Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Haleng.exe and other unknown programs [Closed]


  • This topic is locked This topic is locked

#1
magicclarp

magicclarp

    New Member

  • Member
  • Pip
  • 3 posts

Hello! I made the classic mistake of downloading a program that was not what it was labelled as - I needed to compile outlook .msg files to .pdf and was going faster than I should have. Immediately noticed that something was happening - a browser that I don't run opened by itself and files started moving - I manually shut off my computer, ran quite a few scans with windows defender offline & malwarebytes, and found 40+ suspicious files with MBAM. Malwarebytes keeps id'ing suspicious files in the registry (is this correct terminology?). I went away for 10 days, came back to start work today and noticed in the Startup apps that Haleng.exe was in there. I disabled it through the startup window. Perusing my appdata folders I also see quite a few folders that look questionable. I have ran FRST and the logs are attached below - I would really appreciate guidance! Thank you :)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by Clare (administrator) on DESKTOP-6N9P3LL (Micro-Star International Co., Ltd. MS-7C77) (20-07-2021 10:03:52)
Running from C:\Users\Clare\Desktop
Loaded Profiles: Clare & postgres
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(A-Volute SAS -> A-Volute) C:\Users\Clare\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(Bleeping Computer, LLC. -> Bleeping Computer, LLC) C:\Users\Clare\Downloads\rkill\rkill.exe
(Bleeping Computer, LLC. -> Bleeping Computer, LLC) C:\Users\Clare\Downloads\rkill\rkill64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\126.4.4618\QtWebEngineProcess.exe <2>
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
(G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.) C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\hid.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <51>
(GoPro Media, Inc. -> ) C:\Program Files\GoPro\Fusion Studio 1.3\GoProFusionDeviceDetection.exe
(GoPro.com) [File not signed] C:\Program Files\GoPro\GoPro Webcam\GoPro Webcam Service.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <4>
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe <2>
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Clare\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1022_none_7e372e9e7c6ecccb\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Novawave Inc. -> Novawave Inc.) C:\Program Files\Novawave\Novabench\NovabenchService.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_d610222ce397fb36\Display.NvContainer\NVDisplay.Container.exe <2>
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe <7>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe <2>
(Samsung Electronics Co., Ltd. -> Samsung Electronics) C:\Program Files (x86)\Samsung\Portable_SSD\SamsungPortableSSDMon_1.0.exe
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe <5>
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(TBT_DCH_DRV_PROD -> Intel Corporation) C:\Windows\ThunderboltService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\wdsync.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe <4>
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files\WD Desktop App\kdd.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe [1253232 2021-03-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-02] (Adobe Inc. -> )
HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81373696 2020-09-21] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8107808 2021-07-03] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296864 2021-06-26] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370032 2021-04-26] (EXPRSVPN LLC -> ExpressVPN)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288672 2021-05-21] (IDSA Production signing key 2021 -> Intel)
HKLM-x32\...\Run: [haleng] => C:\Users\Clare\AppData\Local\Temp\haleng.exe <==== ATTENTION
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-06-29] (Adobe Inc. -> Adobe Inc.)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe"
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2119040 2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5550304 2021-06-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-08] (Valve -> Valve Corporation)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-06-29] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Clare\AppData\Local\Microsoft\Teams\Update.exe [2454200 2021-06-25] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe [850288 2021-04-26] (EXPRSVPN LLC -> ExpressVPN)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\MountPoints2: {2fd8abe8-fae5-11ea-8afb-548d5acf3072} - "J:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [153600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1999655083-2781417840-3296171768-1002\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2119040 2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-05-27] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-29] (Google LLC -> Google LLC)
Startup: C:\Users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Luminar AI.lnk [2021-05-25]
ShortcutTarget: Luminar AI.lnk -> C:\Program Files\Skylum\Luminar AI\Luminar AI.exe (Skylum Software USA, Inc. -> Skylum)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EC5F87C-73DA-4155-A95E-A6DB3764BF02} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {138EB4A0-5A97-4924-AB66-AA66935132D3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {179323CC-D489-4761-A0D4-8988D2A86D91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {18D1091A-BAF3-47ED-A888-011F8B98236A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1CB47BF4-946D-409D-990E-AD70F387786C} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel® Trust Services -> Intel® Corporation)
Task: {2146C8E7-A988-47C2-AA9A-59A390DCB0C6} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3059280 2021-03-06] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {2D46B5B9-196A-4742-809D-2188F35DA765} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {3AF16123-A787-41CE-AC76-103471B30F2F} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3C4DF43B-E15B-4BFE-89D0-A8F63B3ED85C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4541312 2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CA513C3-138B-4FF0-8C7F-C1225C84C170} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FE01553-8B07-4D50-AD30-F82DD521CF7F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CFE2097-293B-4430-95F4-5479A7A68A61} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {5E72EB45-DA79-42C0-8400-9ED364FC404E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {6C6635C2-30C9-4CD5-AABB-9C9657084C11} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6EAD4DE7-F02F-4673-9E0E-EA8D218C8414} - System32\Tasks\Firefox Default Browser Agent 7C01E11AE2E6B2F3 => C:\Users\Clare\AppData\Roaming\dsiiuat.exe <==== ATTENTION
Task: {72EBA644-3BFA-46E2-BB33-AE58987F720E} - System32\Tasks\Samsung_PSSD_Registration_Plus => C:\Program Files (x86)\Samsung\Portable_SSD\SamsungPortableSSDMon_1.0.exe [868440 2020-02-28] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {746BCFD6-63FB-4CE8-AA41-760041C60951} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84A672C4-71B4-420E-A1E4-DCF35D555248} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {86FBF403-EE46-4FF7-8CD5-CEDE89FF076F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {8F57C261-CFD5-4751-91B4-8160F5DDD30E} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-16] (Piriform Software Ltd -> Piriform)
Task: {8FC5E32A-E8F8-401A-A68B-41B491380DB7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {915FF0F1-DAEC-4328-B2A8-B24910C4B8E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-19] (Google LLC -> Google LLC)
Task: {930984F8-D241-4E44-8CAD-B45EE3D7D4E1} - System32\Tasks\WD Device Agent Task clare => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [717824 2020-09-21] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {9784A6CC-83B8-4E2C-A817-D87902B75783} - System32\Tasks\WD Discovery Service Task clare => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [72704 2020-09-21] (Western Digital Technologies, Inc. -> )
Task: {A1A798F2-D7AE-417E-9404-0C7D63ADC750} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AD32DAB4-EB66-4E53-885E-3A8F89A2E840} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-19] (Google LLC -> Google LLC)
Task: {B2878EEE-00DB-43B8-A3A0-1F0542DD3862} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BB2D79C6-27D9-497B-80A8-30338A9EE411} - System32\Tasks\Restore Point Startup => powershell.exe -ExecutionPolicy Bypass -Command "Checkpoint-Computer -Description \"Restore Point Startup\" -RestorePointType \"MODIFY_SETTINGS\""
Task: {C1EC9347-669C-43AB-9C59-74D84882E163} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C849C166-1810-4DD8-AF1B-CC56D9EB5C77} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D9C0C220-755C-4D49-AE63-86DF955F7E72} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{9d2b74e6-17a5-4ad2-8ba4-053b05fd2337}: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{df5dd1e9-6934-4967-876b-8dc040cd70f2}: [NameServer] 10.148.0.1
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Clare\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-20]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-09-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-06-29] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-06-26] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-06-29] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Profile 13
CHR Profile: C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-15]
CHR Profile: C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13 [2021-07-20]
CHR DownloadDir: C:\Users\Clare\Desktop
CHR HomePage: Profile 13 -> hxxp://www.google.com/
CHR Extension: (Slides) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-07-13]
CHR Extension: (Google Drive) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-07-20]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-07-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-07-13]
CHR Extension: (Sheets) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-07-13]
CHR Extension: (Google Docs Offline) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-13]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-07-20]
CHR Extension: (Fakespot Fake Amazon Reviews and eBay Sellers) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\nakplnnackehceedgkgkokbgbmfghain [2021-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-13]
CHR Extension: (The Marvellous Suspender) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\noogafoofpebimajpfpamcfhoaifemoa [2021-07-20]
CHR Extension: (Chrome Media Router) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 13\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-13]
CHR Profile: C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15 [2021-07-20]
CHR Extension: (Slides) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-03]
CHR Extension: (Docs) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-03]
CHR Extension: (Google Drive) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-03]
CHR Extension: (YouTube) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-05-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-04-09]
CHR Extension: (Sheets) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-03]
CHR Extension: (Google Docs Offline) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-07]
CHR Extension: (Gmail) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\Clare\AppData\Local\Google\Chrome\User Data\Profile 15\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-10]
CHR Profile: C:\Users\Clare\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-06-29] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-10-21] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-07-03] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-07-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437104 2021-04-26] (EXPRSVPN LLC -> ExpressVPN)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncHelper.exe [3240296 2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
R2 GoPro Webcam Service; C:\Program Files\GoPro\GoPro Webcam\GoPro Webcam Service.exe [20480 2020-10-30] (GoPro.com) [File not signed]
R2 GoProFusionDeviceDetectionService; C:\Program Files\GoPro\Fusion Studio 1.3\GoProFusionDeviceDetection.exe [41872 2018-09-11] (GoPro Media, Inc. -> )
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [126880 2012-09-26] (Hewlett-Packard Company -> HP)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10752928 2021-06-29] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-05] (Malwarebytes Inc -> Malwarebytes)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1675376 2021-03-29] (A-Volute SAS -> Nahimic)
R2 NovabenchService; C:\Program Files\Novawave\Novabench\NovabenchService.exe [1229808 2020-08-30] (Novawave Inc. -> Novawave Inc.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.129.0627.0002\OneDriveUpdaterService.exe [3703144 2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-08-08] (PostgreSQL Global Development Group) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [520288 2021-01-22] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-20] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService3; C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe [83232 2019-06-26] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2020-10-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2020-10-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTransPro\ElevationService.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_d610222ce397fb36\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_d610222ce397fb36\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 pubgame-updater; C:\WINDOWS\PublicGaming\appsetup.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-09-12] (Microsoft Corporation) [File not signed]
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-04-26] (ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-01-18] (Express VPN International Ltd. -> ExpressVPN)
S3 GPU-Z-v2; C:\Users\Clare\AppData\Local\Temp\GPU-Z-v2.sys [50216 2021-07-07] (TechPowerUp LLC -> ) <==== ATTENTION
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-06-29] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [37200 2021-03-16] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [25928 2021-03-16] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66896 2021-03-16] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-05] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-22] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl3474a47d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F139277F-3292-45C6-A907-E528C9A0F4A9}\MpKslDrv.sys [107752 2021-07-20] (Microsoft Windows -> Microsoft Corporation)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85592 2020-01-17] (A-Volute -> Windows ® Win 7 DDK provider)
R3 NovabenchDriver; C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys [28216 2018-03-28] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-01-18] (ExprsVPN LLC -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-20] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-20] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-20 10:03 - 2021-07-20 10:03 - 002300416 _____ (Farbar) C:\Users\Clare\Desktop\FRST64 (1).exe
2021-07-20 10:03 - 2021-07-20 10:03 - 000000000 ____D C:\Users\Clare\Desktop\FRST-OlderVersion
2021-07-20 09:53 - 2021-07-20 09:54 - 000060830 _____ C:\Users\Clare\Desktop\Addition.txt
2021-07-20 09:52 - 2021-07-20 10:04 - 000040010 _____ C:\Users\Clare\Desktop\FRST.txt
2021-07-20 09:51 - 2021-07-20 10:04 - 000000000 ____D C:\FRST
2021-07-20 09:51 - 2021-07-20 09:51 - 000000000 ____D C:\Users\Clare\Downloads\FRST-OlderVersion
2021-07-20 09:22 - 2021-07-20 09:23 - 000001870 _____ C:\Users\Clare\Desktop\Rkill.txt
2021-07-20 09:22 - 2021-07-20 09:22 - 000841241 _____ C:\Users\Clare\Downloads\rkill.zip
2021-07-20 09:22 - 2021-07-20 09:22 - 000000000 ____D C:\Users\Clare\Downloads\rkill
2021-07-20 00:01 - 2021-07-20 00:01 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-07-15 13:26 - 2021-07-15 13:26 - 000000000 ____D C:\Users\Clare\AppData\Local\ElevatedDiagnostics
2021-07-15 12:39 - 2021-07-15 12:39 - 000090255 _____ C:\Users\Clare\Downloads\node-3476-49778 (1).zip
2021-07-15 12:34 - 2021-07-15 12:34 - 000090255 _____ C:\Users\Clare\Downloads\node-3476-49778.zip
2021-07-15 12:24 - 2021-07-15 12:25 - 000079364 _____ C:\Users\Clare\Downloads\Salary-Calculation-Sheet-and-Salary-Slip-Template-in-Excel.xlsm
2021-07-13 15:48 - 2021-07-13 15:48 - 000000000 ____D C:\Users\Clare\Documents\Messages
2021-07-08 11:51 - 2021-07-08 11:51 - 000000000 ____D C:\Users\Clare\AppData\Roaming\EasyAntiCheat
2021-07-08 11:50 - 2021-07-08 11:51 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2021-07-07 19:43 - 2021-07-07 19:43 - 035958288 _____ (Piriform Software Ltd) C:\Users\Clare\Downloads\ccsetup582 (1).exe
2021-07-07 19:35 - 2021-07-20 08:54 - 000000000 ____D C:\Program Files\CCleaner
2021-07-07 19:35 - 2021-07-07 19:35 - 035958288 _____ (Piriform Software Ltd) C:\Users\Clare\Downloads\ccsetup582.exe
2021-07-07 19:35 - 2021-07-07 19:35 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-07 19:35 - 2021-07-07 19:35 - 000002888 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-07-07 19:35 - 2021-07-07 19:35 - 000000872 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-07-07 15:03 - 2021-07-07 15:03 - 000140745 _____ C:\Users\Clare\Desktop\Gmail - djiuser_ql0dYocyvyWn,Thank you for your payment.pdf
2021-07-07 12:11 - 2021-07-07 12:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-07-05 16:23 - 2021-07-05 16:23 - 000000000 ____D C:\Users\Clare\AppData\Roaming\NVIDIA
2021-07-05 16:16 - 2021-07-05 16:16 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-07-05 16:16 - 2021-07-05 16:16 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-07-05 16:15 - 2021-06-21 01:43 - 000136472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-07-05 16:15 - 2021-06-21 01:43 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-07-05 16:03 - 2021-06-21 18:25 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-07-05 16:03 - 2021-06-21 18:25 - 001858680 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-07-05 16:03 - 2021-06-21 18:25 - 001474336 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-07-05 16:03 - 2021-06-21 18:25 - 001438824 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-07-05 16:03 - 2021-06-21 18:25 - 001438824 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-07-05 16:03 - 2021-06-21 18:25 - 001212192 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-07-05 16:03 - 2021-06-21 18:25 - 001097832 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-07-05 16:03 - 2021-06-21 18:25 - 001097832 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-07-05 16:03 - 2021-06-21 18:25 - 000951912 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-07-05 16:03 - 2021-06-21 18:25 - 000951912 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-07-05 16:03 - 2021-06-21 18:21 - 001519384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-07-05 16:03 - 2021-06-21 18:21 - 001170224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-07-05 16:03 - 2021-06-21 18:21 - 000715568 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-07-05 16:03 - 2021-06-21 18:21 - 000675088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-07-05 16:03 - 2021-06-21 18:21 - 000641328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-07-05 16:03 - 2021-06-21 18:21 - 000575792 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-07-05 16:03 - 2021-06-21 18:21 - 000563992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-07-05 16:03 - 2021-06-21 18:20 - 002111264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-07-05 16:03 - 2021-06-21 18:20 - 001594656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-07-05 16:03 - 2021-06-21 18:20 - 000917280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-07-05 16:03 - 2021-06-21 18:20 - 000748832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-07-05 16:03 - 2021-06-21 18:20 - 000704792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-07-05 16:03 - 2021-06-21 18:19 - 008852760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-07-05 16:03 - 2021-06-21 18:19 - 007918872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-07-05 16:03 - 2021-06-21 18:19 - 005678864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-07-05 16:03 - 2021-06-21 18:19 - 004986648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-07-05 16:03 - 2021-06-21 18:19 - 002924304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-07-05 16:03 - 2021-06-21 18:19 - 000446744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-07-05 16:03 - 2021-06-21 18:18 - 000848672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-07-05 16:03 - 2021-06-21 18:17 - 007279232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-07-05 16:03 - 2021-06-21 18:17 - 006215312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-07-05 16:03 - 2021-06-21 01:43 - 000082968 _____ C:\WINDOWS\system32\nvinfo.pb
2021-07-05 10:43 - 2021-07-05 10:43 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-07-03 03:58 - 2021-07-03 03:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-07-03 03:58 - 2021-07-03 03:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-07-03 03:58 - 2021-07-03 03:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-07-03 03:58 - 2021-07-03 03:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
2021-07-03 03:58 - 2021-07-03 03:58 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-07-02 15:37 - 2021-07-02 15:37 - 001474378 _____ C:\Users\Clare\Downloads\D-Log_Grading_Guide_EN.pdf
2021-07-01 18:29 - 2021-07-01 18:29 - 001973760 _____ C:\Users\Clare\Downloads\OBJECTS_MECHANICAL_Wind_Up_Pocket_Watch_8th_80_01.wav
2021-07-01 17:23 - 2021-07-01 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-07-01 17:22 - 2021-07-01 17:22 - 003517576 _____ C:\Users\Clare\Downloads\Stefano_Vita_Thankful_instrumental_0_12.wav
2021-06-23 15:22 - 2021-06-23 15:22 - 000163897 _____ C:\Users\Clare\Desktop\Amazon2.pdf
2021-06-23 15:21 - 2021-06-23 15:21 - 000165517 _____ C:\Users\Clare\Desktop\Amazon.pdf
2021-06-23 15:21 - 2021-06-23 15:21 - 000091838 _____ C:\Users\Clare\Desktop\Amazon1.pdf
2021-06-23 13:26 - 2021-06-23 13:26 - 002619174 _____ C:\Users\Clare\Downloads\Transfer.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-07-20 10:02 - 2021-02-09 01:02 - 000000000 ____D C:\Users\Clare\AppData\Local\LGHUB
2021-07-20 09:59 - 2020-09-19 20:24 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-20 09:52 - 2020-12-18 14:27 - 000000000 ____D C:\Program Files (x86)\Steam
2021-07-20 09:35 - 2020-09-19 19:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-20 09:12 - 2020-12-18 14:30 - 000000000 ____D C:\Users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-07-20 00:07 - 2020-09-19 18:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-07-20 00:01 - 2020-07-12 21:01 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-07-19 23:59 - 2020-09-19 20:55 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-19 23:58 - 2020-11-03 01:19 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-19 23:58 - 2020-09-19 19:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-19 23:58 - 2020-09-19 19:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-19 23:57 - 2021-06-09 13:47 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-07-19 23:57 - 2020-12-08 18:48 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-07-19 23:57 - 2020-08-28 17:20 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-19 23:57 - 2020-06-27 01:15 - 000000000 ___RD C:\Users\Clare\OneDrive
2021-07-15 13:33 - 2020-10-20 19:12 - 000000000 ____D C:\Users\Clare\AppData\Local\CrashDumps
2021-07-15 12:44 - 2021-02-09 01:02 - 000000000 ____D C:\Users\Clare\AppData\Roaming\LGHUB
2021-07-15 12:36 - 2021-04-02 17:07 - 000292067 _____ C:\Users\Clare\Downloads\c5256_1331652913719_eng.pdf
2021-07-15 12:22 - 2020-09-19 18:58 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-14 20:40 - 2021-05-11 19:59 - 000000000 ____D C:\Users\Clare\AppData\Roaming\obs-studio
2021-07-14 15:15 - 2020-09-19 20:24 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-14 15:15 - 2020-09-19 20:24 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-14 10:58 - 2020-10-26 15:09 - 000002112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-07-14 10:58 - 2020-09-19 19:51 - 000000000 ____D C:\WINDOWS\INF
2021-07-14 10:58 - 2020-08-30 13:01 - 000002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-07-13 15:57 - 2021-02-13 00:18 - 000000000 ____D C:\Users\Clare\AppData\Roaming\Luminar AI
2021-07-13 15:52 - 2021-06-18 18:52 - 000000032 _____ C:\Users\Clare\AppData\LocalLow\QuickTime.qtp
2021-07-11 17:03 - 2020-11-28 14:52 - 000000000 ____D C:\Users\Clare\Documents\Fax
2021-07-11 17:02 - 2020-10-21 10:57 - 000000000 ___RD C:\Users\Clare\Linwood Homes Dropbox
2021-07-10 19:16 - 2020-09-19 20:31 - 000000000 ___RD C:\Users\Clare\Creative Cloud Files
2021-07-10 19:15 - 2020-09-21 23:38 - 000000000 ____D C:\Users\Clare\AppData\Roaming\WD Discovery
2021-07-10 19:15 - 2020-09-21 23:38 - 000000000 ____D C:\Users\Clare\.wdc
2021-07-09 10:51 - 2020-09-19 19:09 - 000841126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-09 10:45 - 2020-09-19 19:52 - 000000000 ____D C:\WINDOWS\ServiceState
2021-07-09 10:45 - 2020-09-19 18:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-09 10:45 - 2020-06-27 02:03 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-09 10:35 - 2021-01-30 15:17 - 000000000 ____D C:\Users\postgres
2021-07-09 10:35 - 2020-09-19 19:49 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-07-09 10:35 - 2020-09-19 19:49 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-07-09 10:35 - 2020-09-19 19:00 - 000000000 ____D C:\Users\Clare
2021-07-08 19:25 - 2020-09-19 20:29 - 000000000 ____D C:\Users\Clare\AppData\Local\D3DSCache
2021-07-08 11:51 - 2020-09-19 20:28 - 000000000 ____D C:\ProgramData\Package Cache
2021-07-07 23:09 - 2020-10-23 15:35 - 000000000 ____D C:\Users\Clare\AppData\Roaming\vlc
2021-07-07 22:31 - 2020-09-19 19:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-07-07 22:18 - 2020-09-19 20:35 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-07-07 19:36 - 2021-03-12 15:28 - 000000000 ____D C:\Users\Clare\AppData\Roaming\Azureus
2021-07-07 19:36 - 2020-09-19 19:57 - 000000000 ____D C:\WINDOWS\Panther
2021-07-07 19:35 - 2020-06-27 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-07-07 12:11 - 2020-10-21 10:54 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-07-05 16:23 - 2020-09-20 01:18 - 000000000 ____D C:\Users\Clare\AppData\Local\NVIDIA
2021-07-05 16:16 - 2020-09-19 18:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-07-05 15:33 - 2020-09-19 20:55 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-07-05 15:33 - 2020-09-19 20:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-07-05 15:33 - 2020-09-19 19:08 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-07-05 10:43 - 2021-06-14 17:08 - 000002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-05 10:43 - 2021-06-14 17:08 - 000002030 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-07-02 09:33 - 2020-10-21 10:54 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-07-02 09:33 - 2020-10-21 10:54 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-07-01 17:23 - 2021-04-15 09:07 - 000000000 ____D C:\Program Files\LGHUB
2021-06-29 16:43 - 2020-09-19 20:28 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-06-29 16:43 - 2020-09-19 20:28 - 000000000 ____D C:\Program Files\Adobe
2021-06-29 16:43 - 2020-09-19 20:28 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-06-29 16:43 - 2020-07-12 21:01 - 000001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2021-06-29 16:07 - 2020-06-27 01:20 - 000002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-29 13:26 - 2020-11-03 01:18 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-29 13:26 - 2020-11-03 01:18 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-25 14:10 - 2021-04-22 11:33 - 000002377 _____ C:\Users\Clare\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-06-23 14:50 - 2020-10-21 10:54 - 000003998 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-06-23 14:50 - 2020-10-21 10:54 - 000003766 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-06-22 17:31 - 2021-06-14 17:08 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
 
==================== Files in the root of some directories ========
 
2020-10-23 23:49 - 2020-10-25 17:44 - 000001456 _____ () C:\Users\Clare\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-09-20 02:31 - 2020-09-20 02:31 - 000000000 _____ () C:\Users\Clare\AppData\Local\oobelibMkey.log
2020-10-23 23:29 - 2021-05-21 15:00 - 000007604 _____ () C:\Users\Clare\AppData\Local\Resmon.ResmonCfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by Clare (20-07-2021 10:04:38)
Running from C:\Users\Clare\Desktop
Windows 10 Pro Version 20H2 19042.1052 (X64) (2020-09-20 02:08:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1999655083-2781417840-3296171768-500 - Administrator - Disabled)
Clare (S-1-5-21-1999655083-2781417840-3296171768-1001 - Administrator - Enabled) => C:\Users\Clare
DefaultAccount (S-1-5-21-1999655083-2781417840-3296171768-503 - Limited - Disabled)
Guest (S-1-5-21-1999655083-2781417840-3296171768-501 - Limited - Enabled)
postgres (S-1-5-21-1999655083-2781417840-3296171768-1002 - Limited - Enabled) => C:\Users\postgres
WDAGUtilityAccount (S-1-5-21-1999655083-2781417840-3296171768-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20058 - Adobe Systems Incorporated)
Adobe Audition 2021 (HKLM-x32\...\AUDT_14_2) (Version: 14.2 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.5.0.617 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_3) (Version: 10.3 - Adobe Inc.)
Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_2) (Version: 15.2 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4_2) (Version: 22.4.2.242 - Adobe Inc.)
Adobe Prelude 2021 (HKLM-x32\...\PRLD_10_0) (Version: 10.0 - Adobe Inc.)
Adobe Premiere Pro 2021 (HKLM-x32\...\PPRO_15_2) (Version: 15.2 - Adobe Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Blackmagic RAW Common Components (HKLM\...\{60461BA6-AFA0-4D54-AFE1-54EC717AA7D9}) (Version: 1.8.2 - Blackmagic Design)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
DaVinci Resolve (HKLM\...\{47B30418-F683-4F19-BEF9-BA5E490154BF}) (Version: 16.2.8005 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
DJI GimbalAssistant version 2.5 (HKLM-x32\...\{E6CAD81A-4F4B-444C-B779-832C3B87E52E}_is1) (Version: 2.5 - DJI)
DJI Pro Assistant For Ronin version V2.0.2.6 (HKLM-x32\...\{BCF24ED7-E30E-4FC2-BFD7-956E867B36E6}_is1) (Version: V2.0.2.6 - DJI)
Documentation Manager (HKLM\...\{D3342FE3-FE64-42C6-81A6-4F5F9BCFC4A9}) (Version: 22.50.1.1 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 126.4.4618 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.485.1 - Dropbox, Inc.) Hidden
ENE RGB HAL (HKLM\...\{8DA1B230-D82E-4A24-9237-363E2E1E2695}) (Version: 1.0.21.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{bb670f8d-3d66-4f36-8e60-02b71bb0a4e9}) (Version: 1.0.21.0 - Ene Tech.) Hidden
EOS Webcam Utility (HKLM\...\{8D5BC29A-769E-4EBE-8ECD-7DF1A02A0563}) (Version: 1.1.4 - Canon U.S.A., Inc.)
ExpressVPN (HKLM-x32\...\{5d3e027b-a5ec-4990-a6a7-1930b77bfd6f}) (Version: 10.2.4.11 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876EDB83C}) (Version: 10.2.4.11 - ExpressVPN) Hidden
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{6C7FC3A1-DA64-4ACE-8F05-301CBECD5BE9}) (Version: 1.2.0.0 - Blackmagic Design)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
GoPro Fusion Studio 1.3 (HKLM\...\Fusion Studio 1.3) (Version: V1.3.0 - GoPro)
GoPro VR Player 3.0 (HKLM\...\GoPro VR Player 3.0) (Version: V3.0.5 - GoPro)
GoPro Webcam (HKLM\...\{AC12B3DA-A31B-4D2F-AFF2-229178CF6D03}) (Version: 1.0.0.324 - GoPro, Inc.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel Driver && Support Assistant (HKLM-x32\...\{C38DE4F8-DF58-4B5D-9D4C-1F68773A2AE2}) (Version: 21.3.21.5 - Intel) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000050-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.50.0.4 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{9360c8cc-b617-469a-bb35-829c13e21d97}) (Version: 21.3.21.5 - Intel)
Intel® Software Installer (HKLM-x32\...\{374c80b9-aad6-42d0-82d7-21cd45f9b5eb}) (Version: 22.50.1.1 - Intel Corporation) Hidden
iPhone Backup Extractor (HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\iPhone Backup Extractor) (Version: 7.7.32.4142 - Reincubate Ltd)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.7.91 - Logitech)
Luminar AI (HKLM\...\Luminar AI) (Version: 1.3.0.8059 - Skylum)
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
MediaInfo 21.03 (HKLM\...\MediaInfo) (Version: 21.03 - MediaArea.net)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.70 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\Teams) (Version: 1.4.00.16575 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
Novabench (HKLM\...\{518479D5-B34D-48E5-938B-2FB01B855FFD}) (Version: 4.0.8 - Novawave Inc.)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
PostgreSQL 9.5  (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
ProRes RAW for Windows (HKLM\...\{40AD0C07-5CB6-4441-9727-9C417E19D061}) (Version: 1.3 - Apple)
QuickTime Alternative 1.81 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 1.81 - )
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.3.0.330 - Samsung Electronics)
Samsung Portable SSD Software 1.0 (HKLM-x32\...\SamsungPortableSSD_1.0_is1) (Version: 1.7.2.4 - Samsung Electronics)
SIGMA Optimization Pro (HKLM-x32\...\{A75A7BEA-7A33-46FF-A2CD-3B0AF8023903}) (Version: 1.6.0.13 - SIGMA CORPORATION)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SysTools MSG Converter v7.0 (HKLM-x32\...\{0B14A2F9-CC7E-4A3B-8697-23BD04B50868}_is1) (Version:  - SysTools Software Pvt. Ltd.)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version:  - TechPowerUp)
Teekesselchen version 1.8 (HKLM-x32\...\{E20A5744-5ECD-49C5-8102-10CB0027DFCB}_is1) (Version: 1.8 - Michael Bungenstock)
Trident Z Lighting Control (HKLM-x32\...\{97CD7AFC-0ED3-41B8-9CCD-22717E8631D0}_is1) (Version: 1.00.18 - ENG)
Unigine Superposition Benchmark 1.1 (HKLM\...\Superposition_is1) (Version: 1.1 - UNIGINE)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.7.0 - Azureus Software, Inc.)
WD Desktop App 2.1.0.313 (HKLM-x32\...\{756e70ec-1fb0-41c8-896b-df0302d17bff}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.313 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.313 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.1.270 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
Windows Driver Package - Canon U.S.A., Inc. (WUDFRd) Camera  (10/08/2020 12.33.19.728) (HKLM\...\45FEB4F1B965D5CBFE7F81E714112E1F1ABDB5FF) (Version: 10/08/2020 12.33.19.728 - Canon U.S.A., Inc.)
Windows Driver Package - GoPro Net  (06/22/2020 1.1.0003.00003) (HKLM\...\17411F1BD1347D4040FDD96F68B2C128BD3F7191) (Version: 06/22/2020 1.1.0003.00003 - GoPro)
WinRAR 6.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.1 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-10-26] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-09-19] (Adobe Systems Incorporated)
GoPro Player -> C:\Program Files\WindowsApps\GoPro.GoProPlayer_1.1.2.0_x64__1h9vz9xjm6b8c [2020-12-15] (GoPro)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt [2021-06-10] (INTEL CORP) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-10] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-05] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-11-13] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.245.0_x64__dt26b99r8h8gj [2021-05-03] (Realtek Semiconductor Corp)
Thunderbolt™ Control Center -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.31.0_x64__8j3eq9eme6ctt [2021-05-05] (INTEL CORP)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-80DAC9D47DF7} -> [Creative Cloud Files] => C:\Users\Clare\Creative Cloud Files [2020-09-19 20:31]
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Clare\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{444c3d34-4024-4c6f-a9da-b47eed58ceb6}\localserver32 -> C:\Program Files\Skylum\Luminar AI\Luminar AI.exe (Skylum Software USA, Inc. -> Skylum)
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Clare\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [Linwood Homes Dropbox] => C:\Users\Clare\Linwood Homes Dropbox [2020-10-21 10:57]
CustomCLSID: HKU\S-1-5-21-1999655083-2781417840-3296171768-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
SSODL: WDFSMountNotificator-wdfsconnect2017 - {E421AB2C-F806-4350-B4FC-A2E287FC4B89} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {E421AB2C-F806-4350-B4FC-A2E287FC4B89} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {E421AB2C-F806-4350-B4FC-A2E287FC4B89} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {E421AB2C-F806-4350-B4FC-A2E287FC4B89} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-10] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [    OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [    OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-10] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-27] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-03-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-03-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [WDDesktopContextMenu] -> {fa00ba41-b6f6-3cfa-a300-f25ce175fe7e} => C:\Program Files\WD Desktop App\kda.DLL [2020-07-20] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.129.0627.0002\FileSyncShell64.dll [2021-07-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispsi.inf_amd64_d610222ce397fb36\nvshext.dll [2021-06-21] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-10] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-27] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-03-10] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-03-10] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ff13ca23fee04978\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\f64d3603c29a95a7\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 15"
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d755e1040e5d38ac\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 8"
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9c5f1dad405065f1\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 12"
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\603d61d7b578f489\Person 1 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 11"
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48640f2b07fd73ea\Fakespot Fake Amazon Reviews and eBay Sellers.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 6" --app-id=nakplnnackehceedgkgkokbgbmfghain
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2b054a3d8e89c41e\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 13"
ShortcutWithArgument: C:\Users\Clare\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
 
==================== Loaded Modules (Whitelisted) =============
 
2021-07-01 17:23 - 2021-06-29 17:21 - 000634880 _____ () [File not signed] \\?\C:\Program Files\LGHUB\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2021-04-22 08:31 - 2021-04-22 08:31 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2020-09-21 23:39 - 2020-09-21 23:39 - 001987072 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll
2020-09-21 23:39 - 2020-09-21 23:39 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libegl.dll
2020-09-21 23:39 - 2020-09-21 23:39 - 002250240 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libglesv2.dll
2021-01-30 15:17 - 2016-08-08 22:13 - 000183296 _____ () [File not signed] C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2021-01-30 15:17 - 2016-07-27 01:08 - 002264576 _____ () [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2020-07-20 23:28 - 2020-07-20 23:28 - 002637985 _____ () [File not signed] C:\Program Files\WD Desktop App\libfusewdfs.dll
2021-01-30 15:17 - 2015-08-26 01:40 - 001687930 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libiconv-2.dll
2021-01-30 15:17 - 2015-08-26 01:40 - 000685350 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libintl-8.dll
2020-10-30 03:21 - 2020-10-30 03:21 - 004576256 _____ (GoPro.com) [File not signed] C:\Program Files\GoPro\GoPro Webcam\GoProWebcam.dll
2021-05-09 12:39 - 2021-05-09 12:39 - 042557440 _____ (Intel Corporation) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\IGCC.dll
2021-05-21 08:12 - 2021-05-21 08:12 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-01-30 15:17 - 2016-05-04 23:35 - 001655808 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\LIBEAY32.dll
2021-01-30 15:17 - 2016-05-04 23:35 - 000349696 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\SSLEAY32.dll
2020-09-21 23:38 - 2017-11-10 12:51 - 000180224 _____ (Western Digital Technologies, Inc.) [File not signed] C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: No Name -> {E421AB2C-F806-4350-B4FC-A2E287FC4B89}' -> No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: No Name -> {E421AB2C-F806-4350-B4FC-A2E287FC4B89}' -> No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-09-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-09-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2020-09-19 19:52 - 2021-06-14 16:34 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2020-12-19 19:43 - 2020-12-19 19:43 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\Control Panel\Desktop\\Wallpaper -> c:\users\clare\linwood homes dropbox\content\clare\photo\random drone\20201005-dji_0210.jpg
HKU\S-1-5-21-1999655083-2781417840-3296171768-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254 - 75.153.171.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "AdBlocker Ultimate"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "haleng"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6E08AF0D-BAB2-42BF-92D7-09836379235D}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{16BC29F8-4DD5-45B3-9ED8-C722FB989ED8}] => (Allow) C:\Program Files (x86)\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{867DAE5B-18CF-4494-BE4F-FE38FFE8A15B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BBE34F2C-44FD-475F-85F0-44CF1B68EF1F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{BDAC79CC-E2E6-4453-903A-3F1BEA0E8AEA}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{E7A5FD12-D60E-4E7C-AF39-B653AF6765A2}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{B7181859-1FF3-42CA-8F6B-769ED056E142}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{444E4F55-C466-4826-B561-14AD35126727}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{EF0EA758-68B5-4D46-9623-C11B9AB7DF41}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{6B4CFD40-BEF5-43C1-9451-8622AD48CF5D}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{8287D9CD-CC3C-4380-94FA-E7CFFE83F808}C:\program files (x86)\blackmagic design\fairlight panels\panel setup utility\fairlight panel setup.exe] => (Block) C:\program files (x86)\blackmagic design\fairlight panels\panel setup utility\fairlight panel setup.exe (Blackmagic Design) [File not signed]
FirewallRules: [UDP Query User{B42D4E9E-C61C-447B-B698-9596A84EE55D}C:\program files (x86)\blackmagic design\fairlight panels\panel setup utility\fairlight panel setup.exe] => (Block) C:\program files (x86)\blackmagic design\fairlight panels\panel setup utility\fairlight panel setup.exe (Blackmagic Design) [File not signed]
FirewallRules: [TCP Query User{0EB84256-2402-466D-8B65-96FDDBF00D32}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{C6D13EF6-6F4D-43E0-BB4D-3FFD6C1D9868}C:\program files\itunes\itunes.exe] => (Block) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C248B051-79FE-49ED-A415-77E9039D374C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{06168FC6-8255-4325-9C34-526AFB9420E9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{7D7CD106-F913-4094-9443-D6DA34161910}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{3E865902-2CED-4A09-9C26-9F6B40D306C5}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{A4459940-71BD-440B-82DE-080F782138B9}] => (Allow) C:\Program Files (x86)\GoPro\GoPro Webcam\GoPro Webcam.exe (GoPro Media, Inc. (GoPro Inc.) -> GoPro.com)
FirewallRules: [{EFAFF484-F489-40A1-8E0D-33FB1B991808}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3ADD7F35-633E-4BC9-93B1-AEC75C67AEB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{27F77DC9-C647-432F-BDE0-E9317C8B3E13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{045F6657-6134-4E5E-94EC-F14BC902D3C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{FC48BE2D-FFC2-42E6-955E-E203E8EAD60B}C:\users\clare\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\clare\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{16D72CCB-5479-4C25-8605-61AA33561FCD}C:\users\clare\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\clare\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{46D11A26-1642-484D-8013-575BD82AA35F}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{D59BE58D-6585-483B-863F-A2B1A536F09F}] => (Allow) C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [TCP Query User{711B23CF-B4F0-42E7-8A57-E22839BCB862}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [UDP Query User{C3517DD9-7937-4281-9FA8-A74ACCE0CFAE}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe (Azureus Software, Inc. -> Azureus Software, Inc)
FirewallRules: [{BC90B9C2-8265-42B5-94F0-03607243A4F2}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A84A32F6-8770-4F01-BA48-A760FAE67E72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E2BA44DD-3C7D-47E8-B90F-D081665D0284}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21BE861D-3086-4234-86CF-CF8208A8E962}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68713735-B11D-4B7E-A422-BD8441378454}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E6AA2E79-744D-4192-84FE-B3078E861ECF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{E5B8BA3B-EA44-41B3-8DD8-38D4E7BEAD3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{239EDC11-B5FF-4726-93EE-9203EA8E8640}C:\users\clare\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\clare\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B82B82C7-F7EE-419C-B391-456A853751A8}C:\users\clare\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\clare\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7F685A6F-23F7-4988-98E9-55669694677A}] => (Block) C:\users\clare\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{654B4198-6B2B-4375-8CCF-472098F901C7}] => (Block) C:\users\clare\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33C81E7E-0BDA-4138-AD12-CB22D0EB3C79}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{45ABC452-BF69-4212-A03E-0794D38922BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E24A5145-B301-4345-9A29-B8D6464D6A8D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D7B800F1-B12B-4DEA-BA3E-0A302335AFE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B8880D27-F72D-4008-B055-6CD52FA46716}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{92CAECA8-7486-48BB-AE0A-D391959ED13B}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
 
==================== Restore Points =========================
 
02-07-2021 09:33:56 Restore Point Startup
05-07-2021 15:43:18 Restore Point Startup
05-07-2021 16:03:10 Restore Point Startup
07-07-2021 19:25:17 Restore Point Startup
09-07-2021 10:45:19 Restore Point Startup
 
==================== Faulty Device Manager Devices ============
 
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/20/2021 09:11:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.1023 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 66b8
 
Start Time: 01d77d359d6f9bd9
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: 232609c6-07e2-4278-8872-981f5193da61
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Cross-process
 
Error: (07/15/2021 01:33:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.1023, time stamp: 0x4aa1ce82
Faulting module name: msvcrt.dll, version: 7.0.19041.546, time stamp: 0x564f9f39
Exception code: 0x40000015
Fault offset: 0x000000000000ae22
Faulting process id: 0x33d8
Faulting application start time: 0x01d779b471832df0
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\msvcrt.dll
Report Id: b7549718-173c-413f-8213-bdf07f026884
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (07/10/2021 07:16:06 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (07/10/2021 07:16:06 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (07/10/2021 07:16:06 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) The handle is invalid.
 
Error: (07/10/2021 07:16:06 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (07/10/2021 07:16:02 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (07/10/2021 07:15:45 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DESKTOP-6N9P3LL)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
 
System errors:
=============
Error: (07/20/2021 10:04:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (07/20/2021 09:39:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (07/20/2021 09:37:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (07/20/2021 09:37:17 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (07/20/2021 09:35:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (07/20/2021 09:29:08 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (07/20/2021 09:27:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (07/20/2021 09:27:08 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-07-08 21:25:07
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-07 20:29:30
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-05 09:33:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-04 09:33:49
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-03 09:33:46
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-07-07 20:28:54
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.582.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80080005
Error description: Server execution failed 
 
Date: 2021-07-05 09:47:51
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.373.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80080005
Error description: Server execution failed 
 
Date: 2021-07-04 09:47:49
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.203.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80080005
Error description: Server execution failed 
 
Date: 2021-07-03 09:43:47
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.203.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80070057
Error description: The parameter is incorrect. 
 
Date: 2021-07-02 09:43:47
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.203.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80070057
Error description: The parameter is incorrect. 
 
CodeIntegrity:
===============
Date: 2021-07-20 09:56:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-07-20 09:50:46
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.10 05/15/2020
Motherboard: Micro-Star International Co., Ltd. MEG Z490I UNIFY (MS-7C77)
Processor: Intel® Core™ i7-10700 CPU @ 2.90GHz
Percentage of memory in use: 41%
Total physical RAM: 32689.56 MB
Available physical RAM: 19102.2 MB
Total Virtual: 53169.56 MB
Available Virtual: 33522.23 MB
 
==================== Drives ================================
 
Drive c: (Local SSD) (Fixed) (Total:930.9 GB) (Free:352.9 GB) NTFS
Drive d: (T7) (Fixed) (Total:1862.96 GB) (Free:604.62 GB) exFAT
Drive e: (UNTITLED) (Fixed) (Total:4657.11 GB) (Free:2505.13 GB) exFAT
Drive f: (HDD) (Fixed) (Total:1863 GB) (Free:1015.19 GB) NTFS
Drive g: (My Passport) (Fixed) (Total:931.46 GB) (Free:189.99 GB) exFAT
Drive j: (EOS_DIGITAL) (Removable) (Total:119.21 GB) (Free:93.37 GB) exFAT
Drive z: (NVME) (Fixed) (Total:931.48 GB) (Free:353.62 GB) exFAT
 
\\?\Volume{52c0c4ef-d786-417c-b512-5e738697f8b2}\ () (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{b78a4974-6b25-49de-a5ee-e0c9bc01a141}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{693f2344-6ef0-4a9b-9a97-e70a5ef5f4a5}\ (EFI) (Fixed) (Total:0.19 GB) (Free:0.19 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 17C5BD9B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 3 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 4 (Size: 4657.5 GB) (Disk ID: 506C5EA7)
 
Partition: GPT.
 
==========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==========================================================
Disk: 8 (Size: 119.2 GB) (Disk ID: C4E5C6AC)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements


#2
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, magicclarp.

 

(How would you like to call you? )

Welcome to GTG Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

================================

 

I'm currently reviewing your logs and will be back to you as soon as I am ready.


  • 0

#3
magicclarp

magicclarp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thank you! Take as much time as you need. Clare is fine :) 


  • 0

#4
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts
Hi, Clare. :)
 
For your information Haleng.exe is a trojan.
 

I made the classic mistake of downloading a program that was not what it was labelled as - I needed to compile outlook .msg files to .pdf and was going faster than I should have.

 
Actually this is a major mistake. Downloading programs from untrusted sites or trying to download a payed version of a program for free, aren't safe computing practices.
 
 
Here are my first comments/instructions regarding your logs:
 
 
1. Uninstall not legally activated programs
 
Having not legally activated programs installed is the best and easiest way yo infect your computer. There are some programs which seem to me as such. Please uninstall them all and then continue to the next step.
 
 
2. 15 Chrome profiles?
 
Please delete any profile and associated shortcut related to Chrome that you dont use. Leave what you need/use.
 
 
3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\StartupApproved\Run32: => "haleng"
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} =>
BHO: No Name -> {E421AB2C-F806-4350-B4FC-A2E287FC4B89}' -> No File
BHO-x32: No Name -> {E421AB2C-F806-4350-B4FC-A2E287FC4B89}' -> No File
HKLM-x32\...\Run: [haleng] => C:\Users\Clare\AppData\Local\Temp\haleng.exe <==== ATTENTION
HKU\S-1-5-21-1999655083-2781417840-3296171768-1001\...\MountPoints2: {2fd8abe8-fae5-11ea-8afb-548d5acf3072} - "J:\WD Drive Unlock.exe" autoplay=true
Task: {6EAD4DE7-F02F-4673-9E0E-EA8D218C8414} - System32\Tasks\Firefox Default Browser Agent 7C01E11AE2E6B2F3 => C:\Users\Clare\AppData\Roaming\dsiiuat.exe <==== ATTENTION
Task: {BB2D79C6-27D9-497B-80A8-30338A9EE411} - System32\Tasks\Restore Point Startup => powershell.exe -ExecutionPolicy Bypass -Command "Checkpoint-Computer -Description \"Restore Point Startup\" -RestorePointType \"MODIFY_SETTINGS\""
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTransPro\ElevationService.exe [X]
S2 pubgame-updater; C:\WINDOWS\PublicGaming\appsetup.exe [X] <==== ATTENTION
C:\Users\Clare\Desktop\Rkill.txt
C:\Users\Clare\Downloads\rkill.zip
C:\Users\Clare\Downloads\rkill
C:\Users\Clare\AppData\Local\Temp\haleng.exe
C:\Users\Clare\AppData\Roaming\dsiiuat.exe
C:\Program Files (x86)\Wondershare
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
3. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
 
4. Run Malwarebytes (Scan mode)
  • Open Malwarebytes you have already installed in your computer.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.Under the title Windows Security Center (Premium only) the option is NOT checked.Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.
 
In your next reply, please post:
  • Which programs you uninstalled
  • If everything went fine with Chrome profiles management
  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#5
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, Clare.

 

Do you need any help regarding the above?


  • 0

#6
magicclarp

magicclarp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi, Clare.

 

Do you need any help regarding the above?

 

I'm so sorry! There's some IRL stuff going on in my life that has priority over computer problems at the moment. I know the policy is 3 days so if you want to lock this thread I understand! I will be able to reply more in-depth on Monday likely if you want to leave this open for now. Thanks again for your help and no worries if you lock this, I get it's policy. Happy weekend! 


  • 0

#7
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts

Hi, Clare.

 

Real life always comes first. Of course I will leave the thread open. Thanks you let me know. 

 

Have a nice weekend and take care. :)


  • 0

#8
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,150 posts
Hello.
 
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).
 
This applies only to the original topic starter. Everyone else please begin a New Topic.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP