\Local\Programs\Descript\Descript.exe [136710768 2021-10-18] (Descript, Inc. -> Descript, Inc.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Overwolf] => D:\Overwolf\OverwolfLauncher.exe [1802072 2022-01-29] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Spotify] => C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe [19347384 2022-02-07] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [RzAppEngine] => C:\Program Files\Razer\RzAppEngine\rzappengine.exe [1641840 2021-10-06] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9700808 2021-12-07] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Razer\RzAppEngine\rzappengine.exe [1641840 2021-10-06] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65496 2020-11-19] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}] -> C:\Program Files\Razer\RzAppEngine\1.49.0.0\Installer\chrmstp.exe [2022-01-07] (Razer USA Ltd. -> Razer Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.82\Installer\chrmstp.exe [2022-02-07] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\98.1.35.100\Installer\chrmstp.exe [2022-02-03] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005B1986-DCCF-4750-BDB8-492A9AACB527} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {01FD4D06-7C00-417A-808E-9F2EA14CA733} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0887D366-E7D8-4412-8A60-FB8A45DCEE81} - System32\Tasks\Start FFXIV MarketSense on user {0} logon => C:\WINDOWS\system32\cmd.exe" "/c" start "" "C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe" "minimized"
Task: {0BDB2CBF-4670-4B3D-940B-C36FABAEF0C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1454C1AD-097C-4456-891A-803FEB9F2821} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {17C0477F-74ED-4F63-8F57-89D1DBF914D3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {202E1453-CB6E-43E2-B56B-AD87D1892CB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (No File)
Task: {2A9CB3E3-92FC-4F4A-AAEF-F4E760FE29CE} - System32\Tasks\Overwolf Updater Task => D:\Overwolf\OverwolfUpdater.exe [2539864 2022-01-29] (Overwolf Ltd -> Overwolf LTD)
Task: {31796D6F-6BFA-47F4-B179-0DBF042FCDBA} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {45E04556-4288-4907-B06C-39CFB4061C59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5A9DA939-214B-443B-998C-2C21AE24DCE3} - System32\Tasks\GoogleUpdateTaskMachineUA{11CA08C4-FF7A-46DE-941C-6885089ED7EF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-07] (Google LLC -> Google LLC)
Task: {684A80EB-1EE4-4D23-A9B0-07CCCDBB859A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7785AA48-395C-4923-8AC0-48E2017D7CB4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E1B0301-2355-4892-A15A-3FAB1F6CD420} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {9103D20D-7EB6-4E81-9289-C01E933524BE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {951D589B-DD4F-4103-9368-E898FC4B7672} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2020-12-04] () [File not signed]
Task: {A2FD1227-5099-4E0B-AD5F-70A2D0404729} - System32\Tasks\update-S-1-5-21-4101733155-2478866902-278870721-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {A465EA5B-1705-450B-8D44-8D534F2AF26C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A9C8797B-49A6-423E-852B-E539D827921B} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {B5540F5E-045B-4501-BADD-7994F9F13893} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C5C6A70D-321F-41E3-AAC3-4257D42023D5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C8127C89-0811-447B-8707-3F975CEE8E9D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CF5997F1-FB4C-48D7-89A0-D77C00430233} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65448 2021-08-21] (Microsoft Corporation -> Microsoft)
Task: {DF67D757-1E0F-4DF5-B6CF-079BF9ED2B2C} - System32\Tasks\GoogleUpdateTaskMachineCore{EF74BF38-2925-40F5-88CD-8F96FF65D7BE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-07] (Google LLC -> Google LLC)
Task: {E6F84AB8-C6E1-4A28-A736-B9F525EBDC5E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EF01A8FE-137E-43AE-BDEA-767269EC9414} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0AA9865-A421-48B5-BCBB-A60C0F884899} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FE13C0CA-689E-4FAD-8B99-08710B2E1FB0} - System32\Tasks\Start FFXIV MarketSense on user Olivkittie logon => C:\WINDOWS\system32\cmd.exe" "/c" start "" "C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe" "minimized"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-4101733155-2478866902-278870721-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43658bb5-246d-4b69-9c39-63876f9ded2a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4d2d523d-4582-4517-b8b2-0e0c6e02f814}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Olivkittie\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-07]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - E:\Adobe everything\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - E:\Adobe everything\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-11-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - E:\Adobe everything\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: Adobe Acrobat -> E:\Adobe everything\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default [2022-02-09]
CHR Extension: (Slides) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-07]
CHR Extension: (BetterTTV) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2022-02-08]
CHR Extension: (Docs) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-07]
CHR Extension: (Google Drive) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-07]
CHR Extension: (YouTube) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-07]
CHR Extension: (Adblock for Youtube™) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-02-07]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-07]
CHR Extension: (Sheets) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-07]
CHR Extension: (Google Docs Offline) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-07]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-02-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-07]
CHR Extension: (Gmail) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-07]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Brave:
=======
BRA Profile: C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-02-08]
BRA Extension: (Safe Torrent Scanner) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-01-17]
BRA Extension: (BetterTTV) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2022-02-07]
BRA Extension: (Bitdefender Wallet) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2022-02-07]
BRA Extension: (Bitdefender Anti-tracker) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2022-02-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-02-07]
BRA Extension: (Brave NTP background images) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-01-17]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2021-12-02]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-02-07]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-02-07]
BRA Extension: (Brave Ads Resources) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2021-08-26]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-16]
BRA Extension: (Brave Ads Resources) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2021-08-26]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-02-07]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [1087736 2022-02-09] (ASUSTeK Computer Inc. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2021-12-20] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7307720 2021-12-07] (GlassWire -> SecureMix LLC)
S4 MariaDB; C:\Program Files\MariaDB 10.5\bin\mysqld.exe [32744 2021-08-03] (MariaDB Corporation Ab -> )
S4 NoIPDUCService4; D:\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
S4 OverwolfUpdater; D:\Overwolf\OverwolfUpdater.exe [2539864 2022-01-29] (Overwolf Ltd -> Overwolf LTD)
S4 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1142808 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
S4 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [451608 2021-11-17] (Razer USA Ltd. -> Razer Inc.)
S4 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1347640 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294520 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Update Service; C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe [408912 2020-04-02] (Razer USA Ltd. -> Razer)
S4 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533824 2021-10-21] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VSStandardCollectorService150; E:\Program Files\VisualStudio\SDKs\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-07-20] (ASUSTeK Computer Inc. -> )
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R3 MpKsl3283db38; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E32954FD-3E38-4F7B-925F-1E4A52B52014}\MpKslDrv.sys [135440 2022-02-09] (Microsoft Windows -> Microsoft Corporation)
R1 ndextlag; C:\WINDOWS\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-12-11] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0520; C:\WINDOWS\System32\drivers\RzDev_0520.sys [53144 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 sTHXVAD; C:\WINDOWS\System32\drivers\THXVAD.sys [162184 2019-09-17] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2021-06-14] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2021-09-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-09-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [19472 2017-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
S3 R0RazerSynapseService; \??\C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[VygandasE]

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-09 19:20 - 2022-02-09 19:20 - 000033103 _____ C:\Users\Olivkittie\Downloads\FRST.txt
2022-02-09 19:19 - 2022-02-09 19:20 - 000000000 ____D C:\FRST
2022-02-09 19:18 - 2022-02-09 19:19 - 002311680 _____ (Farbar) C:\Users\Olivkittie\Downloads\FRST64.exe
2022-02-09 19:18 - 2022-02-09 19:18 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2022-02-09 10:55 - 2022-02-09 10:56 - 000000000 ____D C:\Program Files\Pentablet
2022-02-09 10:55 - 2022-02-09 10:55 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Pentablet
2022-02-08 23:21 - 2022-02-08 23:21 - 000000000 ___HD C:\$WinREAgent
2022-02-08 12:24 - 2022-02-08 12:24 - 000426032 _____ C:\ProgramData\cl.uninstall.1644315847.bdinstall.v2.bin
2022-02-08 12:24 - 2022-02-08 12:24 - 000089372 _____ C:\ProgramData\agent.uninstall.1644315886.bdinstall.v2.bin
2022-02-08 12:22 - 2022-02-08 12:22 - 002336200 _____ C:\Users\Olivkittie\Downloads\MiqoCrafter.Binaries.Windows.refs.tags.V2.2.9.zip
2022-02-08 11:14 - 2022-02-08 11:14 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-02-08 00:32 - 2022-02-08 11:07 - 000000000 ____D C:\ProgramData\SecTaskMan
2022-02-08 00:32 - 2022-02-08 00:32 - 000001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2022-02-08 00:32 - 2022-02-08 00:32 - 000001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2022-02-08 00:32 - 2022-02-08 00:32 - 000001204 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2022-02-08 00:32 - 2022-02-08 00:32 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2022-02-07 17:50 - 2022-02-07 17:56 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-07 17:50 - 2022-02-07 17:56 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-02-07 17:50 - 2022-02-07 17:50 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{11CA08C4-FF7A-46DE-941C-6885089ED7EF}
2022-02-07 17:50 - 2022-02-07 17:50 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{EF74BF38-2925-40F5-88CD-8F96FF65D7BE}
2022-02-07 17:50 - 2022-02-07 17:50 - 000000000 ____D C:\Program Files\Google
2022-02-07 17:21 - 2022-02-07 17:21 - 000629424 _____ C:\ProgramData\cl.1644247156.bdinstall.v2.bin
2022-02-07 17:21 - 2022-02-07 17:21 - 000109244 _____ C:\ProgramData\cl.kit.1644247154.bdinstall.v2.bin
2022-02-07 17:21 - 2022-02-07 17:21 - 000000000 ____D C:\ProgramData\Gemma
2022-02-07 17:21 - 2022-02-07 17:21 - 000000000 ____D C:\ProgramData\Atc
2022-02-07 17:20 - 2022-02-07 17:20 - 000000000 ____D C:\WINDOWS\system32\elambkup
2022-02-07 17:20 - 2022-02-07 17:20 - 000000000 ____D C:\ProgramData\BDLogging
2022-02-07 17:17 - 2022-02-07 17:17 - 000225852 _____ C:\ProgramData\agent.1644247069.bdinstall.v2.bin
2022-02-07 17:17 - 2022-02-07 17:17 - 000095544 _____ C:\ProgramData\agent.update.1644247072.bdinstall.v2.bin
2022-02-07 17:17 - 2022-02-07 17:17 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Bitdefender
2022-02-07 17:17 - 2022-02-07 17:17 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2022-02-07 16:26 - 2022-02-07 16:26 - 000000000 ___HD C:\$SysReset
2022-02-07 11:46 - 2022-02-07 11:46 - 002087332 _____ C:\WINDOWS\Minidump\020722-9781-01.dmp
2022-02-04 20:38 - 2022-02-07 11:46 - 120586240 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-04 20:35 - 2022-02-04 20:38 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-04 20:31 - 2022-02-04 20:32 - 060862335 _____ (Alexander Drozdov) C:\Users\Olivkittie\Downloads\Awakened-PoE-Trade-Setup-2.15.0 (1).exe
2022-02-04 20:31 - 2022-02-04 20:31 - 060862335 _____ (Alexander Drozdov) C:\Users\Olivkittie\Downloads\Awakened-PoE-Trade-Setup-2.15.0.exe
2022-02-04 20:10 - 2022-02-04 20:10 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\mbam
2022-02-04 20:08 - 2022-02-04 20:08 - 002911928 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\MBSetup.exe
2022-02-04 18:52 - 2022-02-04 18:52 - 000000000 ____D C:\Users\Olivkittie\Downloads\Filter_Sounds_v3_2
2022-02-04 18:33 - 2022-02-04 18:33 - 000917277 _____ C:\Users\Olivkittie\Downloads\Filter_Sounds_v3_2.rar
2022-02-04 12:54 - 2022-02-04 12:54 - 000000277 _____ C:\Users\Olivkittie\Downloads\seb-appointment.ics
2022-02-04 10:50 - 2022-02-04 10:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-04 10:50 - 2022-02-04 10:50 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-02-04 10:50 - 2022-02-04 10:50 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-02-04 10:50 - 2022-02-04 10:50 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-02-04 10:50 - 2022-02-04 10:50 - 000011805 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-04 10:34 - 2022-02-04 10:34 - 000000000 ____D C:\WINDOWS\Panther
2022-02-04 10:30 - 2022-02-04 10:30 - 000001970 _____ C:\Users\Public\Desktop\GlassWire.lnk
2022-02-04 10:29 - 2022-02-04 10:30 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\glasswire
2022-02-04 10:29 - 2022-02-04 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2022-02-04 10:29 - 2022-02-04 10:30 - 000000000 ____D C:\Program Files (x86)\GlassWire
2022-02-04 10:29 - 2022-02-04 10:29 - 000000000 ____D C:\ProgramData\GlassWire
2022-02-04 10:29 - 2015-05-29 09:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2022-02-04 10:29 - 2015-05-29 09:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2022-02-04 10:28 - 2022-02-04 10:28 - 069142920 _____ (SecureMix LLC) C:\Users\Olivkittie\Downloads\GlassWireSetup.exe
2022-02-04 10:15 - 2022-02-04 10:15 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Solvusoft_Corporation
2022-02-04 10:15 - 2022-02-04 10:15 - 000000000 ____D C:\ProgramData\IsolatedStorage
2022-02-04 10:14 - 2022-02-04 10:14 - 001292488 _____ (Solvusoft Corporation) C:\Users\Olivkittie\Downloads\Setup_File_Magic_2021.exe
2022-01-31 20:17 - 2022-01-31 20:17 - 005079928 _____ C:\Users\Olivkittie\Downloads\Character_Reference_-_Emberlite_Mantear (1).pdf
2022-01-31 15:23 - 2022-01-31 15:23 - 002240820 _____ C:\Users\Olivkittie\Downloads\Resume.pdf
2022-01-31 00:26 - 2022-01-31 00:26 - 005079928 _____ C:\Users\Olivkittie\Downloads\Character_Reference_-_Emberlite_Mantear.pdf
2022-01-27 23:44 - 2022-01-27 23:44 - 000003426 _____ C:\Users\Olivkittie\Downloads\Channel Analytics and Revenue by day from Dec_29_2021 to Jan_27_2022.csv
2022-01-27 12:53 - 2022-01-27 12:53 - 000000362 _____ C:\Users\Olivkittie\Documents\Verb Conjugating Base
2022-01-26 18:38 - 2022-01-26 18:38 - 000005091 _____ C:\Users\Olivkittie\Downloads\334.xlsx
2022-01-26 15:22 - 2022-01-26 15:22 - 010852186 _____ C:\Users\Olivkittie\Documents\LitKalba (1).pdf
2022-01-23 14:44 - 2022-01-11 01:54 - 000039080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001879784 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001879784 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001467872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001454824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001454824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001206400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001115368 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001115368 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 000969448 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 000969448 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 001529512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 001179096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 000797096 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 000710824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-01-23 14:43 - 2022-01-11 14:25 - 000710776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 000637864 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 002119792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 001601144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 000983208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 000455792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-01-23 14:43 - 2022-01-11 14:23 - 008609920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 007713392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 005734568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 005099176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 002934696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-01-23 14:43 - 2022-01-11 14:22 - 000850088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-01-23 14:43 - 2022-01-11 01:54 - 000089178 _____ C:\WINDOWS\system32\nvinfo.pb
2022-01-21 12:40 - 2022-01-21 12:40 - 001805350 _____ (JimsApps ) C:\Users\Olivkittie\Downloads\SnazSetup.exe
2022-01-21 12:40 - 2022-01-21 12:40 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\JimsApps
2022-01-16 19:45 - 2022-01-16 19:45 - 000007598 _____ C:\Users\Olivkittie\AppData\Local\Resmon.ResmonCfg
2022-01-15 23:11 - 2022-01-15 23:13 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Vortex
2022-01-15 23:11 - 2022-01-15 23:11 - 000002056 _____ C:\Users\Public\Desktop\Vortex.lnk
2022-01-15 23:11 - 2022-01-15 23:11 - 000000000 ____D C:\ProgramData\Vortex
2022-01-15 23:11 - 2022-01-15 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Tree Gaming Ltd
2022-01-15 23:11 - 2022-01-15 23:11 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2022-01-15 20:09 - 2022-01-15 20:21 - 091611696 _____ (Black Tree Gaming Ltd.) C:\Users\Olivkittie\Downloads\Vortex-1-1-4-16-1633352164.exe
2022-01-15 16:37 - 2022-01-15 16:37 - 000000976 _____ C:\Users\Olivkittie\Desktop\Skyrim (SKSE).lnk
2022-01-15 16:20 - 2022-01-15 18:06 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Skyrim Special Edition
2022-01-15 00:07 - 2022-01-15 00:07 - 000362812 _____ C:\Users\Olivkittie\Downloads\skse_1_07_03_installer.exe
2022-01-14 23:40 - 2022-01-27 23:24 - 000000000 ____D C:\Users\Olivkittie\AppData\LocalLow\uTorrent
2022-01-14 23:16 - 2022-01-14 23:16 - 000000881 _____ C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-01-14 09:21 - 2022-01-14 09:21 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-14 09:21 - 2022-01-14 09:21 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-11 18:12 - 2022-01-11 18:12 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-09 19:20 - 2021-06-11 21:58 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\discord
2022-02-09 19:18 - 2021-06-12 06:43 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-09 19:14 - 2021-06-11 21:19 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Spotify
2022-02-09 19:10 - 2021-06-11 22:42 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\slobs-client
2022-02-09 19:08 - 2021-11-22 23:48 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Notion
2022-02-09 19:02 - 2021-06-11 22:02 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Discord
2022-02-09 18:55 - 2021-06-11 20:10 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-09 18:05 - 2021-06-11 21:18 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Spotify
2022-02-09 16:05 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-09 14:11 - 2021-07-03 10:12 - 115035136 _____ C:\Users\Olivkittie\AppData\Local\SageThumbs.db3
2022-02-09 14:09 - 2021-06-11 20:01 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Adobe
2022-02-09 14:05 - 2021-06-19 18:06 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-02-09 12:25 - 2021-06-11 20:08 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-09 10:55 - 2021-12-19 19:06 - 000000865 _____ C:\Users\Public\Desktop\Pentablet.lnk
2022-02-09 10:55 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\INF
2022-02-09 09:49 - 2021-06-11 20:00 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-09 09:43 - 2021-06-20 09:20 - 000003550 _____ C:\WINDOWS\system32\Tasks\Start FFXIV MarketSense on user Olivkittie logon
2022-02-09 09:43 - 2021-06-11 19:51 - 000000000 ____D C:\Users\Olivkittie
2022-02-09 09:43 - 2021-06-11 19:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-09 09:43 - 2021-06-11 19:49 - 001087736 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2022-02-09 09:43 - 2021-06-11 19:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-09 09:43 - 2020-06-06 16:50 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-09 09:42 - 2021-06-11 19:49 - 001125768 _____ C:\WINDOWS\system32\wpbbin.exe
2022-02-08 23:19 - 2021-10-23 16:17 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\awakened-poe-trade
2022-02-08 20:46 - 2021-06-12 06:43 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-08 20:46 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-08 20:11 - 2022-01-04 15:49 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\ElevatedDiagnostics
2022-02-08 20:11 - 2021-06-11 20:19 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\D3DSCache
2022-02-08 14:43 - 2021-09-30 13:20 - 000042182 _____ C:\Users\Olivkittie\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-02-08 00:53 - 2021-09-05 10:45 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\ffxiv-teamcraft
2022-02-07 21:42 - 2021-09-05 10:45 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft
2022-02-07 21:42 - 2021-06-15 14:20 - 000002466 _____ C:\Users\Olivkittie\Desktop\FFXIV Teamcraft.lnk
2022-02-07 21:42 - 2020-06-17 12:40 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FFXIV Teamcraft
2022-02-07 21:41 - 2021-06-11 20:12 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\SquirrelTemp
2022-02-07 17:50 - 2021-06-11 20:10 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Google
2022-02-07 17:21 - 2021-06-12 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-02-07 17:20 - 2021-06-12 06:43 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-02-07 16:23 - 2021-06-13 22:47 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-07 11:47 - 2021-06-11 20:12 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\XIVLauncher
2022-02-07 11:46 - 2021-10-10 02:23 - 000000000 ____D C:\WINDOWS\Minidump
2022-02-07 11:46 - 2021-06-12 06:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-07 11:42 - 2021-06-12 21:28 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Battle.net
2022-02-07 11:32 - 2021-06-11 21:05 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\CrashDumps
2022-02-07 11:23 - 2021-12-11 00:53 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\fflogs
2022-02-07 11:23 - 2021-06-12 06:41 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-06 21:06 - 2021-12-11 00:53 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\fflogs-updater
2022-02-05 20:47 - 2021-06-11 19:50 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-02-05 20:47 - 2020-11-04 23:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-04 21:06 - 2021-07-27 03:45 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Path of Exile
2022-02-04 20:32 - 2021-10-23 16:17 - 000001067 _____ C:\Users\Olivkittie\Desktop\Awakened PoE Trade.lnk
2022-02-04 20:32 - 2021-10-23 16:17 - 000001067 _____ C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakened PoE Trade.lnk
2022-02-04 10:53 - 2021-06-11 19:49 - 000281384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-02-04 10:50 - 2021-06-11 19:52 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-03 21:01 - 2021-12-19 00:39 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Vivox
2022-02-03 10:41 - 2021-06-15 14:20 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\ffxiv-teamcraft-metrics
2022-02-03 10:14 - 2021-08-25 22:21 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-02-03 10:14 - 2021-08-25 22:21 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2022-02-02 18:41 - 2020-09-04 20:30 - 000000217 _____ C:\Users\Olivkittie\Desktop\Path of Exile.url
2022-02-02 12:38 - 2021-06-11 22:44 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\obs-studio
2022-02-01 13:24 - 2021-06-12 14:37 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2022-02-01 12:49 - 2021-10-20 11:50 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Anamnesis
2022-01-31 19:10 - 2021-08-26 10:14 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Restream Chat
2022-01-30 14:08 - 2021-06-18 10:00 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\uTorrent
2022-01-29 15:54 - 2021-11-22 23:48 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\notion-updater
2022-01-28 00:16 - 2021-06-18 10:01 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\BitTorrentHelper
2022-01-27 20:54 - 2021-09-30 14:20 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-01-27 18:07 - 2021-12-13 14:03 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4101733155-2478866902-278870721-1001
2022-01-27 18:07 - 2021-06-11 20:02 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4101733155-2478866902-278870721-1001
2022-01-27 18:07 - 2021-06-11 19:51 - 000002394 _____ C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-27 10:10 - 2021-06-11 20:13 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\XIVLauncher
2022-01-27 10:10 - 2021-06-11 20:12 - 000002352 _____ C:\Users\Olivkittie\Desktop\XIVLauncher.lnk
2022-01-27 10:10 - 2020-07-31 09:28 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\goatsoft
2022-01-25 21:41 - 2021-06-11 19:50 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-25 21:41 - 2021-06-11 19:50 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-23 14:46 - 2021-06-11 20:06 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\NVIDIA
2022-01-23 14:40 - 2021-06-11 20:08 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-01-23 14:40 - 2021-06-11 20:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-01-23 14:40 - 2021-06-11 19:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-01-19 23:22 - 2021-06-13 22:47 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-01-19 23:22 - 2021-06-13 22:47 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-01-17 18:13 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-16 12:57 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\GitKraken
2022-01-16 12:57 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\.gitkraken
2022-01-16 12:51 - 2021-08-21 18:06 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\.IdentityService
2022-01-16 12:51 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Axosoft, LLC
2022-01-16 12:51 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\gitkraken
2022-01-15 16:20 - 2020-06-06 18:55 - 000000000 ____D C:\Users\Olivkittie\Documents\My Games
2022-01-15 11:20 - 2021-06-12 21:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-01-15 01:02 - 2021-06-12 06:43 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-15 01:02 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-15 01:02 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-15 01:01 - 2021-06-11 20:32 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2022-01-14 23:16 - 2021-06-18 10:00 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\UT008
2022-01-14 09:26 - 2022-01-04 22:37 - 000000000 ____D C:\Program Files\Streamlabs OBS
2022-01-14 09:26 - 2021-06-11 20:05 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-14 09:17 - 2021-06-13 22:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-14 09:15 - 2021-06-13 22:46 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-13 20:39 - 2020-06-06 17:00 - 000000000 ___RD C:\Users\Olivkittie\OneDrive
2022-01-12 18:19 - 2021-06-11 20:01 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\VirtualStore
2022-01-11 18:12 - 2021-08-19 20:21 - 000001946 _____ C:\Users\Olivkittie\Desktop\Zoom.lnk
2022-01-11 18:12 - 2021-08-19 01:14 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Zoom
2022-01-11 14:24 - 2022-01-03 11:48 - 000792688 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-01-11 14:21 - 2021-05-08 15:02 - 007610232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-01-11 14:21 - 2021-05-08 15:02 - 006455824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-01-11 01:54 - 2021-05-08 15:09 - 000118952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

==================== Files in the root of some directories ========

2021-05-13 11:43 - 2021-06-12 14:36 - 054540272 _____ () C:\Program Files\MSIAfterburnerSetup464Beta3.exe
2021-07-02 15:54 - 2022-01-02 00:24 - 000000016 _____ () C:\Users\Olivkittie\AppData\Roaming\obs-virtualcam.txt
2021-09-30 13:20 - 2022-02-08 14:43 - 000042182 _____ () C:\Users\Olivkittie\AppData\Roaming\VoiceMeeterBananaDefault.xml
2021-09-30 11:52 - 2021-11-13 10:37 - 000007377 _____ () C:\Users\Olivkittie\AppData\Roaming\VoiceMeeterDefault.xml
2021-09-11 22:33 - 2021-09-13 10:18 - 000001456 _____ () C:\Users\Olivkittie\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-06-19 19:49 - 2022-01-14 09:16 - 000000205 _____ () C:\Users\Olivkittie\AppData\Local\oobelibMkey.log
2022-01-16 19:45 - 2022-01-16 19:45 - 000007598 _____ () C:\Users\Olivkittie\AppData\Local\Resmon.ResmonCfg
2021-07-03 10:12 - 2022-02-09 14:11 - 115035136 _____ () C:\Users\Olivkittie\AppData\Local\SageThumbs.db3
2021-06-13 22:52 - 2021-06-13 22:52 - 000000003 _____ () C:\Users\Olivkittie\AppData\Local\updater.log
2021-06-13 22:52 - 2021-06-13 22:52 - 000000424 _____ () C:\Users\Olivkittie\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[VygandasE]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by Olivkittie (09-02-2022 19:21:22)
Running from C:\Users\Olivkittie\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1503 (X64) (2021-06-11 18:00:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4101733155-2478866902-278870721-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4101733155-2478866902-278870721-503 - Limited - Disabled)
Guest (S-1-5-21-4101733155-2478866902-278870721-501 - Limited - Disabled)
Olivkittie (S-1-5-21-4101733155-2478866902-278870721-1001 - Administrator - Enabled) => C:\Users\Olivkittie
WDAGUtilityAccount (S-1-5-21-4101733155-2478866902-278870721-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe Ae (HKLM\...\{B910FB1A-0B9D-412D-A735-28AF88A52FF1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_5_1) (Version: 17.5.1 - Adobe Inc.)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Animate 2021 (HKLM-x32\...\FLPR_21_0) (Version: 21.0 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_12) (Version: 13.0.12 - Adobe Inc.)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0) (Version: 11.0 - Adobe Inc.)
Adobe Character Animator 2020 (HKLM-x32\...\CHAR_3_4) (Version: 3.4 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Dimension (HKLM-x32\...\ESHR_3_4) (Version: 3.4 - Adobe Inc.)
Adobe Dreamweaver 2021 (HKLM-x32\...\DRWV_21_0) (Version: 21.0 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0_1) (Version: 25.0.1 - Adobe Inc.)
Adobe InCopy 2021 (HKLM-x32\...\AICY_16_0) (Version: 16.0 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_0) (Version: 16.0 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_0) (Version: 10.0 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_6) (Version: 14.6 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0_1) (Version: 22.0.1.73 - Adobe Inc.)
Adobe Prelude 2020 (HKLM-x32\...\PRLD_9_0_2) (Version: 9.0.2 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_6) (Version: 14.6 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_1_5_38) (Version: 1.5.38 - Adobe Inc.)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: 3.6.0.275 - EQAditu)
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AutoHotkey 1.1.33.09 (HKLM\...\AutoHotkey) (Version: 1.1.33.09 - Lexikos)
Awakened PoE Trade 2.15.0 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\2ea281da-028b-5d55-b26e-53163c89344a) (Version: 2.15.0 - Alexander Drozdov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 98.1.35.100 - Brave Software Inc)
ChaosRecipeEnhancer (HKLM-x32\...\{1121086B-78F3-4259-A258-423F8B01656B}) (Version: 1.2.6.0 - kosace)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 - Microsoft Corporation) Hidden
CMake (HKLM\...\{0A8F4DFC-D2F0-46BB-B912-EF75829B24D7}) (Version: 3.21.1 - Kitware)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
Descript 25.1.0-release.20211015.4 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\47d4069d-eba1-5137-bc5f-9c138f7a3859) (Version: 25.1.0-release.20211015.4 - Descript, Inc.)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{F878746A-C5F7-420A-A672-4DFEF74ADC3A}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExitLag version 4.201 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4.201 - ExitLag)
FF Logs Companion (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Overwolf_gdgggfkjbbopooaagkfaolnfcicejolklgmfcfbc) (Version: 2.0.14 - Overwolf app)
FF Logs Uploader 5.8.4 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\76715ac6-ceb7-5f4d-840a-d9ded1c01dd1) (Version: 5.8.4 - fflogs)
FFXIV MarketSense (HKLM-x32\...\{B6411FDF-D3A3-473F-901D-CA609E1B35E9}) (Version: 1.13.2.38878 - Purveyor)
FFXIV Teamcraft (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\ffxiv-teamcraft) (Version: 9.5.11 - FFXIV Teamcraft)
FFXIV TexTools (HKLM-x32\...\FFXIV_TexTools) (Version: 2.2.1 - )
Fiddler Everywhere 3.0.1 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\8652495b-663c-5255-8c97-412896fbef82) (Version: 3.0.1 - Progress Software Corporation)
FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FiveM (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Git (HKLM\...\Git_is1) (Version: 2.33.0 - The Git Development Community)
GitKraken (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\gitkraken) (Version: 8.2.1 - Axosoft, LLC)
GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.374 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.82 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
GShade 3.4.1 (HKLM\...\GShade) (Version: - GPOSERS)
HeidiSQL 11.3.0.6295 (HKLM\...\HeidiSQL_is1) (Version: 11.3 - Ansgar Becker)
icecap_collection_neutral (HKLM-x32\...\{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{A517D4FE-30EC-4210-8888-12F5530543F2}) (Version: 10.0.05512 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
KeePass Password Safe 2.49 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.49 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
MacroRecorder v2.0.69 (HKLM-x32\...\MacroRecorder_is1) (Version: 2.0.69 - Bartels Media GmbH)
MariaDB 10.5 (x64) (HKLM\...\{B19BA20F-FC05-485B-955D-9E896BEE5615}) (Version: 10.5.12.0 - MariaDB Corporation Ab) Hidden
MariaDB 10.5 (x64) (HKLM\...\MariaDB 10.5 (x64)) (Version: 10.5.12.0 - MariaDB Corporation Ab)
Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon)
Microsoft .NET SDK 5.0.301 (x64) (HKLM-x32\...\{d13b364c-ee85-41ba-93a9-0015b6c2945d}) (Version: 5.3.121.27113 - Microsoft Corporation)
Microsoft .NET SDK 5.0.400 (x64) from Visual Studio (HKLM\...\{515810D7-F8C4-4511-B849-5539792DB2F8}) (Version: 5.4.21.37610 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.10 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.10) (Version: 5.10.19227.2113 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{8D98AC2C-FC5C-440D-A2D3-6C9655F957D8}) (Version: 17.2.0.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.60.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.35.61819 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Afterburner 4.6.4 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.4 Beta 3 - MSI Co., LTD)
MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
MySQL Workbench 8.0 CE (HKLM\...\{7E665091-6EFA-496D-91BE-BF36D42A8E1E}) (Version: 8.0.26 - Oracle Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
NoteBurner Spotify Music Converter 2.2.6 (HKLM-x32\...\NoteBurner Spotify Music Converter) (Version: 2.2.6 - NoteBurner)
Notion 2.0.21 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.21 - Notion Labs, Incorporated)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.10 - Nmap Project)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 511.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.190.0.12 - Overwolf Ltd.)
Path of Building Community (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Path of Building Community) (Version: 2.7.0 - Path of Building Community)
Pentablet version 1.3.6.170906 (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.3.6.170906 - XPPEN Technology)
Poe Lurker (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\PoeLurker) (Version: 1.11.5 - C1rdec)
Python 3.9.7 (64-bit) (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\{0f0bf1a5-3ec1-459b-ab7c-916db941f50d}) (Version: 3.9.7150.0 - Python Software Foundation)
Python 3.9.7 Add to Path (64-bit) (HKLM\...\{832BFE8B-69A2-4E1D-8998-DFB9CBA4B4D3}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Core Interpreter (64-bit) (HKLM\...\{88D4EF59-607D-43AD-B7C7-F5A753740FD1}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Development Libraries (64-bit) (HKLM\...\{97496FC6-5044-4A2A-BACD-40A44F38D483}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Documentation (64-bit) (HKLM\...\{AA408E09-EBB3-470F-8D63-5AA0C46C2DA2}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Executables (64-bit) (HKLM\...\{870EC220-FEAE-481D-8B29-B4B0DF5402FA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 pip Bootstrap (64-bit) (HKLM\...\{F1280AA2-AAC3-41AB-9616-CCF00814E626}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Standard Library (64-bit) (HKLM\...\{05903EEF-72A2-4C1A-AD35-41AD6C7094A8}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Tcl/Tk Support (64-bit) (HKLM\...\{6E8EAD3C-6F0C-494C-9C12-E10C5B5EE7EA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Test Suite (64-bit) (HKLM\...\{67D79D6E-8497-4EE6-850B-834D3A27553F}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Utility Scripts (64-bit) (HKLM\...\{4110826A-903C-410C-9785-7848A51B9CC9}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{99719382-D7A9-4DC2-BF0C-C23B730A313D}) (Version: 3.9.7546.0 - Python Software Foundation)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1215.121004 - Razer Inc.)
Razer Virtual Ring Light (HKLM-x32\...\Razer Virtual Ring Light) (Version: 2.0.0.23 - Razer Inc.)
ReaPlugs (HKLM-x32\...\ReaPlugs) (Version: - )
ReaPlugs/x64 (HKLM\...\ReaPlugs) (Version: - )
Restream Chat 2.5.4-beta (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\{b93e1611-ab70-51cb-abde-0c215b3bb437}) (Version: 2.5.4-beta - Restream)
RivaTuner Statistics Server 7.3.2 Beta 2 (HKLM-x32\...\RTSS) (Version: 7.3.2 Beta 2 - Unwinder)
Roblox Player for Olivkittie (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\roblox-player) (Version: - Roblox Corporation)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
Sims 4 Studio (HKLM-x32\...\{870AA913-0774-4ED0-B144-BC2C0CBE4BA0}_is1) (Version: 3.1.5.6 - Sims 4 Studio)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Spotify) (Version: 1.1.78.765.g5ea20b00 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs Desktop 1.6.4 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.6.4 - General Workings, Inc.)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
TypeScript SDK (HKLM-x32\...\{6D0FC687-BA41-4DFD-80B4-3469E567AA0F}) (Version: 4.3.5.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C93A88C2-6DE4-4035-AAC8-341435549BBB}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\07dbf657) (Version: 16.11.1 - Microsoft Corporation)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.4.16 - Black Tree Gaming Ltd.)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26}) (Version: 16.10.31206 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{CE912A42-1D6A-4F54-A263-F54E7D3F8E09}) (Version: 16.11.31613 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{76133D32-1325-48F3-929A-27EC7A323FBA}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{E42F1CFF-80C7-4865-B378-1EFCF312C1BF}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{53D1C36A-E35A-45B3-801B-F49BDD425293}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B}) (Version: 16.10.31205 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
XIVLauncher (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\XIVLauncher) (Version: 6.1.19 - goaaats)
Zoom (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_35.1.12.5_x64__adky2gkssdxte [2021-08-19] (Adobe Systems Incorporated)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-04] (INTEL CORP) [Startup Task]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.63.5391.0_x64__8wekyb3d8bbwe [2022-02-08] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-22] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-26] (Microsoft Corporation)
Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.12.5.0_x64__7pb5ddty8z1pa [2021-12-10] (Trello, Inc.)
UpNote -> C:\Program Files\WindowsApps\24862ThomasDao.UpNote_5.12.5.0_x64__kq65c2wy2rx02 [2022-02-08] (Thomas Dao)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4101733155-2478866902-278870721-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Adobe everything\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\nvshext.dll [2022-01-11] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Adobe everything\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Olivkittie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a84a9b1296b5f2d2\Virtual Ring Light.lnk -> C:\Program Files\Razer\RzAppEngine\rzappengine.exe (Razer Inc.) -> --application-host=apps.razer.com --profile-directory=Default hxxps://apps.razer.com/app-launcher/RzUiQiNlDnNMZ1NZ-HFhVAUiRz/

==================== Loaded Modules (Whitelisted) =============

2017-09-12 19:11 - 2017-09-12 19:11 - 000098816 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-09-12 19:11 - 2017-09-12 19:11 - 000125440 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-12 19:11 - 2017-09-12 19:11 - 000118272 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-12 19:11 - 2017-09-12 19:11 - 000086528 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-09-12 19:11 - 2017-09-12 19:11 - 000214528 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-12 19:10 - 2017-09-12 19:10 - 000117760 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-09-06 17:11 - 2017-09-06 17:11 - 000125952 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-06 17:11 - 2017-09-06 17:11 - 000118272 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-06 17:11 - 2017-09-06 17:11 - 000086528 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-09-06 17:11 - 2017-09-06 17:11 - 000214528 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-06 17:11 - 2017-09-06 17:11 - 000117248 _____ () [File not signed] \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2022-02-03 17:53 - 2022-01-28 20:57 - 001305600 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Programs\Notion\resources\app\node_modules\better-sqlite3\build\Release\better_sqlite3.node
2022-02-03 17:53 - 2022-01-28 20:57 - 000132096 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Programs\Notion\resources\app\node_modules\bufferutil\build\Release\bufferutil.node
2022-02-03 17:53 - 2022-01-28 20:57 - 000124928 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Programs\Notion\resources\app\node_modules\integer\build\integer.node
2021-11-13 11:28 - 2021-11-13 11:28 - 000967168 _____ () [File not signed] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2022-02-03 17:53 - 2022-01-28 20:57 - 002823680 _____ () [File not signed] C:\Users\Olivkittie\AppData\Local\Programs\Notion\ffmpeg.dll
2022-02-03 17:53 - 2022-01-28 20:57 - 000449024 _____ () [File not signed] C:\Users\Olivkittie\AppData\Local\Programs\Notion\libegl.dll
2022-02-03 17:53 - 2022-01-28 20:57 - 007620096 _____ () [File not signed] C:\Users\Olivkittie\AppData\Local\Programs\Notion\libglesv2.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 126961152 _____ () [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\libcef.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 000384000 _____ () [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\libegl.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 008006656 _____ () [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\libglesv2.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000027648 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\ideviceactivation.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000184320 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\imobiledevice.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 001445376 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\libxml2.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000064512 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\plist.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000040448 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\usbmuxd.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000086528 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\zlib1.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000014336 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Plugins\x86_64\DiskUtilsWinAPI.dll
2022-02-02 20:05 - 2022-02-02 20:05 - 000041472 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Plugins\x86_64\GPUManagementPlugin.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000184320 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Plugins\x86_64\imobiledevice.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 025342976 _____ () [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Plugins\x86_64\Processing.NDI.Lib.x64.dll
2017-05-09 09:40 - 2017-05-09 09:40 - 000402944 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\32\SageThumbs.dll
2017-05-09 09:40 - 2017-05-09 09:40 - 000587776 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\32\sqlite3.dll
2017-05-09 09:40 - 2017-05-09 09:40 - 000475648 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll
2017-05-09 09:40 - 2017-05-09 09:40 - 000716288 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\sqlite3.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 001021440 _____ (Free Software Foundation) [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\iconv-2.dll
2021-12-01 14:14 - 2021-11-24 16:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 000983552 _____ (The Chromium Authors) [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\chrome_elf.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000488448 _____ (The curl library, hxxps://curl.se/) [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\libcurl.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 003468800 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\libcrypto-1_1-x64.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000686592 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\libssl-1_1-x64.dll
2022-01-04 21:54 - 2022-01-04 21:54 - 000154624 _____ (The Tukaani Project <hxxps://tukaani.org/>) [File not signed] E:\Program Files\Steam2\steamapps\common\VTube Studio\VTube Studio_Data\Managed\lzma.dll
2021-12-19 19:06 - 2017-07-27 15:47 - 000108544 _____ (UGEE) [File not signed] C:\WINDOWS\SYSTEM32\WinTab32.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 001171456 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\32\libgfl340.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 000196608 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\32\libgfle340.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 001519104 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfl340.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 000256000 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfle340.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => scrfile

 

[VygandasE]

==================== Internet Explorer (Whitelisted) ==========

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;E:\Program Files\Git\cmd;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;E:\Program Files\Cmake\bin;C:\Program Files (x86)\CMake\bin;
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Olivkittie\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\edit bg3.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: ExitLag Game Booster -> nt_ndextlag (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AsusUpdateCheck => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: brave => 2
MSCONFIG\Services: bravem => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: FvSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: MariaDB => 2
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Razer Chroma SDK Server => 2
MSCONFIG\Services: Razer Chroma SDK Service => 2
MSCONFIG\Services: Razer Chroma Stream Server => 2
MSCONFIG\Services: Razer Game Manager Service => 2
MSCONFIG\Services: Razer Synapse Service => 2
MSCONFIG\Services: RzActionSvc => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run: => "PentabletService"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "RZTHXHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "electron.app.Descript"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_912EC36828E5BE936A1A49FE53370A09"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Overwolf"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C5CB4AC4-EB24-463C-9EF8-7B3DA28F9879}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{D828FE05-A51B-4326-8C51-2657032ED90C}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{54C34090-7972-4E84-8AEA-78BEB997F244}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{5D089068-F67D-4D63-B0D6-198C7C2E6B7D}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{FC0A63A6-A829-4A36-A51E-3063F9EEF29E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{40E53C17-229F-411D-82C3-0B5CC838A152}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [{83F631D9-0218-416F-9828-1691D904B128}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [{14A71D30-B340-421B-91EC-780B5532B9DC}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [{77B8A837-525B-4912-9C60-B8F6A43CD721}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [TCP Query User{EFF236DB-45D3-41B0-8525-A0652BD2BC55}E:\program files\steam2\steam.exe] => (Allow) E:\program files\steam2\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{8BD16971-45D5-47D0-8B0E-C1AE2758F4C0}E:\program files\steam2\steam.exe] => (Allow) E:\program files\steam2\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0DA0C9F7-EE45-43C1-A191-BD9F9B69DAC4}] => (Allow) E:\Program Files\Steam2\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4A308EE7-8075-407B-9F53-5434BFD9DC7F}] => (Allow) E:\Program Files\Steam2\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BF91F26F-3D49-48EA-952F-8967D8A255AC}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{C6000690-E699-4DB0-99BF-FD48F61A8790}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [TCP Query User{B76CDF75-6C21-4034-8AD4-96A0826D0EDE}C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{511B52BF-CFE9-4C12-A0B9-BC0E1817EC91}C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4EDDB9C5-2A85-430B-A1D1-DC95BD67C036}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{C49BB4D2-8813-4AAF-AD82-192196748574}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{C43DA260-8463-4BCC-AACD-6BC89802F3B0}] => (Allow) C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe () [File not signed]
FirewallRules: [{DF318119-F7B3-4001-8ED4-3875C0ADE355}] => (Allow) C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe () [File not signed]
FirewallRules: [TCP Query User{4AAF4DBC-18C7-4258-8A19-544A32673C10}C:\users\olivkittie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\olivkittie\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{24C0603B-7295-4D92-9ECD-3D8096A5A3A5}C:\users\olivkittie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\olivkittie\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EB19D99D-3B58-42F4-B2A8-DEC0417FD405}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{CBB0AB5C-86F5-4531-9ABF-2587A2B02658}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/09/2022 07:18:33 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DESKTOP-N6TFA54)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (02/07/2022 11:03:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MachinaWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].FindEntry(System.__Canon)
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryGetValue(System.__Canon, System.__Canon ByRef)
at MachinaWrapper.Commander.InvokeCommand(System.String)
at MachinaWrapper.Commander+<>c__DisplayClass9_0.<Start>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (02/07/2022 09:49:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MachinaWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].FindEntry(System.__Canon)
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryGetValue(System.__Canon, System.__Canon ByRef)
at MachinaWrapper.Commander.InvokeCommand(System.String)
at MachinaWrapper.Commander+<>c__DisplayClass9_0.<Start>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (02/07/2022 09:47:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MachinaWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].FindEntry(System.__Canon)
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryGetValue(System.__Canon, System.__Canon ByRef)
at MachinaWrapper.Commander.InvokeCommand(System.String)
at MachinaWrapper.Commander+<>c__DisplayClass9_0.<Start>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (02/07/2022 09:43:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MachinaWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].FindEntry(System.__Canon)
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryGetValue(System.__Canon, System.__Canon ByRef)
at MachinaWrapper.Commander.InvokeCommand(System.String)
at MachinaWrapper.Commander+<>c__DisplayClass9_0.<Start>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (02/07/2022 09:02:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Extra Drive (E because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/07/2022 08:54:39 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Data (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/07/2022 07:06:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Data (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (02/09/2022 09:43:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the RzActionSvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/09/2022 09:43:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:22:24 PM on ‎2/‎8/‎2022 was unexpected.

Error: (02/08/2022 12:15:26 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/07/2022 01:12:02 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/07/2022 11:47:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the RzActionSvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/07/2022 11:46:35 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/07/2022 11:46:35 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/07/2022 11:46:34 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}


Windows Defender:
================
Date: 2022-02-09 14:02:02
Description:
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe has been blocked from modifying %userprofile%\Pictures\New folder by Controlled Folder Access.
Detection time: 2022-02-09T12:02:02.561Z
Path: %userprofile%\Pictures\New folder
Process Name: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
Security intelligence Version: 1.357.335.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 13:04:51
Description:
C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe has been blocked from modifying %userprofile%\Music by Controlled Folder Access.
Detection time: 2022-02-09T11:04:51.701Z
Path: %userprofile%\Music
Process Name: C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe
Security intelligence Version: 1.357.335.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 09:49:25
Description:
E:\Backup\ff backup\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv_dx11.exe has been blocked from modifying %userprofile%\Documents\My Games\FINAL FANTASY XIV - A Realm Reborn\ by Controlled Folder Access.
Detection time: 2022-02-09T07:49:25.416Z
Path: %userprofile%\Documents\My Games\FINAL FANTASY XIV - A Realm Reborn\
Process Name: E:\Backup\ff backup\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv_dx11.exe
Security intelligence Version: 1.357.303.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 09:48:09
Description:
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe has been blocked from modifying %userprofile%\Documents\AdobeGCData\ by Controlled Folder Access.
Detection time: 2022-02-09T07:48:09.226Z
Path: %userprofile%\Documents\AdobeGCData\
Process Name: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
Security intelligence Version: 1.357.303.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 09:48:09
Description:
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe has been blocked from modifying %userprofile%\Documents\AdobeGC by Controlled Folder Access.
Detection time: 2022-02-09T07:48:09.226Z
Path: %userprofile%\Documents\AdobeGC
Process Name: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Security intelligence Version: 1.357.303.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

CodeIntegrity:
===============
Date: 2022-02-09 11:48:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0805 01/29/2019
Motherboard: ASUSTeK COMPUTER INC. PRIME Z390-A
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 29%
Total physical RAM: 30919.72 MB
Available physical RAM: 21719.23 MB
Total Virtual: 35527.72 MB
Available Virtual: 22044.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.28 GB) (Free:35.14 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:83.64 GB) NTFS
Drive e: (Extra Drive) (Fixed) (Total:931.51 GB) (Free:148.68 GB) NTFS

\\?\Volume{6af5f037-5b27-40df-9b76-d37f99d1c319}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{f0f95b95-8c4b-4a8b-96cc-08e5aafc39f9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2C4425DA)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C89BE9AE)

Partition: GPT.

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: EBD4268B)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[VygandasE]

Program : RogueKiller Anti-Malware
Version : 15.2.0.0
x64 : Yes
Program Date : Jan 20 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19044) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Olivkittie
User is Admin : Yes
Date : 2022/02/10 15:04:46
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 237
Found items : 1
Total scanned : 103603
Signatures Version : 20220204_075642
Truesight Driver : Yes
Updates Count : 6
Arguments : -minimize

************************* Warnings *************************

************************* Removal *************************
[Tr.Gen (Malicious)] XD_sp.exe -- %ProgramFiles%\Common Files\Adobe\Adobe XD\XD_sp.exe -> Deleted
[+] scan_what : 1
[+] vendors : Tr.Gen
[+] Name : XD_sp.exe
[+] value : %ProgramFiles%\Common Files\Adobe\Adobe XD\XD_sp.exe
[+] Type : File/Folder
[+] file_hash : B1202CA0D7BBCD0A70693E4FF745D4BB3B76F582EF8196359F32D76D5AEC32B4
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 2
[+] id : 0
[+] status : 3
[+] status_str : Deleted
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0

 

[VygandasE]

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-02-03.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-10-2022
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1497 octets] - [10/02/2022 17:23:04]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

[VygandasE]

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-02-03.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-10-2022
# Duration: 00:00:04
# OS: Windows 10 Pro
# Scanned: 32028
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[VygandasE]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/10/22
Scan Time: 5:14 PM
Log File: 24bda3b4-8a84-11ec-8eb5-04d4c4527b4d.json

-Software Information-
Version: 4.5.2.157
Components Version: 1.0.1562
Update Package Version: 1.0.50939
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1503)
CPU: x64
File System: NTFS
User: DESKTOP-N6TFA54\Olivkittie

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 414299
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 4 min, 20 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Broni]

Still with me?

 

[VygandasE]

Sorry for the delay

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
Ran by Olivkittie (administrator) on DESKTOP-N6TFA54 (12-02-2022 17:29:20)
Running from C:\Users\Olivkittie\Downloads
Loaded Profiles: Olivkittie
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe
(Adobe Inc. -> Adobe Systems Inc.) [File not signed] E:\Adobe everything\Acrobat DC\Acrobat\acrotray.exe
(Alexander Drozdov) [File not signed] D:\New folder (2)\Awakened PoE Trade\Awakened PoE Trade.exe <4>
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BUREL VINCENT -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Discord Inc. -> Discord Inc.) C:\Users\Olivkittie\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <48>
(Guangzhou Ugee Computers Technology Co.,Ltd -> ) C:\Program Files\Pentablet\PenTablet.exe
(Guangzhou Ugee Computers Technology Co.,Ltd -> UGEE) C:\Program Files\Pentablet\PentabletService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.12013.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Olivkittie\AppData\Local\Programs\Notion\Notion.exe <8>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe <2>
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer) C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve Corp. -> Valve Corporation) E:\Program Files\Steam2\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve Corp. -> Valve Corporation) E:\Program Files\Steam2\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2021-08-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [KeePass 2 PreLoad] => D:\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunesHelper.exe [339000 2021-10-26] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RZTHXHelper] => C:\WINDOWS\system32\RZTHXHelper.exe (No File)
HKLM\...\Run: [CL-26-F227840A-25B6-4AF8-B9AB-75F30F310594] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-F227840A-25B6-4AF8-B9AB-75F30F310594\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-F227840A-25B6-4AF8-B9AB-75F30F3 (the data entry has 7 more characters). (No File)
HKLM\...\Run: [PentabletService] => C:\Program Files\Pentablet\PentabletService.exe [198096 2017-09-05] (Guangzhou Ugee Computers Technology Co.,Ltd -> UGEE)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-06-05] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Adobe everything\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-11-19] (Adobe Inc. -> Adobe Systems Inc.) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Steam] => E:\Program Files\Steam2\steam.exe [4268456 2022-01-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Discord] => C:\Users\Olivkittie\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1087376 2022-01-15] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [electron.app.Descript] => C:\Users\Olivkittie\AppData\Local\Programs\Descript\Descript.exe [136710768 2021-10-18] (Descript, Inc. -> Descript, Inc.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Overwolf] => D:\Overwolf\OverwolfLauncher.exe [1802072 2022-02-08] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Spotify] => C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe [19347384 2022-02-07] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [RzAppEngine] => C:\Program Files\Razer\RzAppEngine\rzappengine.exe [1641840 2021-10-06] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [9700808 2021-12-07] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\Razer\RzAppEngine\rzappengine.exe [1641840 2021-10-06] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3524216 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65496 2020-11-19] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.82\Installer\chrmstp.exe [2022-02-07] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\98.1.35.101\Installer\chrmstp.exe [2022-02-10] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005B1986-DCCF-4750-BDB8-492A9AACB527} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {01FD4D06-7C00-417A-808E-9F2EA14CA733} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0887D366-E7D8-4412-8A60-FB8A45DCEE81} - System32\Tasks\Start FFXIV MarketSense on user {0} logon => C:\WINDOWS\system32\cmd.exe" "/c" start "" "C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe" "minimized"
Task: {1454C1AD-097C-4456-891A-803FEB9F2821} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {17C0477F-74ED-4F63-8F57-89D1DBF914D3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {202E1453-CB6E-43E2-B56B-AD87D1892CB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (No File)
Task: {2A9CB3E3-92FC-4F4A-AAEF-F4E760FE29CE} - System32\Tasks\Overwolf Updater Task => D:\Overwolf\OverwolfUpdater.exe [2539864 2022-02-08] (Overwolf Ltd -> Overwolf LTD)
Task: {31796D6F-6BFA-47F4-B179-0DBF042FCDBA} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5A9DA939-214B-443B-998C-2C21AE24DCE3} - System32\Tasks\GoogleUpdateTaskMachineUA{11CA08C4-FF7A-46DE-941C-6885089ED7EF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-07] (Google LLC -> Google LLC)
Task: {684A80EB-1EE4-4D23-A9B0-07CCCDBB859A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {8E1B0301-2355-4892-A15A-3FAB1F6CD420} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {9103D20D-7EB6-4E81-9289-C01E933524BE} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {951D589B-DD4F-4103-9368-E898FC4B7672} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2020-12-04] () [File not signed]
Task: {A2FD1227-5099-4E0B-AD5F-70A2D0404729} - System32\Tasks\update-S-1-5-21-4101733155-2478866902-278870721-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {A465EA5B-1705-450B-8D44-8D534F2AF26C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A9C8797B-49A6-423E-852B-E539D827921B} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {B5540F5E-045B-4501-BADD-7994F9F13893} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {C5C6A70D-321F-41E3-AAC3-4257D42023D5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C8127C89-0811-447B-8707-3F975CEE8E9D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CF5997F1-FB4C-48D7-89A0-D77C00430233} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65448 2021-08-21] (Microsoft Corporation -> Microsoft)
Task: {DF67D757-1E0F-4DF5-B6CF-079BF9ED2B2C} - System32\Tasks\GoogleUpdateTaskMachineCore{EF74BF38-2925-40F5-88CD-8F96FF65D7BE} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-07] (Google LLC -> Google LLC)
Task: {E6F84AB8-C6E1-4A28-A736-B9F525EBDC5E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F0AA9865-A421-48B5-BCBB-A60C0F884899} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FE13C0CA-689E-4FAD-8B99-08710B2E1FB0} - System32\Tasks\Start FFXIV MarketSense on user Olivkittie logon => C:\WINDOWS\system32\cmd.exe" "/c" start "" "C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe" "minimized"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-4101733155-2478866902-278870721-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43658bb5-246d-4b69-9c39-63876f9ded2a}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4d2d523d-4582-4517-b8b2-0e0c6e02f814}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Olivkittie\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-11]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - E:\Adobe everything\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - E:\Adobe everything\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-11-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - E:\Adobe everything\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: Adobe Acrobat -> E:\Adobe everything\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default [2022-02-12]
CHR Extension: (Slides) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-07]
CHR Extension: (BetterTTV) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2022-02-11]
CHR Extension: (Rose) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aobcgffnbkbipbflopponndoiommhnch [2022-02-10]
CHR Extension: (Docs) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-07]
CHR Extension: (Google Drive) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-07]
CHR Extension: (YouTube) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-07]
CHR Extension: (PoE Impact Trading) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckfnddafphjahhiadjogilncdegmbpkm [2022-02-11]
CHR Extension: (Adblock for Youtube™) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-02-07]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-02-07]
CHR Extension: (Sheets) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-07]
CHR Extension: (Better PathOfExile Trading) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlinfpmdlijegjlpgedcmglkakaghnk [2022-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-07]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-02-07]
CHR Extension: (Path of Exile Trade - Fuzzy Search) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkbkmkampdnnbehdldipgjhbablkmfba [2022-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-07]
CHR Extension: (Gmail) - C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-07]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Brave:
=======
BRA Profile: C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-02-10]
BRA Extension: (Safe Torrent Scanner) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-01-17]
BRA Extension: (BetterTTV) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2022-02-07]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-02-10]
BRA Extension: (Brave NTP background images) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-01-17]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2021-12-02]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-02-10]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-02-10]
BRA Extension: (Brave Ads Resources) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\iblokdlgekdjophgeonmanpnjihcjkjj [2021-08-26]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-09-16]
BRA Extension: (Brave Ads Resources) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\ocilmpijebaopmdifcomolmpigakocmo [2021-08-26]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-02-10]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [1087736 2022-02-11] (ASUSTeK Computer Inc. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2021-08-25] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2021-12-20] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7307720 2021-12-07] (GlassWire -> SecureMix LLC)
S4 MariaDB; C:\Program Files\MariaDB 10.5\bin\mysqld.exe [32744 2021-08-03] (MariaDB Corporation Ab -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-02-10] (Malwarebytes Inc -> Malwarebytes)
S4 NoIPDUCService4; D:\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]
S4 OverwolfUpdater; D:\Overwolf\OverwolfUpdater.exe [2539864 2022-02-08] (Overwolf Ltd -> Overwolf LTD)
S4 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1142808 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
S4 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [451608 2021-11-17] (Razer USA Ltd. -> Razer Inc.)
S4 Razer Chroma Stream Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe [1347640 2021-10-19] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-11-16] (Razer USA Ltd. -> Razer Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294520 2021-12-09] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Update Service; C:\Program Files (x86)\Razer\RzUpdateEngineService\RzUpdateEngineService.exe [408912 2020-04-02] (Razer USA Ltd. -> Razer)
S4 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533824 2021-10-21] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VSStandardCollectorService150; E:\Program Files\VisualStudio\SDKs\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-07-20] (ASUSTeK Computer Inc. -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-02-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-02-11] (Malwarebytes Inc -> Malwarebytes)
R1 ndextlag; C:\WINDOWS\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-12-11] (Insecure.Com LLC -> Insecure.Com LLC.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0520; C:\WINDOWS\System32\drivers\RzDev_0520.sys [53144 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 sTHXVAD; C:\WINDOWS\System32\drivers\THXVAD.sys [162184 2019-09-17] (Razer USA Ltd. -> Windows (R) Win 7 DDK provider)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2021-06-14] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2021-09-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-09-30] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [19472 2017-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [438520 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
S3 R0RazerSynapseService; \??\C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-12 17:28 - 2022-02-12 17:28 - 002311680 _____ (Farbar) C:\Users\Olivkittie\Downloads\FRST64 (1).exe
2022-02-12 15:05 - 2022-02-12 15:06 - 000000000 ____D C:\Program Files\Pentablet
2022-02-12 15:05 - 2022-02-12 15:05 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Pentablet
2022-02-11 16:00 - 2022-02-11 16:00 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-02-11 16:00 - 2022-02-11 16:00 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-02-11 16:00 - 2022-02-11 16:00 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-02-11 15:11 - 2022-02-11 15:11 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-02-11 09:35 - 2022-02-11 09:35 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-11 09:31 - 2022-02-11 09:31 - 000000000 ___HD C:\$WinREAgent
2022-02-10 17:53 - 2022-02-10 17:52 - 015594165 ____T C:\Users\Olivkittie\Documents\Lithuanian, A Short Grammar of (Mathiassen).pdf
2022-02-10 17:29 - 2022-02-10 17:29 - 008540344 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\AdwCleaner (2).exe
2022-02-10 17:29 - 2022-02-10 17:29 - 002911928 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\MBSetup-10789.10789-consumer (2).exe
2022-02-10 17:26 - 2022-02-10 17:26 - 000001497 _____ C:\Users\Olivkittie\Documents\AdwCleaner[S00].txt
2022-02-10 17:25 - 2022-02-10 17:25 - 008540344 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\AdwCleaner (1).exe
2022-02-10 17:25 - 2022-02-10 17:25 - 002911928 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\MBSetup-10789.10789-consumer (1).exe
2022-02-10 17:25 - 2022-02-10 17:25 - 000001667 _____ C:\Users\Olivkittie\Documents\AdwCleaner[C00].txt
2022-02-10 17:22 - 2022-02-10 17:24 - 000000000 ____D C:\AdwCleaner
2022-02-10 17:22 - 2022-02-10 17:22 - 008540344 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\AdwCleaner.exe
2022-02-10 17:22 - 2022-02-10 17:22 - 000001238 _____ C:\Users\Olivkittie\Documents\ReportMB210.txt
2022-02-10 17:13 - 2022-02-10 17:13 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-02-10 17:13 - 2022-02-10 17:13 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-02-10 17:13 - 2022-02-10 17:13 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-02-10 17:13 - 2022-02-10 17:13 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-10 17:13 - 2022-02-10 17:13 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-10 17:13 - 2022-02-10 17:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-10 17:13 - 2022-02-10 17:13 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-10 17:12 - 2022-02-10 17:12 - 002911928 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\MBSetup-10789.10789-consumer.exe
2022-02-10 17:06 - 2022-02-10 17:06 - 000003500 _____ C:\Users\Olivkittie\Documents\Report210.txt
2022-02-10 16:42 - 2022-02-10 16:42 - 042051760 _____ (Adlice Software ) C:\Users\Olivkittie\Downloads\RogueKiller_setup.exe
2022-02-09 19:21 - 2022-02-09 19:32 - 000064641 _____ C:\Users\Olivkittie\Downloads\Addition.txt
2022-02-09 19:20 - 2022-02-12 17:29 - 000031315 _____ C:\Users\Olivkittie\Downloads\FRST.txt
2022-02-09 19:19 - 2022-02-12 17:29 - 000000000 ____D C:\FRST
2022-02-09 19:18 - 2022-02-09 19:19 - 002311680 _____ (Farbar) C:\Users\Olivkittie\Downloads\FRST64.exe
2022-02-09 19:18 - 2022-02-09 19:18 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2022-02-08 12:24 - 2022-02-08 12:24 - 000426032 _____ C:\ProgramData\cl.uninstall.1644315847.bdinstall.v2.bin
2022-02-08 12:24 - 2022-02-08 12:24 - 000089372 _____ C:\ProgramData\agent.uninstall.1644315886.bdinstall.v2.bin
2022-02-08 12:22 - 2022-02-08 12:22 - 002336200 _____ C:\Users\Olivkittie\Downloads\MiqoCrafter.Binaries.Windows.refs.tags.V2.2.9.zip
2022-02-08 11:14 - 2022-02-08 11:14 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-02-08 00:32 - 2022-02-08 11:07 - 000000000 ____D C:\ProgramData\SecTaskMan
2022-02-08 00:32 - 2022-02-08 00:32 - 000001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2022-02-08 00:32 - 2022-02-08 00:32 - 000001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2022-02-08 00:32 - 2022-02-08 00:32 - 000001204 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2022-02-08 00:32 - 2022-02-08 00:32 - 000000000 ____D C:\Program Files (x86)\Security Task Manager
2022-02-07 17:50 - 2022-02-07 17:56 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-07 17:50 - 2022-02-07 17:56 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-02-07 17:50 - 2022-02-07 17:50 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{11CA08C4-FF7A-46DE-941C-6885089ED7EF}
2022-02-07 17:50 - 2022-02-07 17:50 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{EF74BF38-2925-40F5-88CD-8F96FF65D7BE}
2022-02-07 17:50 - 2022-02-07 17:50 - 000000000 ____D C:\Program Files\Google
2022-02-07 17:21 - 2022-02-07 17:21 - 000629424 _____ C:\ProgramData\cl.1644247156.bdinstall.v2.bin
2022-02-07 17:21 - 2022-02-07 17:21 - 000109244 _____ C:\ProgramData\cl.kit.1644247154.bdinstall.v2.bin
2022-02-07 17:21 - 2022-02-07 17:21 - 000000000 ____D C:\ProgramData\Gemma
2022-02-07 17:21 - 2022-02-07 17:21 - 000000000 ____D C:\ProgramData\Atc
2022-02-07 17:20 - 2022-02-07 17:20 - 000000000 ____D C:\WINDOWS\system32\elambkup
2022-02-07 17:20 - 2022-02-07 17:20 - 000000000 ____D C:\ProgramData\BDLogging
2022-02-07 17:17 - 2022-02-07 17:17 - 000225852 _____ C:\ProgramData\agent.1644247069.bdinstall.v2.bin
2022-02-07 17:17 - 2022-02-07 17:17 - 000095544 _____ C:\ProgramData\agent.update.1644247072.bdinstall.v2.bin
2022-02-07 17:17 - 2022-02-07 17:17 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Bitdefender
2022-02-07 17:17 - 2022-02-07 17:17 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2022-02-07 16:26 - 2022-02-07 16:26 - 000000000 ___HD C:\$SysReset
2022-02-07 11:46 - 2022-02-07 11:46 - 002087332 _____ C:\WINDOWS\Minidump\020722-9781-01.dmp
2022-02-04 20:38 - 2022-02-11 15:12 - 120586240 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-04 20:35 - 2022-02-04 20:38 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-04 20:31 - 2022-02-04 20:32 - 060862335 _____ (Alexander Drozdov) C:\Users\Olivkittie\Downloads\Awakened-PoE-Trade-Setup-2.15.0 (1).exe
2022-02-04 20:31 - 2022-02-04 20:31 - 060862335 _____ (Alexander Drozdov) C:\Users\Olivkittie\Downloads\Awakened-PoE-Trade-Setup-2.15.0.exe
2022-02-04 20:10 - 2022-02-04 20:10 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\mbam
2022-02-04 20:08 - 2022-02-04 20:08 - 002911928 _____ (Malwarebytes) C:\Users\Olivkittie\Downloads\MBSetup.exe
2022-02-04 18:52 - 2022-02-04 18:52 - 000000000 ____D C:\Users\Olivkittie\Downloads\Filter_Sounds_v3_2
2022-02-04 18:33 - 2022-02-04 18:33 - 000917277 _____ C:\Users\Olivkittie\Downloads\Filter_Sounds_v3_2.rar
2022-02-04 12:54 - 2022-02-04 12:54 - 000000277 _____ C:\Users\Olivkittie\Downloads\seb-appointment.ics
2022-02-04 10:50 - 2022-02-04 10:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-04 10:50 - 2022-02-04 10:50 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-02-04 10:50 - 2022-02-04 10:50 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-02-04 10:50 - 2022-02-04 10:50 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-02-04 10:34 - 2022-02-04 10:34 - 000000000 ____D C:\WINDOWS\Panther
2022-02-04 10:30 - 2022-02-04 10:30 - 000001970 _____ C:\Users\Public\Desktop\GlassWire.lnk
2022-02-04 10:29 - 2022-02-04 10:30 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\glasswire
2022-02-04 10:29 - 2022-02-04 10:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2022-02-04 10:29 - 2022-02-04 10:30 - 000000000 ____D C:\Program Files (x86)\GlassWire
2022-02-04 10:29 - 2022-02-04 10:29 - 000000000 ____D C:\ProgramData\GlassWire
2022-02-04 10:29 - 2015-05-29 09:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2022-02-04 10:29 - 2015-05-29 09:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2022-02-04 10:28 - 2022-02-04 10:28 - 069142920 _____ (SecureMix LLC) C:\Users\Olivkittie\Downloads\GlassWireSetup.exe
2022-02-04 10:15 - 2022-02-04 10:15 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Solvusoft_Corporation
2022-02-04 10:15 - 2022-02-04 10:15 - 000000000 ____D C:\ProgramData\IsolatedStorage
2022-02-04 10:14 - 2022-02-04 10:14 - 001292488 _____ (Solvusoft Corporation) C:\Users\Olivkittie\Downloads\Setup_File_Magic_2021.exe
2022-01-31 20:17 - 2022-01-31 20:17 - 005079928 _____ C:\Users\Olivkittie\Downloads\Character_Reference_-_Emberlite_Mantear (1).pdf
2022-01-31 15:23 - 2022-01-31 15:23 - 002240820 _____ C:\Users\Olivkittie\Downloads\Resume.pdf
2022-01-31 00:26 - 2022-01-31 00:26 - 005079928 _____ C:\Users\Olivkittie\Downloads\Character_Reference_-_Emberlite_Mantear.pdf
2022-01-27 23:44 - 2022-01-27 23:44 - 000003426 _____ C:\Users\Olivkittie\Downloads\Channel Analytics and Revenue by day from Dec_29_2021 to Jan_27_2022.csv
2022-01-27 12:53 - 2022-01-27 12:53 - 000000362 _____ C:\Users\Olivkittie\Documents\Verb Conjugating Base
2022-01-26 18:38 - 2022-01-26 18:38 - 000005091 _____ C:\Users\Olivkittie\Downloads\334.xlsx
2022-01-26 15:22 - 2022-01-26 15:22 - 010852186 _____ C:\Users\Olivkittie\Documents\LitKalba (1).pdf
2022-01-23 14:44 - 2022-01-11 01:54 - 000039080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001879784 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001879784 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001467872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001454824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001454824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-01-23 14:43 - 2022-01-11 14:28 - 001206400 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001115368 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 001115368 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 000969448 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-01-23 14:43 - 2022-01-11 14:28 - 000969448 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 001529512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 001179096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 000797096 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 000710824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-01-23 14:43 - 2022-01-11 14:25 - 000710776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-01-23 14:43 - 2022-01-11 14:25 - 000637864 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 002119792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 001601144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 000983208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-01-23 14:43 - 2022-01-11 14:24 - 000455792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-01-23 14:43 - 2022-01-11 14:23 - 008609920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 007713392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 005734568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 005099176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-01-23 14:43 - 2022-01-11 14:23 - 002934696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-01-23 14:43 - 2022-01-11 14:22 - 000850088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-01-23 14:43 - 2022-01-11 01:54 - 000089178 _____ C:\WINDOWS\system32\nvinfo.pb
2022-01-21 12:40 - 2022-01-21 12:40 - 001805350 _____ (JimsApps ) C:\Users\Olivkittie\Downloads\SnazSetup.exe
2022-01-21 12:40 - 2022-01-21 12:40 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\JimsApps
2022-01-16 19:45 - 2022-01-16 19:45 - 000007598 _____ C:\Users\Olivkittie\AppData\Local\Resmon.ResmonCfg
2022-01-15 23:11 - 2022-01-15 23:13 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Vortex
2022-01-15 23:11 - 2022-01-15 23:11 - 000002056 _____ C:\Users\Public\Desktop\Vortex.lnk
2022-01-15 23:11 - 2022-01-15 23:11 - 000000000 ____D C:\ProgramData\Vortex
2022-01-15 23:11 - 2022-01-15 23:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Tree Gaming Ltd
2022-01-15 23:11 - 2022-01-15 23:11 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2022-01-15 20:09 - 2022-01-15 20:21 - 091611696 _____ (Black Tree Gaming Ltd.) C:\Users\Olivkittie\Downloads\Vortex-1-1-4-16-1633352164.exe
2022-01-15 16:37 - 2022-01-15 16:37 - 000000976 _____ C:\Users\Olivkittie\Desktop\Skyrim (SKSE).lnk
2022-01-15 16:20 - 2022-01-15 18:06 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Skyrim Special Edition
2022-01-15 00:07 - 2022-01-15 00:07 - 000362812 _____ C:\Users\Olivkittie\Downloads\skse_1_07_03_installer.exe
2022-01-14 23:40 - 2022-01-27 23:24 - 000000000 ____D C:\Users\Olivkittie\AppData\LocalLow\uTorrent
2022-01-14 23:16 - 2022-01-14 23:16 - 000000881 _____ C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2022-01-14 09:21 - 2022-01-14 09:21 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-14 09:21 - 2022-01-14 09:21 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe

 

[VygandasE]

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-12 17:30 - 2021-06-11 21:58 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\discord
2022-02-12 17:25 - 2021-10-23 16:17 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\awakened-poe-trade
2022-02-12 17:15 - 2021-06-12 06:43 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-12 17:04 - 2021-06-11 22:02 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Discord
2022-02-12 16:55 - 2021-06-11 20:10 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-12 16:06 - 2021-11-22 23:48 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Notion
2022-02-12 16:00 - 2021-06-11 20:08 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-12 15:43 - 2021-06-11 19:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-12 15:11 - 2021-07-03 10:12 - 115035136 _____ C:\Users\Olivkittie\AppData\Local\SageThumbs.db3
2022-02-12 15:05 - 2021-12-19 19:06 - 000000865 _____ C:\Users\Public\Desktop\Pentablet.lnk
2022-02-12 15:05 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\INF
2022-02-12 14:10 - 2021-06-12 06:43 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-12 14:10 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-12 14:05 - 2021-09-30 13:20 - 000042182 _____ C:\Users\Olivkittie\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-02-12 14:03 - 2021-06-11 21:18 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Spotify
2022-02-12 14:02 - 2021-06-11 21:19 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Spotify
2022-02-12 14:01 - 2021-09-05 10:45 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\ffxiv-teamcraft
2022-02-12 12:53 - 2021-06-15 14:20 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\ffxiv-teamcraft-metrics
2022-02-12 11:32 - 2021-06-19 18:06 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-02-11 18:36 - 2021-06-11 22:44 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\obs-studio
2022-02-11 17:34 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\ServiceState
2022-02-11 17:21 - 2021-06-11 21:05 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\CrashDumps
2022-02-11 16:14 - 2021-06-11 20:00 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-11 16:00 - 2021-06-20 09:20 - 000003550 _____ C:\WINDOWS\system32\Tasks\Start FFXIV MarketSense on user Olivkittie logon
2022-02-11 16:00 - 2021-06-11 19:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-11 16:00 - 2021-06-11 19:49 - 001125768 _____ C:\WINDOWS\system32\wpbbin.exe
2022-02-11 16:00 - 2021-06-11 19:49 - 001087736 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2022-02-11 16:00 - 2020-06-06 16:50 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-11 15:12 - 2021-06-12 06:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-11 15:11 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-11 15:11 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-11 15:11 - 2021-06-12 06:40 - 000000000 ____D C:\WINDOWS\servicing
2022-02-11 15:11 - 2021-06-11 19:49 - 000281384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-11 12:11 - 2021-06-11 20:19 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\D3DSCache
2022-02-11 12:00 - 2021-06-13 22:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-02-11 11:58 - 2021-06-13 22:46 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-11 11:09 - 2021-06-12 21:28 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Battle.net
2022-02-11 09:37 - 2021-06-12 06:41 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-10 22:09 - 2021-12-19 00:39 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Vivox
2022-02-10 17:13 - 2021-06-12 06:43 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-02-10 09:48 - 2021-06-11 19:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-10 09:47 - 2021-08-25 22:21 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-02-10 09:47 - 2021-08-25 22:21 - 000002323 _____ C:\Users\Public\Desktop\Brave.lnk
2022-02-09 23:55 - 2021-06-11 19:51 - 000000000 ____D C:\Users\Olivkittie
2022-02-09 19:10 - 2021-06-11 22:42 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\slobs-client
2022-02-09 14:09 - 2021-06-11 20:01 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Adobe
2022-02-08 20:11 - 2022-01-04 15:49 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\ElevatedDiagnostics
2022-02-07 21:42 - 2021-09-05 10:45 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft
2022-02-07 21:42 - 2021-06-15 14:20 - 000002466 _____ C:\Users\Olivkittie\Desktop\FFXIV Teamcraft.lnk
2022-02-07 21:42 - 2020-06-17 12:40 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FFXIV Teamcraft
2022-02-07 21:41 - 2021-06-11 20:12 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\SquirrelTemp
2022-02-07 17:50 - 2021-06-11 20:10 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\Google
2022-02-07 17:21 - 2021-06-12 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-02-07 16:23 - 2021-06-13 22:47 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-07 11:47 - 2021-06-11 20:12 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\XIVLauncher
2022-02-07 11:46 - 2021-10-10 02:23 - 000000000 ____D C:\WINDOWS\Minidump
2022-02-07 11:23 - 2021-12-11 00:53 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\fflogs
2022-02-06 21:06 - 2021-12-11 00:53 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\fflogs-updater
2022-02-05 20:47 - 2021-06-11 19:50 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-02-05 20:47 - 2020-11-04 23:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-04 21:06 - 2021-07-27 03:45 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Path of Exile
2022-02-04 20:32 - 2021-10-23 16:17 - 000001067 _____ C:\Users\Olivkittie\Desktop\Awakened PoE Trade.lnk
2022-02-04 20:32 - 2021-10-23 16:17 - 000001067 _____ C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakened PoE Trade.lnk
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-04 10:52 - 2021-06-12 06:43 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-02-04 10:50 - 2021-06-11 19:52 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-02 18:41 - 2020-09-04 20:30 - 000000217 _____ C:\Users\Olivkittie\Desktop\Path of Exile.url
2022-02-01 13:24 - 2021-06-12 14:37 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2022-02-01 12:49 - 2021-10-20 11:50 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Anamnesis
2022-01-31 19:10 - 2021-08-26 10:14 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Restream Chat
2022-01-30 14:08 - 2021-06-18 10:00 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\uTorrent
2022-01-29 15:54 - 2021-11-22 23:48 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\notion-updater
2022-01-28 00:16 - 2021-06-18 10:01 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\BitTorrentHelper
2022-01-27 20:54 - 2021-09-30 14:20 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-01-27 18:07 - 2021-12-13 14:03 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4101733155-2478866902-278870721-1001
2022-01-27 18:07 - 2021-06-11 20:02 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4101733155-2478866902-278870721-1001
2022-01-27 18:07 - 2021-06-11 19:51 - 000002394 _____ C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-27 10:10 - 2021-06-11 20:13 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\XIVLauncher
2022-01-27 10:10 - 2021-06-11 20:12 - 000002352 _____ C:\Users\Olivkittie\Desktop\XIVLauncher.lnk
2022-01-27 10:10 - 2020-07-31 09:28 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\goatsoft
2022-01-25 21:41 - 2021-06-11 19:50 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-25 21:41 - 2021-06-11 19:50 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-23 14:46 - 2021-06-11 20:06 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\NVIDIA
2022-01-23 14:40 - 2021-06-11 20:08 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-23 14:40 - 2021-06-11 20:08 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-01-23 14:40 - 2021-06-11 20:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-01-23 14:40 - 2021-06-11 19:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-01-19 23:22 - 2021-06-13 22:47 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2022-01-19 23:22 - 2021-06-13 22:47 - 000486712 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2022-01-17 18:13 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-01-16 12:57 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\GitKraken
2022-01-16 12:57 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\.gitkraken
2022-01-16 12:51 - 2021-08-21 18:06 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\.IdentityService
2022-01-16 12:51 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Axosoft, LLC
2022-01-16 12:51 - 2021-08-21 18:03 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\gitkraken
2022-01-15 16:20 - 2020-06-06 18:55 - 000000000 ____D C:\Users\Olivkittie\Documents\My Games
2022-01-15 11:20 - 2021-06-12 21:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-01-15 01:02 - 2021-06-12 06:43 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-15 01:02 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-15 01:02 - 2021-06-12 06:43 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-15 01:01 - 2021-06-11 20:32 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2022-01-14 23:16 - 2021-06-18 10:00 - 000000000 ____D C:\Users\Olivkittie\AppData\Local\UT008
2022-01-14 09:26 - 2022-01-04 22:37 - 000000000 ____D C:\Program Files\Streamlabs OBS
2022-01-14 09:26 - 2021-06-11 20:05 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-13 20:39 - 2020-06-06 17:00 - 000000000 ___RD C:\Users\Olivkittie\OneDrive

==================== Files in the root of some directories ========

2021-05-13 11:43 - 2021-06-12 14:36 - 054540272 _____ () C:\Program Files\MSIAfterburnerSetup464Beta3.exe
2021-07-02 15:54 - 2022-01-02 00:24 - 000000016 _____ () C:\Users\Olivkittie\AppData\Roaming\obs-virtualcam.txt
2021-09-30 13:20 - 2022-02-12 14:05 - 000042182 _____ () C:\Users\Olivkittie\AppData\Roaming\VoiceMeeterBananaDefault.xml
2021-09-30 11:52 - 2021-11-13 10:37 - 000007377 _____ () C:\Users\Olivkittie\AppData\Roaming\VoiceMeeterDefault.xml
2021-09-11 22:33 - 2021-09-13 10:18 - 000001456 _____ () C:\Users\Olivkittie\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-06-19 19:49 - 2022-01-14 09:16 - 000000205 _____ () C:\Users\Olivkittie\AppData\Local\oobelibMkey.log
2022-01-16 19:45 - 2022-01-16 19:45 - 000007598 _____ () C:\Users\Olivkittie\AppData\Local\Resmon.ResmonCfg
2021-07-03 10:12 - 2022-02-12 15:11 - 115035136 _____ () C:\Users\Olivkittie\AppData\Local\SageThumbs.db3
2021-06-13 22:52 - 2021-06-13 22:52 - 000000003 _____ () C:\Users\Olivkittie\AppData\Local\updater.log
2021-06-13 22:52 - 2021-06-13 22:52 - 000000424 _____ () C:\Users\Olivkittie\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[VygandasE]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2022
Ran by Olivkittie (12-02-2022 17:30:23)
Running from C:\Users\Olivkittie\Downloads
Microsoft Windows 10 Pro Version 21H2 19044.1526 (X64) (2021-06-11 18:00:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4101733155-2478866902-278870721-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4101733155-2478866902-278870721-503 - Limited - Disabled)
Guest (S-1-5-21-4101733155-2478866902-278870721-501 - Limited - Disabled)
Olivkittie (S-1-5-21-4101733155-2478866902-278870721-1001 - Administrator - Enabled) => C:\Users\Olivkittie
WDAGUtilityAccount (S-1-5-21-4101733155-2478866902-278870721-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{6BF11ECE-3CE8-4FBA-991A-1F55AA6BE5BF}) (Version: 15.0.1300.359 - Microsoft Corporation) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe Ae (HKLM\...\{B910FB1A-0B9D-412D-A735-28AF88A52FF1}) (Version: 1.0.0000 - Adobe Systems Incorporated) Hidden
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_5_1) (Version: 17.5.1 - Adobe Inc.)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Animate 2021 (HKLM-x32\...\FLPR_21_0) (Version: 21.0 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_12) (Version: 13.0.12 - Adobe Inc.)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0) (Version: 11.0 - Adobe Inc.)
Adobe Character Animator 2020 (HKLM-x32\...\CHAR_3_4) (Version: 3.4 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Dimension (HKLM-x32\...\ESHR_3_4) (Version: 3.4 - Adobe Inc.)
Adobe Dreamweaver 2021 (HKLM-x32\...\DRWV_21_0) (Version: 21.0 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_0_1) (Version: 25.0.1 - Adobe Inc.)
Adobe InCopy 2021 (HKLM-x32\...\AICY_16_0) (Version: 16.0 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_0) (Version: 16.0 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_0) (Version: 10.0 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_6) (Version: 14.6 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0_1) (Version: 22.0.1.73 - Adobe Inc.)
Adobe Prelude 2020 (HKLM-x32\...\PRLD_9_0_2) (Version: 9.0.2 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_6) (Version: 14.6 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_1_5_38) (Version: 1.5.38 - Adobe Inc.)
Advanced Combat Tracker (remove only) (HKLM-x32\...\Advanced Combat Tracker) (Version: 3.6.0.275 - EQAditu)
Apple Mobile Device Support (HKLM\...\{527DD209-8A66-482F-8779-C7B3BACCA8F1}) (Version: 15.0.0.16 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{8A4CD158-E6B3-6D91-D7DE-10098BC980E2}) (Version: 10.1.19041.685 - Microsoft) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
AutoHotkey 1.1.33.09 (HKLM\...\AutoHotkey) (Version: 1.1.33.09 - Lexikos)
Awakened PoE Trade 3.17.10003 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\2ea281da-028b-5d55-b26e-53163c89344a) (Version: 3.17.10003 - Alexander Drozdov)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 98.1.35.101 - Brave Software Inc)
ChaosRecipeEnhancer (HKLM-x32\...\{1121086B-78F3-4259-A258-423F8B01656B}) (Version: 1.2.6.0 - kosace)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 - Microsoft Corporation) Hidden
CMake (HKLM\...\{0A8F4DFC-D2F0-46BB-B912-EF75829B24D7}) (Version: 3.21.1 - Kitware)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
Descript 25.1.0-release.20211015.4 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\47d4069d-eba1-5137-bc5f-9c138f7a3859) (Version: 25.1.0-release.20211015.4 - Descript, Inc.)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Entity Framework 6.2.0 Tools for Visual Studio 2019 (HKLM-x32\...\{F878746A-C5F7-420A-A672-4DFEF74ADC3A}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{A7BBC0A6-3DB0-41CC-BCED-DDFC5D4F3060}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ExitLag version 4.201 (HKLM-x32\...\{B3117F72-F22D-4DA7-B554-B3F4EDBB408F}_is1) (Version: 4.201 - ExitLag)
FF Logs Companion (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Overwolf_gdgggfkjbbopooaagkfaolnfcicejolklgmfcfbc) (Version: 2.0.14 - Overwolf app)
FF Logs Uploader 5.8.4 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\76715ac6-ceb7-5f4d-840a-d9ded1c01dd1) (Version: 5.8.4 - fflogs)
FFXIV MarketSense (HKLM-x32\...\{B6411FDF-D3A3-473F-901D-CA609E1B35E9}) (Version: 1.13.2.38878 - Purveyor)
FFXIV Teamcraft (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\ffxiv-teamcraft) (Version: 9.5.11 - FFXIV Teamcraft)
FFXIV TexTools (HKLM-x32\...\FFXIV_TexTools) (Version: 2.2.1 - )
Fiddler Everywhere 3.0.1 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\8652495b-663c-5255-8c97-412896fbef82) (Version: 3.0.1 - Progress Software Corporation)
FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FiveM (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\CitizenFX_FiveM) (Version: - Cfx.re)
FL Studio 20 (HKLM-x32\...\FL Studio 20) (Version: - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line)
Git (HKLM\...\Git_is1) (Version: 2.33.0 - The Git Development Community)
GitKraken (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\gitkraken) (Version: 8.2.1 - Axosoft, LLC)
GlassWire 2.3 (remove only) (HKLM-x32\...\GlassWire 2.3) (Version: 2.3.374 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.82 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - Google LLC) Hidden
GShade 3.4.1 (HKLM\...\GShade) (Version: - GPOSERS)
HeidiSQL 11.3.0.6295 (HKLM\...\HeidiSQL_is1) (Version: 11.3 - Ansgar Becker)
icecap_collection_neutral (HKLM-x32\...\{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{A517D4FE-30EC-4210-8888-12F5530543F2}) (Version: 10.0.05512 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{0B3CC856-3A62-443A-B6CE-DED2D4495D56}) (Version: 12.12.2.2 - Apple Inc.)
KeePass Password Safe 2.49 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.49 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{E75A9998-E979-760B-6AEB-49763F279EDD}) (Version: 10.1.19041.685 - Microsoft) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
MacroRecorder v2.0.69 (HKLM-x32\...\MacroRecorder_is1) (Version: 2.0.69 - Bartels Media GmbH)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
MariaDB 10.5 (x64) (HKLM\...\{B19BA20F-FC05-485B-955D-9E896BEE5615}) (Version: 10.5.12.0 - MariaDB Corporation Ab) Hidden
MariaDB 10.5 (x64) (HKLM\...\MariaDB 10.5 (x64)) (Version: 10.5.12.0 - MariaDB Corporation Ab)
Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon)
Microsoft .NET SDK 5.0.301 (x64) (HKLM-x32\...\{d13b364c-ee85-41ba-93a9-0015b6c2945d}) (Version: 5.3.121.27113 - Microsoft Corporation)
Microsoft .NET SDK 5.0.400 (x64) from Visual Studio (HKLM\...\{515810D7-F8C4-4511-B849-5539792DB2F8}) (Version: 5.4.21.37610 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.6 (HKLM\...\{EDADFA19-7F96-4075-A4AB-2209910626C5}) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.6 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.6) (Version: 2.9.8899.26 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.10 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.10) (Version: 5.10.19227.2113 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.43 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{8D98AC2C-FC5C-440D-A2D3-6C9655F957D8}) (Version: 17.2.0.1 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704 (HKLM-x32\...\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}) (Version: 14.30.30704.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.60.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.11.35.61819 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{2EC26D34-FB67-4C58-AC20-235697551222}) (Version: 10.0.3802 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSI Afterburner 4.6.4 Beta 3 (HKLM-x32\...\Afterburner) (Version: 4.6.4 Beta 3 - MSI Co., LTD)
MSI Development Tools (HKLM-x32\...\{7AAC93B0-F3D7-6B24-6B37-9E74980C1C81}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
MySQL Workbench 8.0 CE (HKLM\...\{7E665091-6EFA-496D-91BE-BF36D42A8E1E}) (Version: 8.0.26 - Oracle Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
NoteBurner Spotify Music Converter 2.2.6 (HKLM-x32\...\NoteBurner Spotify Music Converter) (Version: 2.2.6 - NoteBurner)
Notion 2.0.21 (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.21 - Notion Labs, Incorporated)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.10 - Nmap Project)
NVIDIA FrameView SDK 1.2.4999.30397803 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.4999.30397803 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.24.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.24.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 511.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 511.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.1.3 - OBS Project)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.190.0.13 - Overwolf Ltd.)
Path of Building Community (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Path of Building Community) (Version: 2.7.0 - Path of Building Community)
Pentablet version 1.3.6.170906 (HKLM\...\{5DAB8C1A-6D8E-467D-BE62-AC13087AA950}_is1) (Version: 1.3.6.170906 - XPPEN Technology)
Poe Lurker (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\PoeLurker) (Version: 1.11.5 - C1rdec)
Python 3.9.7 (64-bit) (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\{0f0bf1a5-3ec1-459b-ab7c-916db941f50d}) (Version: 3.9.7150.0 - Python Software Foundation)
Python 3.9.7 Add to Path (64-bit) (HKLM\...\{832BFE8B-69A2-4E1D-8998-DFB9CBA4B4D3}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Core Interpreter (64-bit) (HKLM\...\{88D4EF59-607D-43AD-B7C7-F5A753740FD1}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Development Libraries (64-bit) (HKLM\...\{97496FC6-5044-4A2A-BACD-40A44F38D483}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Documentation (64-bit) (HKLM\...\{AA408E09-EBB3-470F-8D63-5AA0C46C2DA2}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Executables (64-bit) (HKLM\...\{870EC220-FEAE-481D-8B29-B4B0DF5402FA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 pip Bootstrap (64-bit) (HKLM\...\{F1280AA2-AAC3-41AB-9616-CCF00814E626}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Standard Library (64-bit) (HKLM\...\{05903EEF-72A2-4C1A-AD35-41AD6C7094A8}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Tcl/Tk Support (64-bit) (HKLM\...\{6E8EAD3C-6F0C-494C-9C12-E10C5B5EE7EA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Test Suite (64-bit) (HKLM\...\{67D79D6E-8497-4EE6-850B-834D3A27553F}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Utility Scripts (64-bit) (HKLM\...\{4110826A-903C-410C-9785-7848A51B9CC9}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{99719382-D7A9-4DC2-BF0C-C23B730A313D}) (Version: 3.9.7546.0 - Python Software Foundation)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.1215.121004 - Razer Inc.)
Razer Virtual Ring Light (HKLM-x32\...\Razer Virtual Ring Light) (Version: 2.0.0.23 - Razer Inc.)
ReaPlugs (HKLM-x32\...\ReaPlugs) (Version: - )
ReaPlugs/x64 (HKLM\...\ReaPlugs) (Version: - )
Restream Chat 2.5.4-beta (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\{b93e1611-ab70-51cb-abde-0c215b3bb437}) (Version: 2.5.4-beta - Restream)
RivaTuner Statistics Server 7.3.2 Beta 2 (HKLM-x32\...\RTSS) (Version: 7.3.2 Beta 2 - Unwinder)
Roblox Player for Olivkittie (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\roblox-player) (Version: - Roblox Corporation)
SageThumbs 2.0.0.23 (HKLM\...\SageThumbs) (Version: 2.0.0.23 - Cherubic Software)
SDK ARM Additions (HKLM-x32\...\{FCF9D89E-6F79-64FB-B08D-B0E69FF54DEE}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{72DB07D6-E166-5A3F-B6E6-4664383781B8}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Security Task Manager 2.4 (HKLM-x32\...\Security Task Manager) (Version: 2.4 - Neuber Software)
Sims 4 Studio (HKLM-x32\...\{870AA913-0774-4ED0-B144-BC2C0CBE4BA0}_is1) (Version: 3.1.5.6 - Sims 4 Studio)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Spotify) (Version: 1.1.78.765.g5ea20b00 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlabs Desktop 1.6.4 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.6.4 - General Workings, Inc.)
The Sims 4 (HKLM-x32\...\The Sims 4_is1) (Version: - )
TypeScript SDK (HKLM-x32\...\{6D0FC687-BA41-4DFD-80B4-3469E567AA0F}) (Version: 4.3.5.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{4D69FB64-4443-F2DD-DE1C-F14FD98AAC59}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{6B56745A-F6A4-C51C-933A-AD96C00683EA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{A57CD0A6-4297-FD30-34A4-34758B6F5F69}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{CD06199B-41C1-AE6D-7567-984CC68792C3}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{BD75F257-50A4-E0CD-9942-C3550CA3E66A}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{A7E95C47-B5F4-110C-D27A-DECB03412B96}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C93A88C2-6DE4-4035-AAC8-341435549BBB}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\07dbf657) (Version: 16.11.1 - Microsoft Corporation)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.4.16 - Black Tree Gaming Ltd.)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26}) (Version: 16.10.31206 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{CE912A42-1D6A-4F54-A263-F54E7D3F8E09}) (Version: 16.11.31613 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{102E83BD-B6A0-4C74-AD22-7D594A3435D3}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6CBDE7BE-E956-4E0E-81FB-2CB79190C924}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{76133D32-1325-48F3-929A-27EC7A323FBA}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{E42F1CFF-80C7-4865-B378-1EFCF312C1BF}) (Version: 16.10.31213 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{53D1C36A-E35A-45B3-801B-F49BDD425293}) (Version: 16.11.31503 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B}) (Version: 16.10.31205 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{2ADF1977-BF31-E127-B651-AC28A8658317}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E18618EC-D9DB-4BCE-B382-85ADA2CBB340}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.19041.685 (HKLM-x32\...\{4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}) (Version: 10.1.19041.685 - Microsoft Corporation)
WinRAR 6.02 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.02.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{BCF7CA0F-E53C-2A4F-B128-A751EC9A1016}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{B42BF427-AFDB-C00F-DB60-6F51395D74A1}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3335615C-ABEB-960E-2226-4274CD28E046}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{216D5F47-257D-6284-5849-B51037875EFA}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{443FF51E-16C3-F23B-18FC-0D1D66024B0B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{15E29AFF-CB19-A20B-9A81-B0765A63115F}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FF2B49B7-0254-3D6A-4BE0-EF4C59DBCC2B}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0AF3B821-474B-1885-473A-6E3FB4F1CF71}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{8832F8ED-1035-9ABE-FD73-4E5ABAA84A5C}) (Version: 10.1.19041.685 - Microsoft Corporation) Hidden
XIVLauncher (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\XIVLauncher) (Version: 6.1.19 - goaaats)
Zoom (HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_35.1.12.5_x64__adky2gkssdxte [2021-08-19] (Adobe Systems Incorporated)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-04] (INTEL CORP) [Startup Task]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.63.5391.0_x64__8wekyb3d8bbwe [2022-02-08] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-01-22] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-26] (Microsoft Corporation)
Trello -> C:\Program Files\WindowsApps\45273LiamForsyth.PawsforTrello_2.12.5.0_x64__7pb5ddty8z1pa [2021-12-10] (Trello, Inc.)
UpNote -> C:\Program Files\WindowsApps\24862ThomasDao.UpNote_5.12.5.0_x64__kq65c2wy2rx02 [2022-02-08] (Thomas Dao)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4101733155-2478866902-278870721-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Adobe everything\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [SageThumbs] -> {4A34B3E3-F50E-4FF6-8979-7E4176466FF2} => C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll [2017-05-09] (CherubicSoft) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_015fa42d67826549\nvshext.dll [2022-01-11] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2017-09-26] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Adobe everything\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-02-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-06-11] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Olivkittie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a84a9b1296b5f2d2\Virtual Ring Light.lnk -> C:\Program Files\Razer\RzAppEngine\rzappengine.exe (Razer Inc.) -> --application-host=apps.razer.com --profile-directory=Default hxxps://apps.razer.com/app-launcher/RzUiQiNlDnNMZ1NZ-HFhVAUiRz/

==================== Loaded Modules (Whitelisted) =============

2022-02-03 17:53 - 2022-01-28 20:57 - 001305600 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Programs\Notion\resources\app\node_modules\better-sqlite3\build\Release\better_sqlite3.node
2022-02-03 17:53 - 2022-01-28 20:57 - 000132096 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Programs\Notion\resources\app\node_modules\bufferutil\build\Release\bufferutil.node
2022-02-03 17:53 - 2022-01-28 20:57 - 000124928 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Programs\Notion\resources\app\node_modules\integer\build\integer.node
2022-02-12 16:07 - 2022-02-12 16:07 - 000711680 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Temp\0cf72b5e-6f01-402c-87ce-3c0d50596aaa.tmp.node
2022-02-12 16:07 - 2022-02-12 16:07 - 000579072 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Temp\442ece29-9d65-4d4a-bae9-8a10cff77661.tmp.node
2022-02-12 16:07 - 2022-02-12 16:07 - 000599552 _____ () [File not signed] \\?\C:\Users\Olivkittie\AppData\Local\Temp\ca23f9a7-82db-4332-b418-d10306a12910.tmp.node
2021-11-13 11:28 - 2021-11-13 11:28 - 000967168 _____ () [File not signed] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2022-02-03 17:53 - 2022-01-28 20:57 - 002823680 _____ () [File not signed] C:\Users\Olivkittie\AppData\Local\Programs\Notion\ffmpeg.dll
2022-02-03 17:53 - 2022-01-28 20:57 - 000449024 _____ () [File not signed] C:\Users\Olivkittie\AppData\Local\Programs\Notion\libegl.dll
2022-02-03 17:53 - 2022-01-28 20:57 - 007620096 _____ () [File not signed] C:\Users\Olivkittie\AppData\Local\Programs\Notion\libglesv2.dll
2022-02-10 16:44 - 2022-02-09 11:15 - 002699264 _____ () [File not signed] D:\New folder (2)\Awakened PoE Trade\ffmpeg.dll
2022-02-10 16:44 - 2022-02-09 11:15 - 000442368 _____ () [File not signed] D:\New folder (2)\Awakened PoE Trade\libegl.dll
2022-02-10 16:44 - 2022-02-09 11:15 - 008143872 _____ () [File not signed] D:\New folder (2)\Awakened PoE Trade\libglesv2.dll
2022-02-10 16:44 - 2022-02-09 11:15 - 004646400 _____ () [File not signed] D:\New folder (2)\Awakened PoE Trade\vk_swiftshader.dll
2022-02-10 16:44 - 2022-02-09 11:15 - 000728576 _____ () [File not signed] D:\New folder (2)\Awakened PoE Trade\vulkan-1.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 126961152 _____ () [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\libcef.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 000384000 _____ () [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\libegl.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 008006656 _____ () [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\libglesv2.dll
2017-05-09 09:40 - 2017-05-09 09:40 - 000475648 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\SageThumbs.dll
2017-05-09 09:40 - 2017-05-09 09:40 - 000716288 _____ (CherubicSoft) [File not signed] C:\Program Files (x86)\SageThumbs\64\sqlite3.dll
2021-12-01 14:14 - 2021-11-24 16:00 - 000093696 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2022-02-08 20:49 - 2021-10-06 03:30 - 000983552 _____ (The Chromium Authors) [File not signed] E:\Program Files\Steam2\bin\cef\cef.win7x64\chrome_elf.dll
2021-12-19 19:06 - 2017-07-27 15:47 - 000108544 _____ (UGEE) [File not signed] C:\WINDOWS\SYSTEM32\WinTab32.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 001519104 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfl340.dll
2014-02-07 18:47 - 2014-02-07 18:47 - 000256000 _____ (XnView) [File not signed] C:\Program Files (x86)\SageThumbs\64\libgfle340.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => scrfile

==================== Internet Explorer (Whitelisted) ==========

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-11-19] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

==================== Hosts content: =========================

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\WindowsApps;E:\Program Files\Git\cmd;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;E:\Program Files\Cmake\bin;C:\Program Files (x86)\CMake\bin;
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Olivkittie\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\edit bg3.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: ExitLag Game Booster -> nt_ndextlag (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AsusUpdateCheck => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: brave => 2
MSCONFIG\Services: bravem => 3
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: FvSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: MariaDB => 2
MSCONFIG\Services: NoIPDUCService4 => 2
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: Razer Chroma SDK Server => 2
MSCONFIG\Services: Razer Chroma SDK Service => 2
MSCONFIG\Services: Razer Chroma Stream Server => 2
MSCONFIG\Services: Razer Game Manager Service => 2
MSCONFIG\Services: Razer Synapse Service => 2
MSCONFIG\Services: RzActionSvc => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run: => "PentabletService"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "RZTHXHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "electron.app.Descript"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_912EC36828E5BE936A1A49FE53370A09"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\StartupApproved\Run: => "Overwolf"

 

[VygandasE]

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C5CB4AC4-EB24-463C-9EF8-7B3DA28F9879}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{D828FE05-A51B-4326-8C51-2657032ED90C}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{54C34090-7972-4E84-8AEA-78BEB997F244}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{5D089068-F67D-4D63-B0D6-198C7C2E6B7D}] => (Allow) E:\Program Files\Advanced Combat Tracker\Advanced Combat Tracker.exe (EQAditu) [File not signed]
FirewallRules: [{FC0A63A6-A829-4A36-A51E-3063F9EEF29E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{40E53C17-229F-411D-82C3-0B5CC838A152}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [{83F631D9-0218-416F-9828-1691D904B128}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [{14A71D30-B340-421B-91EC-780B5532B9DC}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [{77B8A837-525B-4912-9C60-B8F6A43CD721}] => (Allow) C:\Users\Olivkittie\AppData\Local\ffxiv-teamcraft\FFXIV Teamcraft.exe (FFXIV Teamcraft -> FFXIV Teamcraft)
FirewallRules: [TCP Query User{EFF236DB-45D3-41B0-8525-A0652BD2BC55}E:\program files\steam2\steam.exe] => (Allow) E:\program files\steam2\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{8BD16971-45D5-47D0-8B0E-C1AE2758F4C0}E:\program files\steam2\steam.exe] => (Allow) E:\program files\steam2\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0DA0C9F7-EE45-43C1-A191-BD9F9B69DAC4}] => (Allow) E:\Program Files\Steam2\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4A308EE7-8075-407B-9F53-5434BFD9DC7F}] => (Allow) E:\Program Files\Steam2\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{BF91F26F-3D49-48EA-952F-8967D8A255AC}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{C6000690-E699-4DB0-99BF-FD48F61A8790}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [TCP Query User{B76CDF75-6C21-4034-8AD4-96A0826D0EDE}C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{511B52BF-CFE9-4C12-A0B9-BC0E1817EC91}C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\olivkittie\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{4EDDB9C5-2A85-430B-A1D1-DC95BD67C036}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [{C49BB4D2-8813-4AAF-AD82-192196748574}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe (GlassWire -> SecureMix LLC)
FirewallRules: [TCP Query User{4AAF4DBC-18C7-4258-8A19-544A32673C10}C:\users\olivkittie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\olivkittie\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{24C0603B-7295-4D92-9ECD-3D8096A5A3A5}C:\users\olivkittie\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\olivkittie\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EB19D99D-3B58-42F4-B2A8-DEC0417FD405}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{CBB0AB5C-86F5-4531-9ABF-2587A2B02658}] => (Allow) D:\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{DE2D6842-6D0D-4B0F-8CCD-64042A3D8E71}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{FC59EADA-B7EE-4610-A2D8-0541CFB02280}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [UDP Query User{6211F06C-F645-4935-8F4C-3AB91BB17800}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{A1D2A6C6-D618-4D0B-B421-AE7354374530}] => (Allow) D:\Overwolf\0.190.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{BE65148D-8771-4D5C-98C8-99B448D9901F}] => (Allow) D:\Overwolf\0.190.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{15663FC7-28C9-44B5-A1C2-B248E6CEB867}] => (Block) D:\Overwolf\0.190.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{07BD0D53-CB64-4B87-B032-EA78F347797A}] => (Block) D:\Overwolf\0.190.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [TCP Query User{BFD1F631-5427-46BC-A22B-A464FFDA8D2A}D:\games\blizzard\games of blizzard\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\blizzard\games of blizzard\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{47D67728-0533-48B8-A76B-82AD7CDAD769}D:\games\blizzard\games of blizzard\overwatch\_retail_\overwatch.exe] => (Allow) D:\games\blizzard\games of blizzard\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{C55F5E01-A7B5-48BF-8A54-D94132157F54}] => (Allow) C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe () [File not signed]
FirewallRules: [{1991152B-2BEC-4878-9CCB-6DC44811EC1E}] => (Allow) C:\Program Files (x86)\Purveyor\FFXIV MarketSense\FFXIVMarketSense.exe () [File not signed]

==================== Restore Points =========================

10-02-2022 20:13:02 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/11/2022 05:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ffxiv_dx11.exe, version: 1.0.0.0, time stamp: 0x61eeb095
Faulting module name: coreclr.dll, version: 5.0.621.22011, time stamp: 0x607f4c79
Exception code: 0xc0000005
Fault offset: 0x00000000001ca037
Faulting process id: 0x410
Faulting application start time: 0x01d81f57f02fef10
Faulting application path: E:\Backup\ff backup\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv_dx11.exe
Faulting module path: C:\Users\Olivkittie\AppData\Roaming\XIVLauncher\runtime\shared\Microsoft.NETCore.App\5.0.6\coreclr.dll
Report Id: aeaf8207-1427-42ea-a7b6-e62d4599c167
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2022 05:20:58 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: ffxiv_dx11.exe
CoreCLR Version: 5.0.621.22011
.NET Version: 5.0.6
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFBDE58A037 (00007FFBDE3C0000) with exit code c0000005.

Error: (02/11/2022 02:10:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ffxiv_dx11.exe, version: 1.0.0.0, time stamp: 0x61eeb095
Faulting module name: coreclr.dll, version: 5.0.621.22011, time stamp: 0x607f4c79
Exception code: 0xc0000005
Fault offset: 0x00000000001ca037
Faulting process id: 0x4504
Faulting application start time: 0x01d81f19b1b004cf
Faulting application path: E:\Backup\ff backup\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv_dx11.exe
Faulting module path: C:\Users\Olivkittie\AppData\Roaming\XIVLauncher\runtime\shared\Microsoft.NETCore.App\5.0.6\coreclr.dll
Report Id: f44258e6-b442-41cb-8d18-ecf34a30b1db
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2022 02:10:43 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: ffxiv_dx11.exe
CoreCLR Version: 5.0.621.22011
.NET Version: 5.0.6
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFDB290A037 (00007FFDB2740000) with exit code c0000005.

Error: (02/11/2022 02:09:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MachinaWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].FindEntry(System.__Canon)
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryGetValue(System.__Canon, System.__Canon ByRef)
at MachinaWrapper.Commander.InvokeCommand(System.String)
at MachinaWrapper.Commander+<>c__DisplayClass9_0.<Start>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (02/10/2022 04:08:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Sai2.exe, version: 1.3.45.0, time stamp: 0x61c46144
Faulting module name: ntdll.dll, version: 10.0.19041.1466, time stamp: 0xe2f8ca76
Exception code: 0xc0000374
Fault offset: 0x00000000000ff199
Faulting process id: 0x4ec0
Faulting application start time: 0x01d81e54f4ea5f95
Faulting application path: C:\Users\Olivkittie\Documents\Extra Docs\Mama\Sai2.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: de8891c5-9020-43b8-a70f-8456ee1206d3
Faulting package full name:
Faulting package-relative application ID:

Error: (02/09/2022 07:18:33 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: DESKTOP-N6TFA54)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (02/07/2022 11:03:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MachinaWrapper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].FindEntry(System.__Canon)
at System.Collections.Generic.Dictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryGetValue(System.__Canon, System.__Canon ByRef)
at MachinaWrapper.Commander.InvokeCommand(System.String)
at MachinaWrapper.Commander+<>c__DisplayClass9_0.<Start>b__1()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (02/11/2022 04:00:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the RzActionSvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/11/2022 03:11:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the RzActionSvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/10/2022 05:33:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the RzActionSvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/10/2022 05:27:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Razer Synapse Service service depends on the RzActionSvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/10/2022 05:24:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RogueKiller RTP service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/10/2022 05:24:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (02/10/2022 05:24:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GlassWire Control Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/10/2022 05:24:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Game Manager service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
================
Date: 2022-02-09 14:02:02
Description:
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe has been blocked from modifying %userprofile%\Pictures\New folder by Controlled Folder Access.
Detection time: 2022-02-09T12:02:02.561Z
Path: %userprofile%\Pictures\New folder
Process Name: C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
Security intelligence Version: 1.357.335.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 13:04:51
Description:
C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe has been blocked from modifying %userprofile%\Music by Controlled Folder Access.
Detection time: 2022-02-09T11:04:51.701Z
Path: %userprofile%\Music
Process Name: C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe
Security intelligence Version: 1.357.335.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 09:49:25
Description:
E:\Backup\ff backup\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv_dx11.exe has been blocked from modifying %userprofile%\Documents\My Games\FINAL FANTASY XIV - A Realm Reborn\ by Controlled Folder Access.
Detection time: 2022-02-09T07:49:25.416Z
Path: %userprofile%\Documents\My Games\FINAL FANTASY XIV - A Realm Reborn\
Process Name: E:\Backup\ff backup\FINAL FANTASY XIV - A Realm Reborn\game\ffxiv_dx11.exe
Security intelligence Version: 1.357.303.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 09:48:09
Description:
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe has been blocked from modifying %userprofile%\Documents\AdobeGCData\ by Controlled Folder Access.
Detection time: 2022-02-09T07:48:09.226Z
Path: %userprofile%\Documents\AdobeGCData\
Process Name: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
Security intelligence Version: 1.357.303.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

Date: 2022-02-09 09:48:09
Description:
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe has been blocked from modifying %userprofile%\Documents\AdobeGC by Controlled Folder Access.
Detection time: 2022-02-09T07:48:09.226Z
Path: %userprofile%\Documents\AdobeGC
Process Name: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
Security intelligence Version: 1.357.303.0
Engine Version: 1.1.18900.2
Product Version: 4.18.2111.5

CodeIntegrity:
===============
Date: 2022-02-12 17:25:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0805 01/29/2019
Motherboard: ASUSTeK COMPUTER INC. PRIME Z390-A
Processor: Intel(R) Core(TM) i7-9700K CPU @ 3.60GHz
Percentage of memory in use: 27%
Total physical RAM: 30919.72 MB
Available physical RAM: 22453.36 MB
Total Virtual: 35527.72 MB
Available Virtual: 23405.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.28 GB) (Free:31.08 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:82.34 GB) NTFS
Drive e: (Extra Drive) (Fixed) (Total:931.51 GB) (Free:131.22 GB) NTFS

\\?\Volume{6af5f037-5b27-40df-9b76-d37f99d1c319}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{f0f95b95-8c4b-4a8b-96cc-08e5aafc39f9}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2C4425DA)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C89BE9AE)

Partition: GPT.

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: EBD4268B)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[VygandasE]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2022 01
Ran by Olivkittie (16-02-2022 10:43:26) Run:1
Running from C:\Users\Olivkittie\Desktop
Loaded Profiles: Olivkittie
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [RZTHXHelper] => C:\WINDOWS\system32\RZTHXHelper.exe (No File)
HKLM\...\Run: [CL-26-F227840A-25B6-4AF8-B9AB-75F30F310594] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-26-F227840A-25B6-4AF8-B9AB-75F30F310594\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-26-F227840A-25B6-4AF8-B9AB-75F30F3 (the data entry has 7 more characters). (No File)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {202E1453-CB6E-43E2-B56B-AD87D1892CB1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (No File)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [No File]
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]
S3 R0RazerSynapseService; \??\C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
HKLM\...\.scr: SageThumbsImage.scr => "%1" /S <==== ATTENTION

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RZTHXHelper" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CL-26-F227840A-25B6-4AF8-B9AB-75F30F310594" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-4101733155-2478866902-278870721-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
HKU\S-1-5-21-4101733155-2478866902-278870721-1001\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{202E1453-CB6E-43E2-B56B-AD87D1892CB1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{202E1453-CB6E-43E2-B56B-AD87D1892CB1}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => removed successfully
HKLM\System\CurrentControlSet\Services\uhssvc => removed successfully
uhssvc => service removed successfully
HKLM\System\CurrentControlSet\Services\R0RazerSynapseService => removed successfully
R0RazerSynapseService => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueSight => removed successfully
TrueSight => service removed successfully
HKLM\Software\Classes\.scr\\"Default"="scrfile" => value restored successfully

==== End of Fixlog 10:43:27 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[VygandasE]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[VygandasE]

Farbar Service Scanner Version: 03-11-2021
Ran by Olivkittie (administrator) on 19-02-2022 at 14:27:23
Running from "C:\Users\Olivkittie\Downloads"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[VygandasE]

Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : DESKTOP-N6TFA54
   Windows . . . . . . . : 10.0.0.19044.X64/8
   User name . . . . . . : DESKTOP-N6TFA54\Olivkittie
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2022-02-19 14:31:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 44s
   Disk access mode  . . : Direct disk access (SPTI)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 4
   Traces  . . . . . . . : 89

   Objects scanned . . . : 3,890,380
   Files scanned . . . . : 461,098
   Remnants scanned  . . : 1,889,478 files / 1,539,804 keys

Malware _____________________________________________________________________

   C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Carrier.exe
      Size . . . . . . . : 1,952,040 bytes
      Age  . . . . . . . : 2.9 days (2022-02-16 17:56:28)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FCBCFAD6D802FDE5D7AA64CB9CE97101CB8318D11AF76253169935CC6299EF45
      Product  . . . . . : BitTorrent
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : BitTorrent
      Version  . . . . . : 7.10.5.46193
      Copyright  . . . . : ©2020 BitTorrent, Inc. All Rights Reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Sophos . . . . . . : Generic ML PUA (PUA)
      Fuzzy  . . . . . . : 103.0
      Forensic Cluster
         -0.4s C:\Users\Olivkittie\AppData\Local\Adaware\
         -0.4s C:\Users\Olivkittie\AppData\Local\Adaware\GenericSetup.exe_Url_ssxz22v1ihtryhcyubu1vm205uve1cbl\1.0.8.5573\
         -0.4s C:\Users\Olivkittie\AppData\Local\Adaware\GenericSetup.exe_Url_ssxz22v1ihtryhcyubu1vm205uve1cbl\1.0.8.5573\user.config
         -0.4s C:\Users\Olivkittie\AppData\Local\Adaware\GenericSetup.exe_Url_ssxz22v1ihtryhcyubu1vm205uve1cbl\
         -0.4s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\
         -0.4s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\BundleConfig.json
         -0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\app.ico
         -0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\images\
         -0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\
         -0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\tis\
         -0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\tis\Config.tis
         -0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\FinishPage.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\sciter32.dll
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Carrier.exe
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\images\loader.gif
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\images\warning48x48.png
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\InstallingPage.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\LicensePage.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\tis\TranslateOfferTemplate.tis
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\OfferPage.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\tis\EventHandler.tis
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\SettingPage1.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\SettingPage2.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\tis\Log.tis
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\tis\ViewStateLoader.tis
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\WarningPage.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\images\logo-header.png
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\WelcomePage.html
          0.0s C:\Users\Olivkittie\AppData\Local\Temp\GenericSetup.exe_1645034187\Resources\style.css
          0.3s C:\Users\Olivkittie\AppData\Local\NVIDIA\DXCache\68719ddd9a1460c47c2d6f7a1cba9a7f_fce8395c8fd8a99d_134f93b6ee7ba34a_0_0.0.toc
          0.3s C:\Users\Olivkittie\AppData\Local\NVIDIA\DXCache\68719ddd9a1460c47c2d6f7a1cba9a7f_fce8395c8fd8a99d_134f93b6ee7ba34a_0_0.0.bin
          0.4s C:\Users\Olivkittie\AppData\Local\NVIDIA\DXCache\68719ddd9a1460c47c2d6f7a1cba9a7f_fce8395c8fd8a99d_134f93b6ee7ba34a_0_1.0.toc
          0.4s C:\Users\Olivkittie\AppData\Local\NVIDIA\DXCache\68719ddd9a1460c47c2d6f7a1cba9a7f_fce8395c8fd8a99d_134f93b6ee7ba34a_0_1.0.bin

   C:\Users\Olivkittie\AppData\Roaming\BitTorrent\BitTorrent.exe
      Size . . . . . . . : 1,952,040 bytes
      Age  . . . . . . . : 2.9 days (2022-02-16 17:57:10)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FCBCFAD6D802FDE5D7AA64CB9CE97101CB8318D11AF76253169935CC6299EF45
      Product  . . . . . : BitTorrent
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : BitTorrent
      Version  . . . . . : 7.10.5.46193
      Copyright  . . . . : ©2020 BitTorrent, Inc. All Rights Reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Sophos . . . . . . : Generic ML PUA (PUA)
      Fuzzy  . . . . . . : 103.0
      References
         C:\Users\Olivkittie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
         C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
         C:\Users\Olivkittie\Desktop\BitTorrent.lnk
      Forensic Cluster
         -0.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\
          0.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\BitTorrent.exe
          0.1s C:\Users\Olivkittie\Desktop\BitTorrent.lnk
          0.1s C:\Users\Olivkittie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
          0.1s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\maindoc.ico
          0.6s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\settings.dat.old
          4.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\share\
          4.7s C:\Users\Olivkittie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4101733155-2478866902-278870721-1001\c8f3d74d8c120a5147a5f85e5aa541e1_6ee58b7e-ed73-40e8-9d2f-810cc0ff49cb
          5.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\
          5.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\7.10.5_46193.exe
          5.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates.dat
          5.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\apps\
          5.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\dlimagecache\
          5.8s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\chrome_native.json
          5.8s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\7.10.5_46193\
          5.8s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\7.10.5_46193\bittorrentie.exe
          5.8s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\apps\player.btapp
          6.1s C:\Windows\prefetch\BITTORRENTIE.EXE-6D6863AF.pf
          7.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_117247C84E0E46566E6F28313449A89D
          7.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_117247C84E0E46566E6F28313449A89D
          7.8s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6A346178B254913B40C9D8D2F780BDCC_130565DE065AB016999AB8A94CDD921D
          7.8s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6A346178B254913B40C9D8D2F780BDCC_130565DE065AB016999AB8A94CDD921D
          8.0s C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68969492c6dd17d6_0
          8.0s C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\976df8652b710df5_0
          8.8s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2876FFED01F24E59D648DA8B8C4F6D92_038CD56AACA63FA99018A0C27DEEDE65
          8.8s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2876FFED01F24E59D648DA8B8C4F6D92_038CD56AACA63FA99018A0C27DEEDE65
         11.4s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_E9F189113BBB2AB229225E45428FCB1D
         11.4s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_E9F189113BBB2AB229225E45428FCB1D
         12.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_4F0FADF2982C82BB696CD52319EB8ECE
         12.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_4F0FADF2982C82BB696CD52319EB8ECE
         12.6s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\732A0BC7CB371A451EC221F0CAB060DD_E8B508EE713F3EF29D1DBC3087DCE28B
         12.6s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\732A0BC7CB371A451EC221F0CAB060DD_E8B508EE713F3EF29D1DBC3087DCE28B
         12.6s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C0A2940265F71168687A5308976E57D_07E65452D4301ACB7FE093D91FCD3B4E
         12.6s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C0A2940265F71168687A5308976E57D_07E65452D4301ACB7FE093D91FCD3B4E
         14.5s C:\Windows\prefetch\BITTORRENT.EXE-10C41BB0.pf
         15.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EA00B21555A8BE2B77F09AED14EE999
         15.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3EA00B21555A8BE2B77F09AED14EE999
         19.5s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\56A0A3A3949B202527ED7236F9F39B04
         19.5s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\56A0A3A3949B202527ED7236F9F39B04
         19.6s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753
         19.6s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753
         19.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DD76941B08ECB69B450D4C1AE579DB94_F0D333245F84D6B42E90519CDF8F8CA0
         19.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DD76941B08ECB69B450D4C1AE579DB94_F0D333245F84D6B42E90519CDF8F8CA0
         19.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A01F56D5C247435A1C83CDFF1D1FC382_8771922EEB86472981DE3C7215F34975
         19.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A01F56D5C247435A1C83CDFF1D1FC382_8771922EEB86472981DE3C7215F34975
         20.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\63A9A88C44BE45C5328EEBAD47657F8C
         20.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\63A9A88C44BE45C5328EEBAD47657F8C
         20.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548
         20.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548
         24.5s C:\Users\Olivkittie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4101733155-2478866902-278870721-1001\1216650eb4fb7765a6ef3ff3731dc03e_6ee58b7e-ed73-40e8-9d2f-810cc0ff49cb
         27.6s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\helper_web_ui.btinstall
         27.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\dlimagecache\9B9C4DBE3268915A40292366D877CE09AFE4E143
         27.8s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\The Sims 4 [FitGirl Repack].torrent
         28.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C

   C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\7.10.5_46193.exe
      Size . . . . . . . : 1,952,040 bytes
      Age  . . . . . . . : 2.9 days (2022-02-16 17:57:16)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FCBCFAD6D802FDE5D7AA64CB9CE97101CB8318D11AF76253169935CC6299EF45
      Product  . . . . . : BitTorrent
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : BitTorrent
      Version  . . . . . : 7.10.5.46193
      Copyright  . . . . : ©2020 BitTorrent, Inc. All Rights Reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Sophos . . . . . . : Generic ML PUA (PUA)
      Fuzzy  . . . . . . : 103.0
      Forensic Cluster
         -5.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\
         -5.7s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\BitTorrent.exe
         -5.6s C:\Users\Olivkittie\Desktop\BitTorrent.lnk
         -5.6s C:\Users\Olivkittie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
         -5.6s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\maindoc.ico
         -5.1s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\settings.dat.old
         -1.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\share\
         -1.0s C:\Users\Olivkittie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4101733155-2478866902-278870721-1001\c8f3d74d8c120a5147a5f85e5aa541e1_6ee58b7e-ed73-40e8-9d2f-810cc0ff49cb
         -0.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\
          0.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\7.10.5_46193.exe
          0.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates.dat
          0.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\apps\
          0.1s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\dlimagecache\
          0.1s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\chrome_native.json
          0.2s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\7.10.5_46193\
          0.2s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\updates\7.10.5_46193\bittorrentie.exe
          0.2s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\apps\player.btapp
          0.4s C:\Windows\prefetch\BITTORRENTIE.EXE-6D6863AF.pf
          1.4s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_117247C84E0E46566E6F28313449A89D
          1.4s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_117247C84E0E46566E6F28313449A89D
          2.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6A346178B254913B40C9D8D2F780BDCC_130565DE065AB016999AB8A94CDD921D
          2.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6A346178B254913B40C9D8D2F780BDCC_130565DE065AB016999AB8A94CDD921D
          2.3s C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68969492c6dd17d6_0
          2.3s C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\976df8652b710df5_0
          3.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2876FFED01F24E59D648DA8B8C4F6D92_038CD56AACA63FA99018A0C27DEEDE65
          3.1s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2876FFED01F24E59D648DA8B8C4F6D92_038CD56AACA63FA99018A0C27DEEDE65
          5.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_E9F189113BBB2AB229225E45428FCB1D
          5.7s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_E9F189113BBB2AB229225E45428FCB1D
          6.4s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_4F0FADF2982C82BB696CD52319EB8ECE
          6.4s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_4F0FADF2982C82BB696CD52319EB8ECE
          6.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\732A0BC7CB371A451EC221F0CAB060DD_E8B508EE713F3EF29D1DBC3087DCE28B
          6.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\732A0BC7CB371A451EC221F0CAB060DD_E8B508EE713F3EF29D1DBC3087DCE28B
          6.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C0A2940265F71168687A5308976E57D_07E65452D4301ACB7FE093D91FCD3B4E
          6.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C0A2940265F71168687A5308976E57D_07E65452D4301ACB7FE093D91FCD3B4E
          8.9s C:\Windows\prefetch\BITTORRENT.EXE-10C41BB0.pf
         10.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3EA00B21555A8BE2B77F09AED14EE999
         10.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3EA00B21555A8BE2B77F09AED14EE999
         13.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\56A0A3A3949B202527ED7236F9F39B04
         13.9s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\56A0A3A3949B202527ED7236F9F39B04
         14.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753
         14.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_005284E085E122BD76B51F33745F7753
         14.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DD76941B08ECB69B450D4C1AE579DB94_F0D333245F84D6B42E90519CDF8F8CA0
         14.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DD76941B08ECB69B450D4C1AE579DB94_F0D333245F84D6B42E90519CDF8F8CA0
         14.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A01F56D5C247435A1C83CDFF1D1FC382_8771922EEB86472981DE3C7215F34975
         14.0s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A01F56D5C247435A1C83CDFF1D1FC382_8771922EEB86472981DE3C7215F34975
         15.2s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\63A9A88C44BE45C5328EEBAD47657F8C
         15.2s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\63A9A88C44BE45C5328EEBAD47657F8C
         15.2s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548
         15.2s C:\Users\Olivkittie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_42D518C245FE7F2F9F026AD6DD212548
         18.8s C:\Users\Olivkittie\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4101733155-2478866902-278870721-1001\1216650eb4fb7765a6ef3ff3731dc03e_6ee58b7e-ed73-40e8-9d2f-810cc0ff49cb
         21.9s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\helper_web_ui.btinstall
         22.0s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\dlimagecache\9B9C4DBE3268915A40292366D877CE09AFE4E143
         22.1s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\The Sims 4 [FitGirl Repack].torrent
         22.3s C:\Users\Olivkittie\AppData\Roaming\BitTorrent\dlimagecache\165F6EF40A81DD175FFAEA69E77ABFD30B27E71C

   C:\Users\Olivkittie\Downloads\BitTorrent.exe
      Size . . . . . . . : 5,118,672 bytes
      Age  . . . . . . . : 2.9 days (2022-02-16 17:55:37)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : A5765D95791EDD8B66E08E17DD9C18866A54EB2E0507F0DD766C611559D60BBD
      Product  . . . . . : BitTorrent
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : BitTorrent
      Version  . . . . . : 7.10.5.46193
      Copyright  . . . . : ©2020 BitTorrent, Inc. All Rights Reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Sophos . . . . . . : Generic Reputation PUA (PUA)
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
          0.0s C:\Users\Olivkittie\Downloads\BitTorrent.exe
          2.5s C:\ProgramData\Malwarebytes\MBAMService\RtpDetections\e39052a8-8f40-11ec-b2ba-04d4c4527b4d.json
         11.7s C:\ProgramData\Malwarebytes\MBAMService\RtpDetections\e9084cd6-8f40-11ec-bff7-04d4c4527b4d.json


Suspicious files ____________________________________________________________

   C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe
      Size . . . . . . . : 19,438,520 bytes
      Age  . . . . . . . : 1.1 days (2022-02-18 11:17:57)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : CC70ACC453B2BB1AF45380D9ED0D29DE151567BA7CD88A3EDB732F68D1F136AC
      Product  . . . . . : Spotify
      Publisher  . . . . : Spotify Ltd
      Description  . . . : Spotify
      Version  . . . . . : 1.1.79.763
      RSA Key Size . . . : 4096
      Desktop  . . . . . : Default
      Parent Name  . . . : C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe
      LanguageID . . . . : 0
      Authenticode . . . : Valid
      Running processes  : 20808, 31024, 31884, 31916, 32100, 26020
      Fuzzy  . . . . . . : 22.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         Program has a human-computer interface (GUI). This is typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKU\S-1-5-21-4101733155-2478866902-278870721-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Spotify
      References
         C:\Users\Olivkittie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
         C:\Users\Olivkittie\Desktop\Spotify.lnk
      Network Ports
         0.0.0.0:52412    
         0.0.0.0:57621    
         192.168.0.197:49780    35.186.224.47:443
         192.168.0.197:51764    104.199.65.124:4070
         192.168.0.197:51773    35.186.224.40:443
         192.168.0.197:60332    35.186.224.18:443
         192.168.0.197:64106    35.186.224.25:443
      Forensic Cluster
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\Apps\login.spa
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\Apps\xpui.spa
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\ar.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\cs.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\de.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\el.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\en-US.pak
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\en.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\es-419.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\es.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\fi.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\fr-CA.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\fr.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\he.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\hu.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\id.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\it.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\ja.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\ko.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\ms.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\nl.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\pl.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\pt-BR.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\ru.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\sv.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\th.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\tr.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\vi.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\zh-Hant.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\locales\zh-TW.mo
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\swiftshader\libEGL.dll
         -0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\swiftshader\libGLESv2.dll
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\Spotify.exe
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\SpotifyMigrator.exe
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\SpotifyStartupTask.exe
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\chrome_100_percent.pak
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\chrome_200_percent.pak
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\chrome_elf.dll
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\crash_reporter.cfg
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\d3dcompiler_47.dll
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\icudtl.dat
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\libEGL.dll
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\libGLESv2.dll
          0.0s C:\Users\Olivkittie\AppData\Roaming\Spotify\libcef.dll
          0.0s C:\Windows\prefetch\SPOTIFY_INSTALLER-1.1.79.763.-956B2FD0.pf
          0.3s C:\Users\Olivkittie\AppData\Roaming\Spotify\resources.pak
          0.3s C:\Users\Olivkittie\AppData\Roaming\Spotify\snapshot_blob.bin
          0.3s C:\Users\Olivkittie\AppData\Roaming\Spotify\v8_context_snapshot.bin
          0.3s C:\Users\Olivkittie\AppData\Roaming\Spotify\vk_swiftshader.dll
          0.3s C:\Users\Olivkittie\AppData\Roaming\Spotify\vk_swiftshader_icd.json
          0.3s C:\Users\Olivkittie\AppData\Roaming\Spotify\vulkan-1.dll
          1.2s C:\Users\Olivkittie\AppData\Local\Spotify\public.ldb\MANIFEST-000706
          1.2s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\blob_storage\ed81645e-f459-4148-94da-b76a06c2012e\
          1.6s C:\Users\Olivkittie\AppData\Local\Spotify\Users\1239433345-user\primary.ldb\MANIFEST-002837
          1.7s C:\Users\Olivkittie\AppData\Local\Temp\1c9dedc9-a34c-4781-8e58-73ec8a79cbeb.tmp
          1.8s C:\Users\Olivkittie\AppData\Local\Spotify\ct.pb
          1.8s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\cddd1bf628ef22aca3f87442b544ca5b50e9fe49\blob_storage\e1a54da2-9e4b-4ee7-a24e-c24efdbebaae\
          2.2s C:\Users\Olivkittie\AppData\Local\Spotify\Storage\b0\b0ff18cdc9859ba899d529661d5cd1d00fed9b9e.file
          3.4s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\Cache\Cache_Data\f_00052f
          3.5s C:\Users\Olivkittie\AppData\Local\Spotify\Storage\32\32d45529e2127032eb1fd1672b37b88457317334.file
          3.7s C:\Users\Olivkittie\AppData\Local\Spotify\Storage\55\5539be639933b4d506621fb675955e54bd4a922b.file
          4.0s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\Cache\Cache_Data\f_000530
          4.0s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\Cache\Cache_Data\f_000531
          4.2s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\Cache\Cache_Data\f_000532
          8.1s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\Cache\Cache_Data\f_000533
          8.9s C:\Users\Olivkittie\AppData\Local\Spotify\Browser\Code Cache\js\e3f1553ca09ee33b_0

   E:\Adobe everything\Adobe Media Encoder 2020\Adobe Media Encoder.exe
      Size . . . . . . . : 8,572,504 bytes
      Age  . . . . . . . : 184.2 days (2021-08-19 08:58:12)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8D12B0CACB22744A03040A774C7CB21F53E4E77898822D8384C05D1BE4335420
      Product  . . . . . : Adobe Media Encoder 2020
      Publisher  . . . . : Adobe
      Description  . . . : Adobe Media Encoder 2020
      Version  . . . . . : 14.6.0.42
      Copyright  . . . . : Copyright 2008-2020 Adobe. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2020.lnk
         C:\Users\Olivkittie\Desktop\Adobe Media Encoder 2020.lnk


Cookies _____________________________________________________________________

   C:\Users\Olivkittie\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Network\Cookies:track.opentrend.club
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:360yield.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:acuityplatform.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:addthis.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:adfarm1.adition.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:adform.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:adhigh.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:adnxs.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:ads.avct.cloud
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:ads.playground.xyz
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:ads.stickyadstv.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:adsby.bidtheatre.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:adsrvr.org
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:advertising.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:agkn.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:bidr.io
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:bidswitch.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:c.appier.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:casalemedia.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:contextweb.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:creative-serving.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:crwdcntrl.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:ctnsnet.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:demdex.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:dlx.addthis.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:doubleclick.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:dpm.demdex.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:erne.co
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:everesttech.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:imrworldwide.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:ipredictive.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:krxd.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:lijit.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:linksynergy.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:mathtag.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:mookie1.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:mxptint.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:openx.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:outbrain.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:owneriq.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:postrelease.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:pubmatic.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:rfihub.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:rlcdn.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:rubiconproject.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:scorecardresearch.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:simpli.fi
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:smartadserver.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:stats.paypal.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:sxp.smartclip.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:taboola.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:tapad.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:tribalfusion.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:turn.com
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:w55c.net
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:weborama.fr
   C:\Users\Olivkittie\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies:www.googleadservices.com
   C:\Users\Olivkittie\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:crwdcntrl.net
   C:\Users\Olivkittie\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:doubleclick.net
   C:\Users\Olivkittie\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies:scorecardresearch.com
   C:\Users\Olivkittie\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Y2ZUVZFX\ads.pubmatic[1].xml

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

 

[Broni]

Still with me?