Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware infected pc [Closed]

Started by LuckyJohn , Sep 16 2021 09:02 PM

  • This topic is locked This topic is locked

#1
LuckyJohn
Posted 16 September 2021 - 09:02 PM

LuckyJohn

    New Member

  • Member
  • Pip
  • 2 posts

Hi,

 

I was hoping someone could help me out I'm pretty sure my pc is infected I've tried remedying using 6 or 7 different notable anti malware programs. Each program has been able to detect something and remove it. Frequent crashes and performance issues persist even after each antivirus software removed malware and remnants. I'm sure that this happened while torrenting. I've noticed suspicious processes running and using a sizable portion of my resources while gaming. when I open task manager or any other monitoring tool resource utilization seems to settle as my fans rpm will decrease aggressively afterwards. I have attached a copy of Farbar Txt file. 

 

Any help is appreciated,

thanks.

 

                                           ----------------------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by kjeff (administrator) on DESKTOP-UF1CQQ5 (16-09-2021 15:24:16)
Running from G:\
Loaded Profiles: kjeff
Platform: Windows 10 Pro Version 21H1 19043.1202 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\11.0.0.4854\AdskLicensingService\AdskLicensingService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Comodo Security Solutions, Inc. -> COMODO) C:\Program Files (x86)\Comodo\COMODO Secure Shopping\csssrv64.exe
(Comodo Security Solutions, Inc. -> Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(d7xTech, Inc -> d7xTech, Inc.) C:\Users\kjeff\Desktop\KillEmAll Mini.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\CommService.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\eppwsc.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(IObit CO., LTD -> IObit) C:\Users\kjeff\AppData\Local\Temp\IMF8_BigUpgrade\IMFBigUpgrade1.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Users\kjeff\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe <2>
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookInst64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(X-Rite Incorporated -> X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
Failed to access process -> ADPClientService.exe
Failed to access process -> SDUpdate.exe
Failed to access process -> SDUpdate.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools\MMERefresh.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-07-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [339512 2021-08-04] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.158.0\AdAwareTray.exe [4882168 2021-06-23] (Adaware Software (Lavasoft Software Canada Inc.) -> )
HKLM\...\Run: [vdcss] => C:\Program Files (x86)\COMODO\COMODO Secure Shopping\vdcss.exe [10140904 2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
HKLM\...\Run: [emsisoft anti-malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9286160 2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8091424 2021-09-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [668376 2021-05-10] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\ProgramData\Autodesk\Genuine Service\x64\GenuineService.exe [2483552 2021-01-08] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Glorious Core] => C:\Program Files (x86)\Glorious Core\Glorious Core\Glorious Core.exe [93626368 2021-07-23] (GitHub, Inc.) [File not signed]
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [326152 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZANG] => C:\Program Files (x86)\CheckPoint\ZANG\UI\UI_Main.exe [702080 2021-06-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6932176 2021-08-27] (IObit CO., LTD -> IObit)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [Discord] => C:\Users\kjeff\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [EpicGamesLauncher] => "E:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [Haste] => C:\Program Files\Haste\Haste.exe [5497032 2021-06-21] (Thalonet, Inc. -> Thalonet, Inc. dba Haste)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [4282600 2021-09-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [Substance Launcher] => "E:\Program Files\Allegorithmic\Substance Launcher\Substance Launcher.exe"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [YandexDisk2] => C:\Users\kjeff\AppData\Roaming\Yandex\YandexDisk2\3.1.20.3664\YandexDisk2.exe -autostart
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3145920 2021-08-19] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [WallpaperEngine] => E:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2652832 2021-06-25] (Skutta, Kristjan -> )
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [com.squirrel.splice.Splice] => C:\Users\kjeff\AppData\Local\splice\app-3.7.24713\Splice.exe [83318784 2021-09-07] (Splice) [File not signed]
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [wtfast Tray] => C:\Program Files (x86)\wtfast\wtfast.exe [7725872 2020-05-15] (WTFast (AAA Internet Publishing Inc.) -> AAA Internet Publishing Inc.)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [1Password] => C:\Users\kjeff\AppData\Local\1Password\app\7\1Password.exe [5282456 2021-09-15] (AgileBits Inc. -> AgileBits Inc.)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11224432 2021-08-19] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Run: [Opera Browser Assistant] => C:\Users\kjeff\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4091600 2021-09-13] (Opera Software AS -> Opera Software)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3519608 2021-07-25] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Print\Monitors\Win2PDF Port: C:\Windows\system32\win2pdfm7.dll [98320 2020-01-11] (Dane Prairie Systems, LLC -> Dane Prairie Systems, LLC - hxxp://www.win2pdf.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2016-02-17] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AudientAppLauncher Autostart.lnk [2021-08-18]
ShortcutTarget: AudientAppLauncher Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\W10_x64\AudientAppLauncher.exe (Thesycon Software Solutions GmbH & Co. KG -> Audient)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2021-08-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toon Boom Harmony Network Connections.lnk [2021-07-22]
ShortcutTarget: Toon Boom Harmony Network Connections.lnk -> C:\Program Files (x86)\Toon Boom Animation\Toon Boom Harmony 20 Premium\win32\bin\Toon Boom Harmony Network Connections.exe (Toon Boom Animation Inc -> )
Startup: C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-06-29]
ShortcutTarget: MEGAsync.lnk -> C:\Users\kjeff\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-881886857-835413342-2016909866-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FE01E19-25F0-4EBB-97AE-8B9281F59F97} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65448 2021-05-31] (Microsoft Corporation -> Microsoft)
Task: {152767CF-78AF-4E5E-8B77-3DC98E7F8745} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-881886857-835413342-2016909866-1001 => C:\Users\kjeff\AppData\Local\MEGAsync\MEGAupdater.exe [1820848 2021-05-12] (Mega Limited -> Mega Limited)
Task: {17721FE1-29E2-49E4-A40A-23F55AFFD42B} - System32\Tasks\CheckPointUpdateTaskMachineCore => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2021-08-26] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {17DFFA68-2DB3-4C06-AB35-D8EDE4CC3F22} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {19C3AD9E-C0A7-4429-A758-8AF1CB9AB0C7} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {22AC0833-1E76-4C6D-B039-A5118A5F61A8} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1509424 2020-03-31] (ASUSTeK Computer Inc. -> )
Task: {2696C832-D255-42F2-8036-C773908725A3} - System32\Tasks\Opera scheduled assistant Autoupdate 1631745798 => C:\Users\kjeff\AppData\Local\Programs\Opera\launcher.exe [42724048 2021-09-13] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\kjeff\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {30AFB461-159B-49F4-92FF-D45D0B6219F0} - System32\Tasks\Kill JDownloader => C:\Users\kjeff\Documents\Scripts\JDownloader_Kill.bat [32 2021-07-12] () [File not signed]
Task: {3497E6EC-698A-44D0-A876-8E0A885B92C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3994F878-8DDC-40ED-B72B-0515EE8279DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {3EC38FF8-A16C-4CA9-9BE1-F611FCBB949D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {45595CB1-9FE0-4323-999D-96BE426C5F56} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {459B788B-BF19-4C36-993A-63CB8BCE54B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4726D87B-95A3-430A-8A72-785F6E98140A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-22] (Google LLC -> Google LLC)
Task: {4907C348-982C-4C08-8286-738EC4216481} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {504AA91B-0C86-4C5F-9929-82E666C8BE23} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\kjeff\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: {57FC03B0-8D77-443E-BCEB-E54562553BD5} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2020-10-12] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {5FC6A88D-373C-4C06-A456-70237795FAB7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {64004491-B976-49E3-8E26-0BE138BBA2B6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {65DC703C-E00A-488D-B853-6CEFEAAF4A11} - System32\Tasks\IMF_SkipUAC_kjeff => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6932176 2021-08-27] (IObit CO., LTD -> IObit)
Task: {661124D8-412F-4422-8CE7-B104CDF20CD0} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2115632 2020-10-22] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {68F3E5F9-BCFC-41EE-B590-EBFAF4A44657} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1469288 2020-10-19] (ASUSTeK Computer Inc. -> )
Task: {6AABE99B-271F-4477-9357-CE0B3D1B5FA3} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [31656 2019-01-24] (X-Rite Incorporated -> X-Rite Inc.)
Task: {6EF1F50F-8E71-43D8-B3E8-57F8653B8EDF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-881886857-835413342-2016909866-1001 => C:\Users\kjeff\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {7545A23D-0924-48C4-B10E-807773E3315F} - System32\Tasks\SUPERAntiSpyware Scheduled Task c0c5032c-90cd-4cc3-b268-6bd5debf4856 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:c0c5032c-90cd-4cc3-b268-6bd5debf4856
Task: {7DE040C3-B31B-4AED-BA74-30CAA3637190} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80775E9D-0570-4855-865B-C46415177275} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {80C11BF4-FB45-47BD-8961-4F2FE7FF3537} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {95797D06-DC33-4521-8462-78C13D329555} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {97621CA9-3683-4E48-B031-74912D85AC0A} - System32\Tasks\WpsUpdateTask_kjeff => C:\Users\kjeff\AppData\Local\Kingsoft\WPS Office\11.2.0.10296\office6\wpsupdate.exe [166600 2021-09-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {9D9B959D-0082-4831-8EED-F1CEE1F3D286} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B044F3A5-CBC1-4929-BE19-E84EE11DBAD3} - System32\Tasks\SUPERAntiSpyware Scheduled Task 96bbc763-d277-4bed-b479-c904faeb193f => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:96bbc763-d277-4bed-b479-c904faeb193f
Task: {B44AAB59-EB55-4ECE-8BB3-28D4267513DD} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
Task: {CA609FDE-2647-4B35-BEE5-A359AE6E3CC8} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CB5FC06E-4EF2-49BD-ADB0-9A4C6709499C} - System32\Tasks\WpsExternal_kjeff_20210910203048 => C:\Users\kjeff\AppData\Local\Kingsoft\WPS Office\11.2.0.10296\office6\wpscloudsvr.exe [1057480 2021-09-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {CC71B440-3F7D-4EDC-90A8-E768ABA095F6} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Spybot Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [9469648 2021-04-29] (Safer-Networking Ltd. -> )
Task: {D3FB4D85-E96C-41D5-8D25-8CADCE78A55F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\kjeff\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: {D7688983-F041-43FA-8E2F-FEF271CCB48C} - System32\Tasks\CheckPointUpdateTaskMachineUA => C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2021-08-26] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
Task: {DBB1C0FA-FF78-4E00-94C0-B392A92AEF5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-22] (Google LLC -> Google LLC)
Task: {DF77F4F8-696E-4C2A-B084-7D692F88192A} - System32\Tasks\Opera scheduled Autoupdate 1631745780 => C:\Users\kjeff\AppData\Local\Programs\Opera\launcher.exe [42724048 2021-09-13] (Opera Software AS -> Opera Software)
Task: {EDFC1A5B-DD4D-42DD-A5A5-7BB8D8086A17} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F7124DEC-A127-4A94-83A3-FDC52DA4F083} - System32\Tasks\Sleep => C:\Users\kjeff\Documents\Scripts\Sleep.bat [47 2021-07-12] () [File not signed]
Task: {F9CB6CC0-69C9-4B82-94A0-3097BCAEA1B6} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2019-10-30] (ASUSTeK COMPUTER INC.) [File not signed]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 96bbc763-d277-4bed-b479-c904faeb193f.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c0c5032c-90cd-4cc3-b268-6bd5debf4856.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Hosts: 0.0.0.1  scinstallcheck.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0d2d2371-b774-4222-831a-bcf3a8b53e60}: [DhcpNameServer] 192.168.1.254
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
 
Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-15]
Edge Profile: C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-09-16]
Edge DownloadDir: Profile 1 -> H:\
Edge Notifications: Profile 1 -> hxxps://app.chime.aws; hxxps://bangx.org; hxxps://flashymass.com; hxxps://kokotrokot.com; hxxps://linkvertise.com; hxxps://meet.google.com; hxxps://oxford-ms.geebo.com; hxxps://porneq.com; hxxps://suggestive.com; hxxps://time4news.net; hxxps://typiccor.com; hxxps://www.instantcheckmate.com; hxxps://www2.darenjarvis.pro; hxxps://www40.darenjarvis.pro
Edge HomePage: Profile 1 -> hxxp://lenovo17win10.msn.com/?pc=LCTE
Edge Extension: (Click&Clean) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\dacknjoogbepndbemlmljdobinliojbk [2021-06-18]
Edge Extension: (lock) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2021-09-15]
Edge Extension: (MetaMask) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2021-09-05]
Edge Extension: (Download All Images) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\focinmnfmbmhknhdaamhppgdhahnbgif [2021-09-10]
Edge Extension: (Workona Tab Manager) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\gdfnelpciiajgjenlapgkdcjpcfpfpob [2021-07-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-15]
Edge Extension: (Download with JDownloader) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ilonanfdcnaljoedndpfeflllibalflj [2021-07-13]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-09-10]
Edge Profile: C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 2 [2021-09-16]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\kjeff\AppData\Local\Microsoft\Edge\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: myo3bsn6.default
FF ProfilePath: C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\myo3bsn6.default [2021-09-15]
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\myo3bsn6.default\Extensions\[email protected] [2021-01-12]
FF ProfilePath: C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release [2021-09-16]
FF DownloadDir: C:\Users\kjeff\Downloads\teetetease
FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\[email protected] [2021-01-12]
FF Extension: (Authenticator) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\[email protected] [2021-09-15]
FF Extension: (Open Multiple URLs) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\[email protected] [2021-07-20]
FF Extension: (Download with JDownloader) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\{03e07985-30b0-4ae0-8b3e-0c7519b9bdf6}.xpi [2021-07-04]
FF Extension: (Locoloader) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\{21368c2e-1e43-414c-9c63-e1b87782681f}.xpi [2021-07-07]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-09-15]
FF Extension: (Allow Right-Click) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\{278b0ae0-da9d-4cc6-be81-5aa7f3202672}.xpi [2021-09-09]
FF Extension: (Absolute Right Click) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\{9350bc42-47fb-4598-ae0f-825e3dd9ceba}.xpi [2021-07-07]
FF Extension: (1Password – Password Manager) - C:\Users\kjeff\AppData\Roaming\Mozilla\Firefox\Profiles\kxbp2r4e.default-release\Extensions\{d634138d-c276-4fc8-924b-40a0ea21d284}.xpi [2021-09-15]
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=3 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2021-08-26] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF Plugin-x32: @tools.google.com/CheckPoint Update;version=9 -> C:\Program Files (x86)\CheckPoint\Update\1.3.99.0\npZoneAlarmUpdate3.dll [2021-08-26] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-09-16] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-09-16] <==== ATTENTION
 
Chrome: 
=======
CHR DefaultProfile: Profile 2
CHR Profile: C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default [2021-09-15]
CHR Notifications: Default -> hxxps://linkvertise.com
CHR DefaultSearchURL: Default -> hxxps://lookbox.net/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> lookbox
CHR Extension: (Slides) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-22]
CHR Extension: (Docs) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-22]
CHR Extension: (Google Drive) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-22]
CHR Extension: (Video Downloader Plus) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfejhehdhaaeoiahaojjhmjaihjaodcf [2021-07-07]
CHR Extension: (Image Downloader) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2021-06-10]
CHR Extension: (Lookbox.net) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eceiapccglmgpbbocamhfmgfbcollhpk [2020-06-01]
CHR Extension: (Video Downloader professional) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2021-07-07]
CHR Extension: (Sheets) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-22]
CHR Extension: (Video Downloader PLUS) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2020-06-15]
CHR Extension: (Google Docs Offline) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-14]
CHR Extension: (Gmail) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-10]
CHR Profile: C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-15]
CHR Profile: C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-09-16]
CHR Notifications: Profile 1 -> hxxps://bestjavporn.com; hxxps://linkvertise.com; hxxps://www.tubxporn.com
CHR Extension: (Slides) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-29]
CHR Extension: (Safe Torrent Scanner) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-08-29]
CHR Extension: (Math Wallet) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afbcbjpbpfadlkmhmclhkeeodmamcflc [2021-08-19]
CHR Extension: (Docs) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-29]
CHR Extension: (Google Drive) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-21]
CHR Extension: (YouTube) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-29]
CHR Extension: (Honey) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-08-19]
CHR Extension: (Sheets) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-29]
CHR Extension: (Binance Wallet) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhbohimaelbohpjbbldcngcnapndodjp [2021-08-29]
CHR Extension: (ZoneAlarm Web Secure) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flljooaijgdgaaogmfhakpojmddcjjmj [2021-08-29]
CHR Extension: (Proctorio) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fpmapakogndmenjcfoajifaaonnkpkei [2021-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-05]
CHR Extension: (Video Adblocker for Youtube™ Extension) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hflefjhkfeiaignkclmphmokmmbhbhik [2020-04-29]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-29]
CHR Extension: (Custom Engines) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkacjhofeafagblkflacbogbkdcmeabf [2021-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-14]
CHR Extension: (Gmail) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-19]
CHR Profile: C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2 [2021-09-16]
CHR Extension: (Slides) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-25]
CHR Extension: (Safe Torrent Scanner) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-08-29]
CHR Extension: (Docs) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-25]
CHR Extension: (Google Drive) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-25]
CHR Extension: (YouTube) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-25]
CHR Extension: (Tampermonkey) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2021-07-07]
CHR Extension: (Sheets) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-25]
CHR Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2021-07-07]
CHR Extension: (ZoneAlarm Web Secure) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flljooaijgdgaaogmfhakpojmddcjjmj [2021-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-25]
CHR Extension: (Gmail) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-25]
CHR Extension: (Chrome Media Router) - C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-19]
CHR Profile: C:\Users\kjeff\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-15]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\kjeff\AppData\Roaming\Opera Software\Opera Stable [2021-09-15]
OPR Extension: (Rich Hints Agent) - C:\Users\kjeff\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-09-15]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\kjeff\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [11119744 2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1050920 2021-05-10] (Autodesk, Inc. -> Autodesk Inc.)
S2 adawareantivirusservice; C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.158.0\AdAwareService.exe [587104 2021-06-23] (Adaware Software (Lavasoft Software Canada Inc.) -> )
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [18673448 2020-11-17] (Autodesk, Inc. -> Autodesk)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 AR_Service; C:\Program Files (x86)\CheckPoint\ZANG\AR\AR_Service.exe [23168 2021-06-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.51\atkexComSvc.exe [442928 2020-10-22] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe [1360016 2020-10-12] (ASUSTeK Computer Inc. -> ) [File not signed]
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.94\AsusFanControlService.exe [2073136 2020-10-12] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [768408 2021-09-16] (ASUSTeK Computer Inc. -> )
S2 Canvas Installer; C:\Program Files (x86)\Dell\Canvas Installer\DCIService.exe [39960 2019-11-04] (Dell Inc -> DELL)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3268288 2021-02-25] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-06-04] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-06-04] (Check Point Software Technologies Ltd. -> )
R2 csssrv; C:\Program Files (x86)\COMODO\COMODO Secure Shopping\csssrv64.exe [4054248 2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-09-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 Denuvo Anti-Cheat Update Service; C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat-update-service.exe [980184 2020-05-19] (Denuvo GmbH -> Denuvo GmbH)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2253776 2019-06-20] (Comodo Security Solutions, Inc. -> Comodo)
S2 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [9868696 2021-08-18] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-11-16] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EmsiCommService; C:\Program Files\Emsisoft Anti-Malware\CommService.exe [14230080 2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
R2 EppWsc; C:\Program Files\Emsisoft Anti-Malware\EppWsc.exe [1545368 2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
S2 HasteUEService; C:\Program Files\Haste\UserEdgeService.exe [1597128 2021-06-21] (Thalonet, Inc. -> Thalonet, Inc. (dba Haste))
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2405136 2021-08-31] (IObit Information Technology -> IObit)
S2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [2109376 2019-07-03] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7785656 2021-09-10] (Malwarebytes Inc -> Malwarebytes)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2557144 2021-08-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3475680 2021-08-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [254224 2021-03-21] (Razer USA Ltd. -> Razer Inc)
S2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294520 2021-07-25] (Razer USA Ltd. -> Razer Inc.)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18168 2020-12-16] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533808 2021-01-29] (Razer USA Ltd. -> Razer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [136896 2021-05-27] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4575688 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [1058504 2021-08-09] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [91048 2019-01-24] (X-Rite Incorporated -> X-Rite Inc.)
S2 ZA NET ICM Service; C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe [42208 2020-03-13] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZANG_MgrSvc; C:\Program Files (x86)\CheckPoint\ZANG\MgrSvc\ZANG_MgrSvc.exe [25216 2021-06-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [129216 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)
S2 zus; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2021-08-26] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S3 zusm; C:\Program Files (x86)\CheckPoint\Update\ZoneAlarmUpdate.exe [166200 2021-08-26] (Check Point Software Technologies Ltd. -> CheckPoint Software Technologies Ltd.)
S2 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe -s [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 RealtekHubService; C:\Users\kjeff\AppData\Local\Temp\is-KJAP4.tmp\RtHubSSContrl.exe [X] <==== ATTENTION
S2 SafeConnectService; "C:\Program Files (x86)\McAfee\McAfee Safe Connect\SafeConnect.ServiceHost.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [34112 2019-07-02] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [35136 2020-05-25] (ASUSTeK Computer Inc. -> )
R3 audientusbaudio; C:\WINDOWS\System32\drivers\audientusbaudio.sys [381496 2021-07-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 audientusbaudioks; C:\WINDOWS\System32\drivers\audientusbaudioks.sys [53816 2021-07-12] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [284672 2021-04-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 cmdcss; C:\WINDOWS\system32\drivers\cmdcss.sys [125000 2018-02-28] (Comodo Security Solutions, Inc. -> COMODO)
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [83248 2020-09-03] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [150968 2021-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
R1 cposfw; C:\WINDOWS\System32\DRIVERS\cposfw.sys [113976 2021-06-08] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
S3 Denuvo Anti-Cheat; C:\Program Files\Denuvo Anti-Cheat\denuvo-anti-cheat.sys [1553128 2020-05-19] (Denuvo GmbH -> Denuvo GmbH)
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S0 epelam; C:\WINDOWS\System32\drivers\epelam.sys [23528 2020-02-20] (CheckPointElamTestSign -> Check Point Software Technologies)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [135984 2020-12-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [155112 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37776 2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
S0 EppElam; C:\WINDOWS\System32\drivers\EppElam.sys [16808 2021-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Emsisoft Ltd)
R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [126968 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Emsisoft Ltd)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
R3 Imf8HpRegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpRegFilter.sys [41848 2019-12-17] (IObit Information Technology -> IObit)
R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFDownProtect.sys [40920 2021-07-30] (IObit CO., LTD -> IObit)
R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\IMFForceDelete.sys [34192 2019-06-11] (IObit Information Technology -> IObit)
R3 ImfHpFileFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfHpFileFilter.sys [45432 2019-12-17] (IObit Information Technology -> IObit)
S3 ImfObCallback; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfObCallback.sys [33984 2020-03-12] (IObit Information Technology -> IObit)
R3 ImfRealScanner; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRealScanner.sys [53720 2021-08-13] (IObit CO., LTD -> IObit)
S3 ImfRegistryFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win10_amd64\ImfRegistryFilter.sys [42360 2019-12-17] (IObit Information Technology -> IObit)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2020-10-15] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2020-06-17] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 iVCam; C:\WINDOWS\system32\DRIVERS\iVCam.sys [1089512 2020-04-04] (Shanghai Yitu Information Technology Co., Ltd. -> e2eSoft)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-09-11] (Malwarebytes Inc -> Malwarebytes)
R3 MSIO; C:\Program Files\Patriot\Aac_Patriot Viper RGB\msio64.sys [25616 2018-02-12] (MICSYS Technology Co., Ltd. -> )
S3 RtsUpx; C:\WINDOWS\system32\drivers\RtsUpx.sys [18136 2020-07-15] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_022b; C:\WINDOWS\System32\drivers\RzDev_022b.sys [55624 2021-01-28] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_0526; C:\WINDOWS\System32\drivers\RzDev_0526.sys [54168 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [82848 2019-07-31] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [41392 2020-09-22] (McAfee, LLC. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [641736 2021-04-20] (Bitdefender SRL -> Bitdefender)
U5 UnlockerDriver5; C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Windows ® Win 7 DDK provider) [File not signed]
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2021-05-20] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
U5 vsock; C:\Windows\System32\Drivers\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
S3 WacHidRouterISD; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [139928 2017-04-28] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-09-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [433384 2021-09-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-09] (Microsoft Windows -> Microsoft Corporation)
R4 WinDivert1.3; C:\Program Files\Haste\WinDivert64.sys [47560 2021-06-21] (Ars Nova Systems -> Basil)
R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [20832 2017-06-15] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
R2 WtfEngineDrv; C:\WINDOWS\system32\Drivers\WtfEngineDrv.sys [41704 2020-05-15] (Initeks, OOO -> AAA Internet Publishing, Inc.)
S3 GPU-Z-v2; \??\C:\Users\kjeff\AppData\Local\Temp\GPU-Z-v2.sys [X] <==== ATTENTION
U3 iswSvc; no ImagePath
S3 MpKsla56a9945; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6921F87E-4728-4AE6-88AC-D4DA7DE14995}\MpKslDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three months (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-16 15:21 - 2021-09-16 15:21 - 000000000 _____ C:\WINDOWS\cpepmon.mlf
2021-09-16 05:56 - 2021-09-16 05:56 - 000000000 ____D C:\Program Files\ESET
2021-09-16 05:52 - 2021-09-16 05:52 - 000000000 ____D C:\Users\kjeff\Downloads\teetetease
2021-09-16 05:39 - 2021-09-16 05:40 - 008702880 _____ (ESET) C:\Users\kjeff\Downloads\eset_internet_security_live_installer.exe
2021-09-16 05:05 - 2021-09-16 05:05 - 000000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA%
2021-09-16 05:04 - 2021-09-16 05:04 - 000001702 _____ C:\WINDOWS\system32\.crusader
2021-09-16 00:56 - 2021-09-16 00:56 - 000000733 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillEmAll Mini.lnk
2021-09-16 00:55 - 2021-01-27 21:31 - 001044248 _____ (d7xTech, Inc.) C:\Users\kjeff\Desktop\KillEmAll Mini.exe
2021-09-16 00:48 - 2021-09-16 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2021-09-16 00:48 - 2021-09-16 00:48 - 000000000 ____D C:\Program Files\HitmanPro
2021-09-16 00:46 - 2021-09-16 05:04 - 000000000 ____D C:\ProgramData\HitmanPro
2021-09-16 00:44 - 2021-09-16 00:44 - 000319274 _____ C:\Users\kjeff\Downloads\KillEmAll_Mini.zip
2021-09-16 00:37 - 2021-09-16 00:37 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Comodo
2021-09-15 23:35 - 2019-08-21 08:02 - 000454616 _____ (COMODO) C:\WINDOWS\system32\cssguard64.dll
2021-09-15 23:35 - 2019-08-21 08:02 - 000341224 _____ (COMODO) C:\WINDOWS\system32\cmdkbdcss64.dll
2021-09-15 23:35 - 2019-08-21 08:02 - 000337856 _____ (COMODO) C:\WINDOWS\SysWOW64\cssguard32.dll
2021-09-15 23:35 - 2019-08-21 08:02 - 000262376 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbdcss32.dll
2021-09-15 23:35 - 2018-02-28 08:11 - 000125000 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdcss.sys
2021-09-15 23:33 - 2021-09-15 23:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2021-09-15 23:33 - 2021-09-15 23:33 - 000000000 ____D C:\Users\kjeff\AppData\Local\Comodo
2021-09-15 23:32 - 2021-09-15 23:34 - 000000000 ____D C:\Program Files (x86)\Comodo
2021-09-15 23:26 - 2021-09-15 23:34 - 000000000 ____D C:\ProgramData\Comodo
2021-09-15 23:26 - 2021-09-15 23:26 - 000000000 ____D C:\ProgramData\Shared Space
2021-09-15 23:20 - 2021-09-15 23:20 - 000000000 ____D C:\Users\kjeff\AppData\LocalLow\iTop Screen Recorder
2021-09-15 23:19 - 2021-09-15 23:19 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\iTop Screenshot
2021-09-15 23:18 - 2021-09-15 23:20 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\iTop Screen Recorder
2021-09-15 23:18 - 2021-09-15 23:20 - 000000000 ____D C:\ProgramData\iTop
2021-09-15 23:18 - 2021-09-15 23:18 - 000002908 _____ C:\WINDOWS\system32\Tasks\IMF_SkipUAC_kjeff
2021-09-15 23:17 - 2021-09-15 23:25 - 000000000 ____D C:\Program Files (x86)\iFun Screen Recorder
2021-09-15 23:16 - 2021-09-16 06:31 - 000000279 _____ C:\Users\kjeff\Desktop\Recycle Bin.lnk
2021-09-15 23:12 - 2021-09-15 23:17 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\IObit
2021-09-15 23:12 - 2021-09-15 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2021-09-15 23:12 - 2021-09-15 21:01 - 000037776 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\eppdisk.sys
2021-09-15 23:12 - 2021-09-15 21:01 - 000016808 _____ (Emsisoft Ltd) C:\WINDOWS\system32\Drivers\EppElam.sys
2021-09-15 23:11 - 2021-09-15 23:17 - 000000000 ____D C:\ProgramData\ProductData
2021-09-15 23:06 - 2021-09-15 23:18 - 000000000 ____D C:\Users\kjeff\AppData\LocalLow\IObit
2021-09-15 23:03 - 2021-09-15 23:03 - 000001246 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2021-09-15 23:03 - 2021-09-15 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2021-09-15 23:00 - 2021-09-15 23:00 - 000000000 ____D C:\Program Files (x86)\IObit
2021-09-15 22:59 - 2021-09-15 23:18 - 000000000 ____D C:\ProgramData\IObit
2021-09-15 21:51 - 2021-09-16 15:25 - 000000000 ____D C:\FRST
2021-09-15 20:24 - 2021-04-07 22:06 - 000000868 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20210915-202415.backup
2021-09-15 20:22 - 2021-04-07 22:06 - 000000868 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20210915-202220.backup
2021-09-15 20:10 - 2021-09-15 20:10 - 000000000 ___HD C:\$WinREAgent
2021-09-15 20:08 - 2021-09-15 20:09 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-881886857-835413342-2016909866-1001
2021-09-15 20:06 - 2021-09-15 20:09 - 000000000 ____D C:\Users\TEMP
2021-09-15 17:45 - 2021-09-15 17:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-09-15 17:45 - 2021-09-15 17:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-09-15 17:44 - 2021-09-15 17:44 - 000000000 ____D C:\Safer-Networking Ltd
2021-09-15 17:43 - 2021-09-15 17:47 - 000000000 ____D C:\Users\kjeff\AppData\Local\Safer-Networking Ltd
2021-09-15 17:43 - 2021-09-15 17:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
2021-09-15 17:43 - 2021-09-15 17:43 - 000004464 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1631745798
2021-09-15 17:43 - 2021-09-15 17:43 - 000004210 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1631745780
2021-09-15 17:43 - 2021-09-15 17:43 - 000001399 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2021-09-15 17:43 - 2021-09-15 17:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
2021-09-15 17:43 - 2021-09-15 17:43 - 000000000 ____D C:\Users\kjeff\AppData\Local\Opera Software
2021-09-15 17:43 - 2021-09-15 17:43 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
2021-09-15 17:42 - 2021-09-16 15:23 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-09-15 17:42 - 2021-09-15 17:42 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2021-09-15 17:42 - 2021-09-15 17:42 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Opera Software
2021-09-15 17:42 - 2021-09-15 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2021-09-15 17:42 - 2019-06-21 08:34 - 000019904 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Spybot3ELAM.sys
2021-09-15 17:42 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2021-09-15 17:41 - 2021-09-16 15:23 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-09-15 17:34 - 2021-09-15 17:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-09-15 17:34 - 2021-09-15 17:34 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\adaware
2021-09-15 17:34 - 2021-09-15 17:34 - 000000000 ____D C:\Users\kjeff\AppData\Local\AdAwareDesktop
2021-09-15 17:33 - 2021-09-15 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\adaware
2021-09-15 17:33 - 2021-09-15 17:33 - 000000000 ____D C:\Program Files\adaware
2021-09-15 17:30 - 2021-09-15 20:06 - 000000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c0c5032c-90cd-4cc3-b268-6bd5debf4856.job
2021-09-15 17:30 - 2021-09-15 20:06 - 000000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 96bbc763-d277-4bed-b479-c904faeb193f.job
2021-09-15 17:30 - 2021-09-15 17:30 - 000003782 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task 96bbc763-d277-4bed-b479-c904faeb193f
2021-09-15 17:30 - 2021-09-15 17:30 - 000003700 _____ C:\WINDOWS\system32\Tasks\SUPERAntiSpyware Scheduled Task c0c5032c-90cd-4cc3-b268-6bd5debf4856
2021-09-15 17:30 - 2021-09-15 17:30 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\SUPERAntiSpyware.com
2021-09-15 17:30 - 2021-09-15 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-09-15 17:30 - 2021-09-15 17:30 - 000000000 ____D C:\ProgramData\adaware
2021-09-15 17:29 - 2021-09-15 17:30 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-09-15 17:29 - 2021-09-15 17:29 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-09-15 16:41 - 2021-09-15 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-09-15 02:03 - 2021-09-15 02:03 - 000001361 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2021-09-15 02:02 - 2021-09-15 02:02 - 000000000 ____D C:\Users\kjeff\AppData\Local\1Password
2021-09-14 02:57 - 2021-09-14 02:57 - 000000000 ____D C:\Users\kjeff\Documents\Ampeg
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx.sys
2021-09-13 05:58 - 2021-09-13 05:58 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-09-13 02:57 - 2021-09-13 02:57 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Goldberg SocialClub Emu Saves
2021-09-13 02:56 - 2021-09-13 02:56 - 000000000 ____D C:\Users\kjeff\Documents\Rockstar Games
2021-09-13 02:56 - 2021-09-13 02:56 - 000000000 ____D C:\Users\kjeff\AppData\Local\Rockstar Games
2021-09-13 02:55 - 2021-09-13 02:55 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\EMPRESS
2021-09-12 07:16 - 2021-09-12 07:16 - 000000745 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Dead Redemption 2.lnk
2021-09-12 07:13 - 2021-04-07 22:06 - 000000868 ____R C:\WINDOWS\system32\Drivers\etc\hosts.check
2021-09-12 07:13 - 2021-04-07 22:06 - 000000868 ____R C:\WINDOWS\system32\Drivers\etc\hosts.backup
2021-09-12 07:12 - 2021-09-12 07:13 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-09-12 03:35 - 2021-09-12 04:11 - 000000583 _____ C:\Users\Public\Desktop\Red Dead Redemption 2.lnk
2021-09-12 00:25 - 2021-09-12 00:25 - 000000828 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Projects.lnk
2021-09-11 21:16 - 2021-09-11 21:19 - 000262176 _____ C:\Users\kjeff\Downloads\keylabmkII_Firmware_Update_1_2_4_1091.led
2021-09-11 21:16 - 2021-09-11 21:19 - 000000107 _____ C:\Users\kjeff\Downloads\keylabmkII_Firmware_Update_1_2_4_1091.led.confirm
2021-09-11 21:13 - 2021-09-11 21:13 - 000000979 _____ C:\Users\kjeff\Desktop\Piano V2.lnk
2021-09-11 21:10 - 2021-09-11 21:10 - 000001027 _____ C:\Users\kjeff\Desktop\Analog Lab V.lnk
2021-09-11 20:27 - 2021-09-11 21:12 - 000000000 ____D C:\Program Files\Arturia
2021-09-11 20:26 - 2021-09-12 05:56 - 000001334 _____ C:\Users\kjeff\Desktop\MIDI Control Center.lnk
2021-09-11 20:20 - 2021-09-13 06:05 - 000000000 ____D C:\Users\kjeff\Downloads\Arturia
2021-09-11 20:19 - 2021-09-11 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2021-09-11 20:19 - 2021-09-11 21:02 - 000001382 _____ C:\Users\kjeff\Desktop\Arturia Software Center.lnk
2021-09-11 20:13 - 2021-09-11 20:13 - 000000000 ____D C:\Users\kjeff\Documents\BIAS_PD_BACKUP-8909B942-B5B0-451C-A981-A17EDA6E8226
2021-09-11 20:13 - 2021-09-11 20:13 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Ampeg
2021-09-11 04:23 - 2021-09-16 05:06 - 188743680 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-09-11 02:03 - 2021-09-11 02:03 - 000424307 _____ C:\Users\kjeff\Downloads\SweetwaterInvoice_28826011.pdf
2021-09-11 01:16 - 2021-09-11 01:16 - 000000000 ____D C:\WINDOWS\Panther
2021-09-10 21:07 - 2021-09-10 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6
2021-09-10 21:06 - 2021-09-10 21:07 - 000000000 ____D C:\ProgramData\Ampeg
2021-09-10 21:05 - 2021-09-11 20:13 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Line 6
2021-09-10 21:05 - 2021-09-10 21:05 - 000000000 ____D C:\ProgramData\Line 6
2021-09-10 21:00 - 2021-09-11 20:13 - 000000000 ____D C:\Users\kjeff\Documents\BIAS_Pedal
2021-09-10 20:56 - 2021-09-13 01:47 - 000000000 ____D C:\Users\Public\Documents\NI Resources
2021-09-10 20:56 - 2021-09-10 20:56 - 000000000 ____D C:\Users\kjeff\AppData\Local\Native Instruments
2021-09-10 20:56 - 2021-09-10 20:56 - 000000000 ____D C:\Users\kjeff\AppData\Local\Guitar Rig 6
2021-09-10 20:54 - 2021-09-10 20:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2021-09-10 20:53 - 2021-09-10 20:56 - 000000000 ___RD C:\Users\kjeff\Documents\Native Instruments
2021-09-10 20:53 - 2021-09-10 20:53 - 000000000 _RSHD C:\Users\Public\Documents\Native Instruments
2021-09-10 20:53 - 2021-09-10 20:53 - 000000000 ___RD C:\Program Files\Native Instruments
2021-09-10 20:53 - 2020-10-06 02:03 - 003578488 _____ () C:\WINDOWS\system32\qtANGLE.dll
2021-09-10 20:45 - 2021-09-11 01:24 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-09-10 20:45 - 2021-09-10 20:45 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-09-10 20:45 - 2021-09-10 20:45 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-09-10 20:45 - 2021-09-10 20:44 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-09-10 20:45 - 2021-09-10 20:44 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-09-10 20:44 - 2021-09-10 20:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-09-10 20:38 - 2021-09-10 20:38 - 000000000 ____D C:\Users\kjeff\AppData\Local\AAA_Internet_Publishing_I
2021-09-10 20:37 - 2021-09-10 20:38 - 000000000 ____D C:\Program Files (x86)\wtfast
2021-09-10 20:37 - 2021-09-10 20:37 - 000001048 _____ C:\Users\Public\Desktop\wtfast.lnk
2021-09-10 20:37 - 2021-09-10 20:37 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WtfEngineDrv_01009.Wdf
2021-09-10 20:37 - 2021-09-10 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wtfast
2021-09-10 20:37 - 2020-05-15 11:21 - 000041704 _____ (AAA Internet Publishing, Inc.) C:\WINDOWS\system32\Drivers\WtfEngineDrv.sys
2021-09-10 20:30 - 2021-09-10 20:31 - 000003758 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_kjeff
2021-09-10 20:30 - 2021-09-10 20:30 - 000004076 _____ C:\WINDOWS\system32\Tasks\WpsExternal_kjeff_20210910203048
2021-09-10 07:01 - 2021-09-10 07:06 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Blue Cat Audio
2021-09-10 07:01 - 2021-09-10 07:01 - 000000000 ____D C:\Users\kjeff\Documents\Blue Cat Audio
2021-09-10 06:50 - 2021-09-10 06:54 - 000000000 ____D C:\Program Files\Blue Cat Audio
2021-09-10 06:37 - 2021-09-10 06:37 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\PositiveGrid
2021-09-10 06:24 - 2021-09-10 06:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIAS Amp 2
2021-09-10 06:21 - 2021-09-10 21:00 - 000000000 ___RD C:\Program Files\Common Files\PositiveGrid
2021-09-10 06:21 - 2021-09-10 06:21 - 000000000 ____D C:\Users\kjeff\Documents\PositiveGrid
2021-09-09 04:57 - 2021-09-10 03:11 - 000000924 _____ C:\Users\Public\Desktop\Overwatch.lnk
2021-09-09 04:20 - 2021-09-09 04:20 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-09-09 04:19 - 2021-09-09 04:19 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-09 04:19 - 2021-09-09 04:19 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-09 04:19 - 2021-09-09 04:19 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-09 04:19 - 2021-09-09 04:19 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-09 04:19 - 2021-09-09 04:19 - 000011345 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-09 04:18 - 2021-09-09 04:18 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-09 04:18 - 2021-09-09 04:18 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-09 04:18 - 2021-09-09 04:18 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-09 04:18 - 2021-09-09 04:18 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-09 04:18 - 2021-09-09 04:18 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-09 04:18 - 2021-09-09 04:18 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-09 04:18 - 2021-09-09 04:18 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-09 04:18 - 2021-09-09 04:18 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-09 04:18 - 2021-09-09 04:18 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-09 04:18 - 2021-09-09 04:18 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-09 04:18 - 2021-09-09 04:18 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-09 03:41 - 2021-09-09 03:45 - 000000000 ___RD C:\Users\kjeff\Documents\DMGAudio
2021-09-09 03:41 - 2021-09-09 03:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMGAudio
2021-09-09 02:55 - 2021-09-09 02:56 - 000000000 ____D C:\Users\kjeff\Desktop\Cracks
2021-09-09 00:19 - 2021-09-09 03:28 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Xfer
2021-09-09 00:15 - 2021-09-09 02:05 - 000000000 ____D C:\Users\kjeff\Documents\Xfer
2021-09-09 00:15 - 2021-09-09 00:19 - 000000000 ____D C:\Users\kjeff\AppData\Local\Xfer
2021-09-09 00:03 - 2021-09-09 00:04 - 000000000 ____D C:\Users\kjeff\Desktop\Packs
2021-09-08 23:54 - 2021-09-12 00:55 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Maize Sampler Player
2021-09-07 22:27 - 2021-09-07 22:27 - 000000000 ____D C:\Users\kjeff\AppData\LocalLow\Nomada
2021-09-07 05:20 - 2021-08-28 07:25 - 001858664 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-09-07 05:20 - 2021-08-28 07:25 - 001858664 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-07 05:20 - 2021-08-28 07:25 - 001474704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-09-07 05:20 - 2021-08-28 07:25 - 001438848 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-09-07 05:20 - 2021-08-28 07:25 - 001438848 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-07 05:20 - 2021-08-28 07:25 - 001212536 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-09-07 05:20 - 2021-08-28 07:25 - 001097856 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-09-07 05:20 - 2021-08-28 07:25 - 001097856 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-07 05:20 - 2021-08-28 07:25 - 000951936 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-09-07 05:20 - 2021-08-28 07:25 - 000951936 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-07 05:20 - 2021-08-28 07:22 - 001520760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-09-07 05:20 - 2021-08-28 07:22 - 001171064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-09-07 05:20 - 2021-08-28 07:22 - 000716920 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-09-07 05:20 - 2021-08-28 07:22 - 000676480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-09-07 05:20 - 2021-08-28 07:22 - 000645240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-09-07 05:20 - 2021-08-28 07:22 - 000577168 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-09-07 05:20 - 2021-08-28 07:22 - 000564344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-09-07 05:20 - 2021-08-28 07:21 - 002112128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-09-07 05:20 - 2021-08-28 07:21 - 001595536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-09-07 05:20 - 2021-08-28 07:21 - 000919184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-09-07 05:20 - 2021-08-28 07:21 - 000706192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-09-07 05:20 - 2021-08-28 07:20 - 008854144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-09-07 05:20 - 2021-08-28 07:20 - 007920760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-09-07 05:20 - 2021-08-28 07:20 - 005681280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-09-07 05:20 - 2021-08-28 07:20 - 004987512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-09-07 05:20 - 2021-08-28 07:20 - 002925688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-09-07 05:20 - 2021-08-28 07:20 - 000447104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-09-07 05:20 - 2021-08-28 07:19 - 000849016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-09-07 05:20 - 2021-08-27 11:54 - 000083133 _____ C:\WINDOWS\system32\nvinfo.pb
2021-09-07 03:51 - 2021-09-07 17:12 - 000000000 ____D C:\Users\kjeff\Documents\Splice
2021-09-07 03:48 - 2021-09-16 15:21 - 000000000 ____D C:\Users\kjeff\AppData\Local\SpliceSettings
2021-09-07 03:48 - 2021-09-07 03:49 - 000000000 ____D C:\Users\kjeff\AppData\Local\splice
2021-09-07 03:48 - 2021-09-07 03:48 - 000002215 _____ C:\Users\kjeff\Desktop\Splice.lnk
2021-09-07 03:48 - 2021-09-07 03:48 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Splice
2021-09-07 03:48 - 2021-09-07 03:48 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice
2021-09-07 01:44 - 2021-09-07 01:44 - 000001312 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\12M.lnk
2021-09-07 00:31 - 2021-09-07 00:31 - 000000223 _____ C:\Users\kjeff\Desktop\Twelve Minutes.url
2021-09-05 03:36 - 2021-09-05 03:40 - 000000000 ____D C:\Users\kjeff\Desktop\Arturia
2021-09-05 00:26 - 2021-09-12 00:33 - 000000000 ____D C:\Users\kjeff\Documents\Arturia mkii
2021-09-03 21:54 - 2021-09-03 21:59 - 000000000 ____D C:\Users\kjeff\Documents\XLN.Audio.RC-20.Retro.Color.v1.1.1.2.Incl.Patched.and.Keygen-R2R
2021-09-03 05:59 - 2021-09-03 05:59 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Voxengo
2021-08-31 03:52 - 2021-09-11 21:12 - 000000000 ___RD C:\ProgramData\Arturia
2021-08-31 03:52 - 2021-09-11 20:26 - 000000000 _RSHD C:\Program Files (x86)\Arturia
2021-08-31 03:40 - 2021-09-11 22:43 - 000000032 _____ C:\Users\kjeff\AppData\Roaming\msregsvv.dll
2021-08-31 03:40 - 2021-09-11 22:43 - 000000032 _____ C:\ProgramData\autobk.inc
2021-08-31 03:40 - 2021-09-10 04:26 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\IK Multimedia
2021-08-31 03:38 - 2021-09-10 04:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2021-08-31 03:37 - 2021-09-10 04:24 - 000000000 ____D C:\Users\kjeff\Documents\IK Multimedia
2021-08-31 03:37 - 2021-09-10 04:19 - 000000000 ____D C:\Program Files\IK Multimedia
2021-08-31 03:37 - 2021-08-31 03:37 - 000000000 ____D C:\Program Files\VstPlugIns
2021-08-31 03:03 - 2021-08-31 03:03 - 000000000 ____D C:\Users\kjeff\Documents\FabFilter
2021-08-31 03:03 - 2021-08-31 03:03 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\FabFilter
2021-08-31 03:01 - 2021-08-31 03:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FabFilter
2021-08-31 03:01 - 2021-08-31 03:01 - 000000000 ____D C:\Program Files (x86)\FabFilter
2021-08-31 02:58 - 2021-08-31 02:58 - 000000000 ____D C:\Program Files\Voxengo
2021-08-31 02:47 - 2021-08-31 02:47 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\UJAM
2021-08-31 02:44 - 2021-08-31 02:44 - 000000000 ____D C:\ProgramData\UJAM
2021-08-31 02:44 - 2021-08-31 02:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UJAM
2021-08-31 02:39 - 2021-08-31 02:39 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Antares
2021-08-31 02:18 - 2021-09-03 05:53 - 000000000 ____D C:\Users\kjeff\Documents\RC-20 Retro Color Logs
2021-08-31 02:18 - 2021-08-31 02:18 - 000000000 ____D C:\Users\kjeff\Documents\RC-20 Retro Color
2021-08-31 02:16 - 2021-09-09 03:45 - 000000000 ____D C:\Program Files\Steinberg
2021-08-31 02:08 - 2021-08-31 02:17 - 000000000 ____D C:\ProgramData\XLN Audio
2021-08-31 02:08 - 2021-08-31 02:08 - 000000000 ____D C:\Users\kjeff\Documents\XLN Online Installer
2021-08-31 02:08 - 2021-08-31 02:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLN Audio
2021-08-31 02:08 - 2021-08-31 02:08 - 000000000 ____D C:\Program Files\XLN Audio
2021-08-31 00:09 - 2021-08-31 00:09 - 000000000 ____D C:\Program Files\Antares
2021-08-30 07:45 - 2021-08-30 07:45 - 000000000 __SHD C:\ProgramData\win-net
2021-08-30 07:20 - 2021-09-12 00:02 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Eventide
2021-08-30 07:20 - 2021-08-30 07:20 - 000000000 ____D C:\Users\kjeff\AppData\Local\Lethal
2021-08-30 07:09 - 2021-08-30 07:18 - 000000000 ____D C:\Program Files\AbletonPlugins
2021-08-30 06:59 - 2021-08-31 00:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares
2021-08-30 06:02 - 2021-09-11 21:12 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-08-30 06:02 - 2021-08-30 06:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eventide
2021-08-30 06:01 - 2021-08-30 06:31 - 000000000 ____D C:\Users\kjeff\Documents\Eventide
2021-08-30 04:22 - 2021-08-30 04:22 - 000001254 _____ C:\Users\kjeff\Documents\Adobe After Effects 2020 v17.1.3.41 (x64) Patched - Shortcut.lnk
2021-08-30 04:14 - 2021-09-11 21:12 - 000000000 ____D C:\Program Files\VST_Plugins
2021-08-30 04:11 - 2021-09-10 20:53 - 000000000 ___RD C:\Program Files\Common Files\Native Instruments
2021-08-30 04:11 - 2021-08-30 04:11 - 000000000 __SHD C:\Users\kjeff\AppData\Local\ms-drivers
2021-08-30 04:11 - 2021-08-30 04:11 - 000000000 __SHD C:\Users\kjeff\AppData\Local\icsxml
2021-08-30 04:11 - 2021-08-30 04:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lethal
2021-08-30 04:11 - 2021-08-30 04:11 - 000000000 ____D C:\Program Files\Lethal
2021-08-30 02:37 - 2021-04-07 22:11 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2021-08-29 07:12 - 2021-08-29 07:12 - 000057085 _____ C:\Users\kjeff\Desktop\Authorize.auz
2021-08-29 07:08 - 2021-08-29 07:08 - 000000000 ____D C:\Users\kjeff\Documents\Ableton
2021-08-29 06:51 - 2021-08-29 06:51 - 000000871 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 11 Suite.lnk
2021-08-29 06:09 - 2021-08-29 06:15 - 000000000 ____D C:\Users\kjeff\Desktop\Vip.Soundlab.Trap.Beast.HD.Drums.and.Kontakt
2021-08-29 05:36 - 2021-09-09 00:05 - 000000000 ____D C:\Users\kjeff\Documents\Beatskillz - Synthwave Drums 1.0.0 VSTi x86 x64
2021-08-29 04:30 - 2021-08-29 06:12 - 000000000 ____D C:\Users\kjeff\AppData\Local\BitTorrentHelper
2021-08-29 04:30 - 2021-08-29 04:31 - 000000000 ____D C:\Users\kjeff\AppData\LocalLow\BitTorrent
2021-08-29 04:29 - 2021-08-29 06:10 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\BitTorrent
2021-08-29 04:28 - 2021-08-29 04:28 - 000000000 ____D C:\Users\kjeff\AppData\Local\Adaware
2021-08-29 00:55 - 2021-08-29 00:55 - 000000000 ____D C:\ProgramData\inMusic
2021-08-28 06:37 - 2021-08-28 06:42 - 000000000 ____D C:\Users\kjeff\Documents\Track Session
2021-08-28 03:23 - 2021-08-28 03:23 - 000000722 _____ C:\Users\kjeff\AppData\Roaming\PureRef.ini
2021-08-27 20:27 - 2021-09-11 04:23 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-08-27 17:09 - 2021-08-27 17:10 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Process Hacker 2
2021-08-27 15:51 - 2021-08-29 06:52 - 000000000 ____D C:\ProgramData\Ableton
2021-08-27 15:42 - 2021-08-27 15:42 - 000000000 ____D C:\Users\kjeff\Documents\FeedbackHub
2021-08-27 15:17 - 2021-08-27 15:17 - 000001372 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Misc_Apps - Shortcut.lnk
2021-08-27 15:16 - 2021-08-27 15:17 - 000000000 ____D C:\Program Files\Misc_Apps
2021-08-27 15:07 - 2021-08-27 15:08 - 000000691 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notes.lnk
2021-08-27 15:06 - 2021-09-10 06:04 - 000000000 ____D C:\Users\kjeff\Documents\Notes
2021-08-27 15:06 - 2021-08-27 15:06 - 000001385 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Task Scheduler.lnk
2021-08-27 15:01 - 2021-08-27 15:01 - 000002178 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Canvas Pen.lnk
2021-08-27 14:33 - 2021-08-27 14:33 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2021-08-27 14:33 - 2021-08-27 14:33 - 000000000 ____D C:\Program Files (x86)\GPU-Z
2021-08-27 14:19 - 2021-08-27 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2021-08-27 14:19 - 2021-08-27 14:19 - 000000000 ____D C:\Program Files\Process Hacker 2
2021-08-26 05:36 - 2021-08-26 05:36 - 000000279 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2021-08-26 05:16 - 2021-09-16 00:41 - 000000000 ___HD C:\SandBlastBackup
2021-08-26 04:57 - 2021-08-26 04:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
2021-08-26 04:56 - 2020-02-20 19:50 - 000023528 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\epelam.sys
2021-08-26 04:55 - 2021-08-26 04:55 - 000003462 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineUA
2021-08-26 04:55 - 2021-08-26 04:55 - 000003338 _____ C:\WINDOWS\system32\Tasks\CheckPointUpdateTaskMachineCore
2021-08-26 04:55 - 2021-08-26 04:55 - 000000000 ____D C:\Users\kjeff\AppData\Local\CheckPoint
2021-08-26 04:39 - 2021-08-26 04:56 - 000000000 ____D C:\Program Files (x86)\CheckPoint
2021-08-26 04:39 - 2021-08-26 04:39 - 000435647 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2021-08-26 04:39 - 2021-08-26 04:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2021-08-26 04:39 - 2021-08-26 04:39 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2021-08-26 04:38 - 2021-08-26 04:57 - 000000000 ____D C:\ProgramData\CheckPoint
2021-08-25 14:43 - 2021-08-25 18:51 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-08-25 14:43 - 2021-08-25 18:51 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-08-25 01:05 - 2021-08-25 01:05 - 000000000 ____D C:\Users\kjeff\AppData\Local\ESET
2021-08-25 01:04 - 2021-08-25 14:44 - 000000000 ____D C:\KVRT2020_Data
2021-08-25 00:33 - 2021-08-25 00:33 - 000000000 ____D C:\Users\kjeff\AppData\Local\mbam
2021-08-25 00:32 - 2021-08-25 00:32 - 000000000 ____D C:\Program Files\Malwarebytes
2021-08-24 23:24 - 2021-08-24 23:58 - 000000000 ____D C:\ProgramData\regid.1993-06.com.microsoft
2021-08-24 23:24 - 2021-08-24 23:54 - 000000000 ____D C:\Program Files (x86)\Sofware IN LLC
2021-08-24 23:24 - 2021-08-24 23:24 - 000000000 ____D C:\Users\kjeff\AppData\Local\NetSupport
2021-08-24 22:59 - 2021-08-25 00:48 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\qBittorrent
2021-08-24 22:59 - 2021-08-24 22:59 - 000000000 ____D C:\Users\kjeff\AppData\Local\qBittorrent
2021-08-24 21:59 - 2021-08-24 21:59 - 000000000 ____D C:\Users\kjeff\AppData\Local\Melodics
2021-08-24 21:50 - 2021-08-24 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodics
2021-08-24 21:49 - 2021-08-24 21:50 - 000000000 ____D C:\Program Files\Melodics
2021-08-23 21:12 - 2021-08-23 21:12 - 000000000 ____D C:\Users\kjeff\Documents\Bluetooth Exchange Folder
2021-08-23 21:12 - 2021-08-23 21:12 - 000000000 ____D C:\Users\kjeff\AppData\Local\Broadcom
2021-08-23 21:11 - 2021-08-23 21:11 - 000000000 ____D C:\Program Files\WIDCOMM
2021-08-23 21:11 - 2016-02-17 14:00 - 000213312 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
2021-08-23 21:11 - 2016-02-17 14:00 - 000186152 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcbtums.sys
2021-08-23 21:11 - 2015-12-16 22:18 - 000049952 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwl2cap.sys
2021-08-23 21:11 - 2015-12-09 18:47 - 000262440 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwavdt.sys
2021-08-23 21:11 - 2015-12-09 18:47 - 000212760 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwaudio.sys
2021-08-23 21:11 - 2015-11-04 14:40 - 000047392 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwrchid.sys
2021-08-23 21:11 - 2015-08-05 12:19 - 000071148 _____ C:\WINDOWS\system32\Drivers\BCM20702A1_001.002.014.1502.1764.hex
2021-08-20 00:34 - 2021-08-20 00:35 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.9
2021-08-20 00:34 - 2021-08-20 00:34 - 000000000 ____D C:\Users\kjeff\AppData\Local\Package Cache
2021-08-18 20:05 - 2021-08-18 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-08-18 20:04 - 2021-08-18 20:05 - 000000000 ____D C:\Program Files\iTunes
2021-08-18 20:02 - 2021-08-18 20:02 - 000000000 ____D C:\Users\kjeff\AppData\Local\Apple Inc
2021-08-18 20:01 - 2021-08-18 20:01 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Apple Computer
2021-08-18 20:01 - 2021-08-18 20:01 - 000000000 ____D C:\Users\kjeff\AppData\Local\Apple Computer
2021-08-18 20:01 - 2021-08-18 20:01 - 000000000 ____D C:\ProgramData\Apple Computer
2021-08-18 19:57 - 2021-08-18 19:57 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2021-08-18 19:57 - 2021-08-18 19:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-08-18 19:57 - 2021-08-18 19:57 - 000000000 ____D C:\Users\kjeff\AppData\Local\Apple
2021-08-18 19:57 - 2021-08-18 19:57 - 000000000 ____D C:\Program Files\Common Files\Apple
2021-08-18 19:57 - 2021-08-18 19:57 - 000000000 ____D C:\Program Files\Bonjour
2021-08-18 19:57 - 2021-08-18 19:57 - 000000000 ____D C:\Program Files (x86)\Bonjour
2021-08-18 19:57 - 2021-08-18 19:57 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2021-08-18 07:05 - 2021-08-18 07:05 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Audient
2021-08-18 06:59 - 2021-08-18 06:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audient
2021-08-18 06:58 - 2021-07-12 04:10 - 000381496 _____ () C:\WINDOWS\system32\Drivers\audientusbaudio.sys
2021-08-18 06:58 - 2021-07-12 04:10 - 000053816 _____ () C:\WINDOWS\system32\Drivers\audientusbaudioks.sys
2021-08-18 06:14 - 2021-08-18 06:59 - 000000000 ____D C:\Program Files\Audient
2021-08-18 04:58 - 2021-08-18 04:58 - 000000000 ____D C:\WINDOWS\system32\configBak
2021-08-18 04:43 - 2021-08-18 04:43 - 000000000 ____D C:\WINDOWS\system32\config\backup
2021-08-18 04:35 - 2021-08-18 04:35 - 000000000 ____D C:\EFI
2021-08-17 05:55 - 2021-08-18 03:37 - 000011520 _____ C:\WINDOWS\PE_Rom.dll
2021-08-17 05:52 - 2021-08-17 05:52 - 000000000 _____ C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTeK_ROG STRIX B450-F GAMING.alu
2021-08-17 05:45 - 2021-08-27 15:14 - 000000000 ____D C:\ProgramData\SS3
2021-08-17 05:45 - 2021-08-18 02:22 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-08-17 05:45 - 2021-08-17 05:45 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Studio 3.lnk
2021-08-17 05:45 - 2021-08-17 05:45 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Radar 3.lnk
2021-08-17 05:45 - 2021-08-17 05:45 - 000000000 ____D C:\Program Files\Realtek
2021-08-17 05:45 - 2021-08-17 05:45 - 000000000 ____D C:\Program Files\ASUSTeKcomputer.Inc
2021-08-17 05:45 - 2019-07-03 14:01 - 015218512 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE3.dll
2021-08-17 05:45 - 2019-07-03 14:01 - 003306704 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2021-08-17 05:45 - 2019-07-03 14:01 - 002197872 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2021-08-17 05:45 - 2019-07-03 14:01 - 001382128 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2021-08-17 05:45 - 2019-07-03 14:01 - 001337528 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2021-08-17 05:45 - 2019-07-03 14:01 - 000852024 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2021-08-17 05:45 - 2019-07-03 14:01 - 000604688 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2021-08-17 05:45 - 2019-07-03 14:01 - 000447072 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 072520600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2021-08-17 05:44 - 2019-07-03 17:00 - 007178360 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 007101632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 006886992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2021-08-17 05:44 - 2019-07-03 17:00 - 006270080 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 003676960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2021-08-17 05:44 - 2019-07-03 17:00 - 003159664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 002930040 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 001159072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 001003744 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000416400 _____ (Harman) C:\WINDOWS\system32\HMUI.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000378272 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000266440 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000154256 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000122208 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000118480 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000105200 _____ C:\WINDOWS\system32\audioLibVc.dll
2021-08-17 05:44 - 2019-07-03 17:00 - 000023584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 003445632 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 003168280 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 001435032 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 001110064 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000964912 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000873352 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000541008 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000467048 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000381296 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000230592 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000218160 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000174832 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000158584 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2021-08-17 05:44 - 2019-07-03 14:01 - 000075432 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 006463760 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV3apo.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 005938800 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 005593504 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 005347096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 003753024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 003340296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 003266984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 002992288 _____ (Audyssey Labs) C:\WINDOWS\system32\AudysseyEfx.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 002444792 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001971472 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001965264 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001788064 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001611064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOv251gm.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001598504 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001544360 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001516376 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001396840 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001386680 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001372496 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001353208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001294184 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001287704 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOvlldpgm.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001259832 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001180792 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001078576 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 001061464 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000934848 _____ (ICEpower A/S) C:\WINDOWS\system32\ICEsoundAPO64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000751408 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000734880 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000715752 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000692056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000511776 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000453168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000452840 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000448712 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000406560 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000392760 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000367712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000366224 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000360448 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000343600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000333112 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000327160 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000327160 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000316080 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000278376 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000261336 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000261304 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000260320 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000231808 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000220280 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000203944 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000192872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000191040 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000191040 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000179728 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000167224 _____ (ASUSTeK COMPUTER INC.) C:\WINDOWS\system32\ATKWMI.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000157232 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000139648 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000116432 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000093792 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000090808 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000090064 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000088208 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2021-08-17 05:44 - 2019-07-03 14:00 - 000083512 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2021-08-17 05:44 - 2019-07-03 13:29 - 033399859 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2021-08-17 05:44 - 2019-07-03 13:29 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2021-08-17 05:43 - 2020-10-15 13:59 - 000034064 ____N (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2021-08-17 05:40 - 2019-07-02 03:58 - 000034112 _____ C:\WINDOWS\SysWOW64\Drivers\AsUpIO.sys
2021-08-17 05:39 - 2021-08-17 05:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS
2021-08-17 05:30 - 2021-08-17 05:30 - 000003228 _____ C:\WINDOWS\system32\Tasks\SS3svc64Run
2021-08-17 05:28 - 2021-08-17 05:29 - 000000000 ____D C:\AMD
2021-08-17 05:28 - 2021-08-17 05:28 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\AMD
2021-08-17 05:28 - 2021-08-17 05:28 - 000000000 ____D C:\Users\kjeff\AppData\Local\setup
2021-08-17 05:28 - 2021-08-17 05:28 - 000000000 ____D C:\Program Files (x86)\AMD
2021-08-17 05:23 - 2021-08-17 05:23 - 000003220 _____ C:\WINDOWS\system32\Tasks\SS3svc32Run
2021-08-17 05:22 - 2021-08-18 02:22 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2021-08-17 05:22 - 2021-08-17 05:45 - 000000000 ___HD C:\Program Files (x86)\Temp
2021-08-17 05:22 - 2021-08-17 05:45 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-08-17 05:22 - 2021-08-17 05:45 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-08-17 05:22 - 2021-08-17 05:45 - 000000000 ____D C:\ProgramData\Audyssey Labs
2021-08-17 05:22 - 2021-08-17 05:22 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2021-08-17 05:22 - 2019-04-15 07:13 - 002856624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2021-08-12 04:25 - 2021-08-28 07:18 - 006216336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-08-12 02:56 - 2021-08-27 15:10 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-08-12 02:56 - 2021-08-12 02:56 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2021-08-12 02:47 - 2021-08-12 02:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-08-12 02:47 - 2021-08-12 02:47 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-08-10 00:07 - 2021-08-10 00:12 - 000000000 ____D C:\Users\kjeff\Documents\Untitled
2021-08-10 00:06 - 2021-08-10 00:06 - 000000000 ____D C:\Users\kjeff\AppData\Local\Avid
2021-08-10 00:05 - 2021-08-30 04:33 - 000000000 ____D C:\Program Files\Common Files\Avid
2021-08-10 00:05 - 2021-08-10 00:05 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Avid
2021-08-09 23:57 - 2016-04-12 09:12 - 000000000 ____D C:\Program Files\Pro Tools
2021-08-09 15:18 - 2021-08-09 15:18 - 000000000 ____D C:\Program Files (x86)\Kingsoft
2021-08-09 00:25 - 2021-08-09 00:25 - 002607473 _____ (Glorious ) C:\WINDOWS\unins001.exe
2021-08-09 00:25 - 2021-08-09 00:25 - 000022940 _____ C:\WINDOWS\unins001.dat
2021-08-09 00:25 - 2021-08-09 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glorious Core
2021-08-09 00:25 - 2021-08-09 00:25 - 000000000 ____D C:\Program Files (x86)\Glorious Core
2021-08-08 20:37 - 2021-08-08 20:37 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-08-04 05:06 - 2021-08-04 05:06 - 000000000 ____D C:\Users\kjeff\AppData\Local\ToastNotificationManagerCompat
2021-08-04 05:05 - 2021-09-10 02:25 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Proton Technologies AG
2021-08-04 05:05 - 2021-09-10 02:25 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2021-08-02 06:37 - 2021-08-02 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PotPlayer
2021-07-23 04:14 - 2021-08-28 07:21 - 000750224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-07-22 01:08 - 2021-07-22 01:08 - 000001990 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HarmonyPremium.lnk
2021-07-22 01:07 - 2021-07-22 01:07 - 000000000 ____D C:\Users\kjeff\AppData\Local\Toon Boom Animation
2021-07-22 01:06 - 2021-07-22 01:06 - 000000000 ____D C:\Users\kjeff\Documents\Toon Boom Harmony Premium Library
2021-07-22 01:05 - 2021-07-22 01:05 - 000000000 ____D C:\ProgramData\FLEXnet
2021-07-22 01:03 - 2021-07-22 01:03 - 000000000 ____D C:\ProgramData\FNP
2021-07-22 00:51 - 2021-09-16 05:04 - 000000000 ____D C:\flexlm
2021-07-22 00:51 - 2021-07-22 01:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Harmony 17 Premium
2021-07-22 00:48 - 2021-07-22 00:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Harmony 20 Premium
2021-07-22 00:47 - 2021-07-22 00:47 - 000000000 ____D C:\Program Files (x86)\Toon Boom Animation
2021-07-22 00:06 - 2021-07-22 01:07 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Toon Boom Animation
2021-07-22 00:06 - 2021-07-22 00:06 - 000000000 ____D C:\Program Files\Common Files\Macrovision Shared
2021-07-21 23:37 - 2021-07-21 23:37 - 000000000 ____D C:\ProgramData\Toon Boom Animation
2021-07-21 23:32 - 2021-07-22 00:47 - 000000000 ____D C:\WINDOWS\Downloaded Installations
2021-07-18 01:54 - 2021-07-18 01:54 - 000001333 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostrunner.lnk
2021-07-18 01:45 - 2021-07-18 01:45 - 000004336 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\witcher3.lnk
2021-07-18 01:39 - 2021-07-18 01:39 - 000000000 ____D C:\Users\kjeff\AppData\Local\Pathless
2021-07-18 01:38 - 2021-07-18 01:38 - 000001009 _____ C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pathless.lnk
2021-07-17 23:19 - 2021-09-15 05:12 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Dual Monitor Tools
2021-07-17 23:19 - 2021-07-17 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dual Monitor Tools
2021-07-17 23:19 - 2021-07-17 23:19 - 000000000 ____D C:\Program Files (x86)\Dual Monitor Tools
2021-07-17 04:48 - 2021-07-17 04:48 - 000000000 ____D C:\Users\kjeff\AppData\Local\Ghostrunner
2021-07-17 03:45 - 2021-07-17 03:45 - 000000000 ____D C:\Users\kjeff\AppData\Local\Ghostrunner_Demo
2021-07-15 23:59 - 2021-07-15 23:59 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-15 23:59 - 2021-07-15 23:59 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-15 23:59 - 2021-07-15 23:59 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-15 23:59 - 2021-07-15 23:59 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-14 02:36 - 2021-09-02 03:33 - 000000000 ____D C:\Program Files\Sublime Text 3
2021-07-12 04:45 - 2021-07-12 04:45 - 000003208 _____ C:\WINDOWS\system32\Tasks\Kill JDownloader
2021-07-12 04:44 - 2021-07-12 04:44 - 000003164 _____ C:\WINDOWS\system32\Tasks\Sleep
2021-07-12 04:38 - 2021-08-20 00:40 - 000000000 ____D C:\Users\kjeff\Documents\Scripts
2021-07-12 04:04 - 2021-07-12 04:04 - 000000000 __HDL C:\Users\kjeff\Dropbox
2021-07-09 00:14 - 2021-07-09 05:12 - 000000000 ____D C:\ProgramData\Jellyfin
2021-07-09 00:14 - 2021-07-09 00:14 - 000000000 ____D C:\Users\kjeff\AppData\Local\ASP.NET
2021-07-09 00:12 - 2021-07-09 05:12 - 000000000 ____D C:\Program Files\Jellyfin
2021-07-08 23:26 - 2021-07-09 00:16 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\vlc
2021-07-08 23:25 - 2021-07-18 02:04 - 000000000 ____D C:\Program Files\VideoLAN
2021-07-07 02:10 - 2021-07-08 00:35 - 000000000 ____D C:\Users\kjeff\AppData\Local\CocCoc
2021-07-07 02:10 - 2021-07-08 00:35 - 000000000 ____D C:\Program Files (x86)\CocCoc
2021-07-07 02:10 - 2021-07-07 02:14 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\CocCoc
2021-07-07 02:10 - 2021-07-07 02:10 - 000000000 ____D C:\ProgramData\CocCoc
2021-06-28 16:08 - 2021-06-28 16:08 - 000057064 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll
2021-06-28 16:07 - 2021-06-28 16:07 - 000924904 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe
2021-06-28 16:07 - 2021-06-28 16:07 - 000924392 _____ (Python Software Foundation) C:\WINDOWS\py.exe
2021-06-25 03:32 - 2021-06-25 03:32 - 000000000 ____D C:\WINDOWS\Minidump
2021-06-25 01:24 - 2021-06-25 01:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haste
2021-06-24 22:32 - 2021-06-24 22:32 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-06-24 22:32 - 2021-06-24 22:32 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-06-24 22:32 - 2021-06-24 22:32 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-06-24 22:32 - 2021-06-24 22:32 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-06-23 02:50 - 2021-06-21 03:43 - 000037664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-06-23 01:56 - 2021-05-04 02:49 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-06-22 04:54 - 2021-06-22 04:54 - 000000000 ____D C:\Program Files\Pixologic
2021-06-18 03:58 - 2021-06-18 03:58 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2021-06-18 03:57 - 2021-08-12 00:34 - 000000000 ____D C:\Users\kjeff\AppData\Local\JDownloader 2.0
 
==================== Three months (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-09-16 15:26 - 2020-04-28 05:07 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2021-09-16 15:24 - 2020-07-04 19:44 - 000483156 _____ C:\WINDOWS\system32\perfh011.dat
2021-09-16 15:24 - 2020-07-04 19:44 - 000131552 _____ C:\WINDOWS\system32\perfc011.dat
2021-09-16 15:24 - 2020-06-12 13:10 - 001446070 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-16 15:24 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-16 15:23 - 2020-04-20 10:50 - 000000000 ____D C:\ProgramData\NVIDIA
2021-09-16 15:22 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-16 15:21 - 2020-04-20 18:35 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\discord
2021-09-16 15:20 - 2020-04-22 00:10 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-16 15:20 - 2020-04-21 23:27 - 000000000 ____D C:\ProgramData\Autodesk
2021-09-16 15:20 - 2020-04-21 04:02 - 000000000 ____D C:\Users\kjeff\AppData\Local\Dropbox
2021-09-16 15:19 - 2020-04-20 18:35 - 000000000 ____D C:\Users\kjeff\AppData\Local\Discord
2021-09-16 15:18 - 2020-04-20 13:57 - 000013868 _____ C:\CosairDram.txt
2021-09-16 15:18 - 2020-04-20 08:44 - 000000000 ____D C:\ProgramData\ASUS
2021-09-16 15:17 - 2020-06-12 13:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-16 15:17 - 2020-06-12 13:04 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-16 15:17 - 2020-06-12 13:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-16 15:17 - 2020-06-02 03:04 - 000008192 _____ C:\WINDOWS\SysWOW64\edb.chk
2021-09-16 15:17 - 2020-04-20 08:44 - 000807280 _____ C:\WINDOWS\system32\wpbbin.exe
2021-09-16 15:17 - 2020-04-20 08:44 - 000768408 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2021-09-16 15:16 - 2020-06-12 13:05 - 000000000 ____D C:\Users\kjeff
2021-09-16 11:56 - 2021-05-31 14:43 - 000000000 ____D C:\Users\kjeff\AppData\LocalLow\Mozilla
2021-09-16 10:36 - 2020-09-21 19:16 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{BA26D84C-DDDA-46B7-826F-17EC2056C5B6}
2021-09-16 05:38 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-16 05:38 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-16 05:06 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-09-16 04:33 - 2019-12-07 04:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-09-16 04:17 - 2020-07-29 16:05 - 000000000 ____D C:\Users\kjeff\AppData\Local\Battle.net
2021-09-16 01:17 - 2020-09-20 01:11 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2021-09-16 01:13 - 2020-04-20 10:53 - 000000000 ____D C:\ProgramData\Package Cache
2021-09-15 23:13 - 2020-04-28 05:08 - 000000000 ____D C:\ProgramData\Emsisoft
2021-09-15 23:12 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-15 21:03 - 2020-04-22 00:11 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-15 20:56 - 2020-04-20 13:45 - 000000000 ____D C:\Users\kjeff\AppData\Local\D3DSCache
2021-09-15 20:13 - 2021-06-14 02:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-09-15 20:06 - 2020-04-20 08:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-09-15 20:06 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-15 17:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-09-15 17:36 - 2021-05-31 14:43 - 000000000 ____D C:\ProgramData\Mozilla
2021-09-15 17:34 - 2021-05-31 14:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-09-15 16:41 - 2020-04-21 04:02 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-09-15 05:12 - 2020-04-20 15:31 - 000000000 ____D C:\Users\kjeff\AppData\Local\CrashDumps
2021-09-13 18:17 - 2020-04-20 11:50 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-12 07:17 - 2021-02-01 22:35 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Origin
2021-09-12 03:27 - 2021-02-01 22:35 - 000000000 ____D C:\Users\kjeff\AppData\Local\Origin
2021-09-12 03:27 - 2021-02-01 22:35 - 000000000 ____D C:\ProgramData\Origin
2021-09-12 00:19 - 2020-04-29 19:04 - 000000000 ____D C:\Users\kjeff\AppData\Local\.IdentityService
2021-09-11 02:10 - 2020-07-29 16:04 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-09-10 06:39 - 2020-07-31 15:45 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Cycling '74
2021-09-10 03:11 - 2020-07-29 16:12 - 000000000 ____D C:\Program Files (x86)\Overwatch
2021-09-10 02:52 - 2020-05-09 00:20 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-09-10 02:23 - 2020-04-20 08:52 - 000000000 ____D C:\Users\kjeff\AppData\Local\PlaceholderTileLogoFolder
2021-09-10 02:17 - 2020-04-20 08:50 - 000000000 ____D C:\Users\kjeff\AppData\Local\Packages
2021-09-09 09:20 - 2020-06-12 13:04 - 001139416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-09 09:19 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-09 09:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-09 09:19 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-09 04:25 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-09 04:02 - 2021-02-21 22:20 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-09-09 02:51 - 2020-04-20 08:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-09 01:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-09 01:29 - 2021-06-16 00:00 - 000000000 ____D C:\Users\kjeff\Documents\Tablet_presets
2021-09-09 01:15 - 2020-04-21 23:34 - 000000000 ____D C:\Users\kjeff\Documents\maya
2021-09-07 23:27 - 2021-05-02 05:02 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Telegram Desktop
2021-09-07 03:49 - 2020-04-20 18:35 - 000000000 ____D C:\Users\kjeff\AppData\Local\SquirrelTemp
2021-09-05 00:26 - 2021-04-12 22:27 - 000000000 ____D C:\Users\kjeff\AppData\Local\Downloaded Installations
2021-09-01 21:34 - 2021-02-01 22:36 - 000000000 ____D C:\Program Files (x86)\Origin
2021-08-31 02:18 - 2021-05-29 18:34 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-08-30 23:52 - 2020-04-20 10:52 - 000803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-08-30 07:29 - 2020-04-21 23:26 - 000000000 ____D C:\Users\kjeff\AppData\Local\Autodesk
2021-08-30 05:09 - 2020-06-22 00:17 - 000000000 ____D C:\Program Files\Black Tree Gaming Ltd
2021-08-29 06:58 - 2020-07-31 12:19 - 000000398 __RSH C:\ProgramData\ntuser.pol
2021-08-28 07:18 - 2020-06-02 03:48 - 007280848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-08-27 17:30 - 2020-06-07 04:06 - 000000000 ____D C:\Program Files\TouchZoomDesktop
2021-08-27 17:30 - 2020-06-07 04:06 - 000000000 ____D C:\Program Files\TouchMousePointer
2021-08-27 05:07 - 2021-04-07 22:25 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\gnupg
2021-08-27 04:43 - 2020-06-12 13:10 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-06-12 13:10 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-06-12 13:10 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-06-12 13:10 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-06-12 13:10 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-06-12 13:10 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-06-12 13:10 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-06-12 13:10 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:43 - 2020-04-20 08:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-08-27 04:42 - 2020-06-12 13:10 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:42 - 2020-06-12 13:10 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-08-27 04:42 - 2020-04-20 10:53 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-08-27 04:42 - 2020-04-20 08:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-08-26 06:50 - 2020-10-28 02:07 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-08-25 13:27 - 2020-08-19 00:18 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Unpacker
2021-08-25 01:53 - 2020-07-31 12:24 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Ableton
2021-08-25 01:50 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-08-23 22:23 - 2020-07-31 15:45 - 000000000 ____D C:\Users\kjeff\Documents\Max 8
2021-08-23 20:59 - 2020-06-26 17:34 - 000000000 ____D C:\Users\kjeff\AppData\Local\ElevatedDiagnostics
2021-08-20 00:31 - 2020-04-29 19:34 - 000008403 _____ C:\Users\kjeff\.bash_history
2021-08-18 19:57 - 2020-06-04 03:01 - 000000000 ____D C:\ProgramData\Apple
2021-08-18 04:35 - 2019-12-07 04:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-08-18 02:28 - 2021-02-05 14:20 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Glorious Core
2021-08-18 00:32 - 2020-06-12 13:10 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-08-18 00:32 - 2020-06-12 13:10 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-08-17 05:44 - 2020-04-20 13:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-08-17 05:42 - 2020-04-21 04:02 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-08-17 05:42 - 2020-04-21 04:02 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-08-17 05:41 - 2020-04-20 11:56 - 000000000 ____D C:\Program Files\WinRAR
2021-08-17 05:40 - 2020-04-20 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-08-17 05:39 - 2020-04-20 08:50 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-08-17 05:20 - 2020-04-20 11:56 - 000000000 ____D C:\Users\kjeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-17 05:20 - 2020-04-20 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-08-17 01:22 - 2021-02-21 22:20 - 000740168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-08-17 01:22 - 2021-02-21 22:20 - 000486728 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
 
==================== Files in the root of some directories ========
 
2021-06-14 01:51 - 2021-08-01 23:53 - 000001137 _____ () C:\Users\kjeff\AppData\Roaming\Coolorus 2
2021-08-31 03:40 - 2021-09-11 22:43 - 000000032 _____ () C:\Users\kjeff\AppData\Roaming\msregsvv.dll
2021-08-28 03:23 - 2021-08-28 03:23 - 000000722 _____ () C:\Users\kjeff\AppData\Roaming\PureRef.ini
2021-09-16 00:58 - 2021-09-16 15:23 - 000010962 _____ () C:\Users\kjeff\AppData\Roaming\Safer-Networking.log
2020-05-03 21:44 - 2020-05-04 04:15 - 000000128 _____ () C:\Users\kjeff\AppData\Roaming\winscp.rnd
2020-10-28 02:01 - 2021-04-01 22:15 - 000000615 _____ () C:\Users\kjeff\AppData\Local\oobelibMkey.log
2020-05-03 21:47 - 2020-05-04 04:13 - 000000128 _____ () C:\Users\kjeff\AppData\Local\PUTTY.RND
2020-04-20 22:51 - 2021-07-23 04:11 - 000007597 _____ () C:\Users\kjeff\AppData\Local\resmon.resmoncfg
 
==================== FLock ==============================
 
2021-09-16 00:41 C:\SandBlastBackup
 
==================== SigCheckExt =========================
 
2019-03-18 23:45 - 2019-03-18 23:45 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionMgr.dll
2020-04-20 11:14 - 2020-04-20 11:14 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2019-03-18 23:44 - 2019-03-18 23:44 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\canonurl.dll
2019-03-18 23:45 - 2019-03-18 23:45 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CMFNVSDeviceBridge.dll
2020-07-15 14:03 - 2019-01-25 23:43 - 000145920 _____ (Nicomsoft Ltd.) C:\WINDOWS\system32\DDCHelper.dll
2020-07-15 14:03 - 2019-01-25 23:43 - 000125440 _____ (Nicomsoft Ltd.) C:\WINDOWS\system32\DDCHelperX.dll
2019-03-18 23:43 - 2019-03-18 23:43 - 000759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2019-03-18 23:43 - 2019-03-18 23:43 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2020-06-14 17:16 - 2021-07-28 21:30 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2020-04-20 11:14 - 2020-04-28 05:06 - 000006656 _____ C:\WINDOWS\system32\lpcio.dll
2019-03-18 23:43 - 2019-03-18 23:43 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mitigationscanner.exe
2009-11-09 13:21 - 2009-11-09 13:21 - 000066560 _____ C:\WINDOWS\system32\ntrights.exe
2019-03-18 23:45 - 2019-03-18 23:45 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureBioSysprep.dll
2020-04-20 08:50 - 2020-06-12 13:11 - 000366592 _____ C:\WINDOWS\system32\syncas.dll
2019-03-18 23:44 - 2019-03-18 23:44 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.ShellPosition.dll
2021-08-17 05:55 - 2021-08-18 03:37 - 000011520 _____ C:\WINDOWS\PE_Rom.dll
2021-08-09 00:25 - 2021-08-09 00:25 - 002607473 _____ (Glorious ) C:\WINDOWS\unins001.exe
2015-03-17 01:34 - 2015-03-17 01:34 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl71.dll
2019-03-18 23:45 - 2019-03-18 23:45 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\canonurl.dll
2020-07-15 14:03 - 2019-01-25 23:43 - 000131584 _____ (Nicomsoft Ltd.) C:\WINDOWS\SysWOW64\DDCHelper.dll
2020-07-15 14:03 - 2019-01-25 23:43 - 000108032 _____ (Nicomsoft Ltd.) C:\WINDOWS\SysWOW64\DDCHelperX.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 001060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL
2015-03-17 01:34 - 2015-03-17 01:34 - 001047552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71u.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2020-06-02 03:21 - 2021-06-13 06:15 - 000001536 _____ C:\WINDOWS\SysWOW64\RtkMsgs.dll
2021-08-31 03:40 - 2021-09-11 22:43 - 000000032 _____ C:\Users\kjeff\AppData\Roaming\msregsvv.dll
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
==================== BCD ================================
 
Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {a5e912f2-ffee-11eb-9630-806e6f6e6963}
                        {f15bab7c-8314-11ea-8171-a85e4552dc8d}
timeout                 1
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume6
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {48a9c4ca-acf0-11ea-9968-ea0672ac7218}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Firmware Application (101fffff)
-------------------------------
identifier              {a5e912f2-ffee-11eb-9630-806e6f6e6963}
device                  partition=C:
path                    \EFI\MICROSOFT\BOOT\BOOTMGFW.EFI
description             Windows Boot Manager
 
Firmware Application (101fffff)
-------------------------------
identifier              {f15bab7c-8314-11ea-8171-a85e4552dc8d}
description             Hard Drive
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {48a9c4cc-acf0-11ea-9968-ea0672ac7218}
displaymessageoverride  StartupRepair
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {48a9c4ca-acf0-11ea-9968-ea0672ac7218}
nx                      OptIn
bootmenupolicy          Standard
useplatformclock        No
 
Windows Boot Loader
-------------------
identifier              {48a9c4cc-acf0-11ea-9968-ea0672ac7218}
device                  ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{48a9c4cd-acf0-11ea-9968-ea0672ac7218}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{48a9c4cd-acf0-11ea-9968-ea0672ac7218}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {48a9c4ca-acf0-11ea-9968-ea0672ac7218}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {48a9c4cc-acf0-11ea-9968-ea0672ac7218}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume6
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {48a9c4cd-acf0-11ea-9968-ea0672ac7218}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume5
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
==================== End of FRST.txt ========================

  • 0

Advertisements

#2
DR M
Posted 16 September 2021 - 11:53 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,110 posts

Hello, John.

 

Welcome to Geeks to Go Forums. EPFGbk7.gif

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

 

==========================

 

Having a look on the log you pasted above, I noticed that you didn't post the Addition.txt log. Right now, it is on G, where the FRST tool and the FRST.txt log are located.

 

Please attach it for me. 

 

(To attach any files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#3
DR M
Posted 17 September 2021 - 12:43 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,110 posts

In case you didn't see my addition to the above post:
 

Having a look on the log you pasted above, I noticed that you didn't post the Addition.txt log. Right now, it is on G, where the FRST tool and the FRST.txt log are located.
 
Please attach it for me. 
 
 (To attach any files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)


  • 0

#4
LuckyJohn
Posted 17 September 2021 - 02:23 AM

LuckyJohn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Sorry for the wait. 

 

------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by kjeff (16-09-2021 15:28:19)
Running from G:\
Windows 10 Pro Version 21H1 19043.1202 (X64) (2020-06-12 18:11:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
AB33D31996D84B71B4DA (S-1-5-21-881886857-835413342-2016909866-1004 - Limited - Enabled)
Administrator (S-1-5-21-881886857-835413342-2016909866-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-881886857-835413342-2016909866-503 - Limited - Disabled)
Guest (S-1-5-21-881886857-835413342-2016909866-501 - Limited - Disabled)
kjeff (S-1-5-21-881886857-835413342-2016909866-1001 - Administrator - Enabled) => C:\Users\kjeff
WDAGUtilityAccount (S-1-5-21-881886857-835413342-2016909866-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Emsisoft Anti-Malware Home (Enabled - Up to date) {5FD8BF8F-F242-6153-61B5-8FF333E8736B}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ZoneAlarm Pro Firewall (Enabled) {841A2C1E-F526-E32F-8E57-7FBF8B0698E4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\1Password) (Version: 7.7.810 - AgileBits Inc.)
Ableton Live 11 Suite (HKLM\...\{A0DC0023-741F-4566-BE77-E09109DCEC5A}) (Version: 11.0.0.0 - Ableton) Hidden
Ableton Live 11 Suite (HKLM-x32\...\{a7b13b95-2123-495b-b93e-f6c8ffa15b67}) (Version: 11.0.0.0 - Ableton)
adaware antivirus (HKLM-x32\...\{F0B00868-11FB-47F0-B730-FF5398F30745}_AdAwareInstaller) (Version: 12.10.158.0 - adaware)
AdAwareInstaller (HKLM\...\{F0B00868-11FB-47F0-B730-FF5398F30745}) (Version: 12.10.158.0 - adaware) Hidden
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_3) (Version: 24.3 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_0) (Version: 22.0.0.35 - Adobe Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.69 - ASUSTeK Computer Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.11.26.106 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{ac726f18-c961-4fa1-a46d-6f0c644cd12b}) (Version: 2.11.26.106 - Advanced Micro Devices, Inc.) Hidden
AmpliTube 5 version 5.0.3 (HKLM\...\{D831D61F-EBF5-4158-AEE1-F58A7B8C04C8}_is1) (Version: 5.0.3 - IK Multimedia)
Analog Lab V 5.3.0 (HKLM-x32\...\Analog Lab V_is1) (Version: 5.3.0 - Arturia)
Antares Auto-Tune Pro (HKLM\...\Auto-Tune Pro_is1) (Version: 9.1.0 - Antares)
AntimalwareEngine (HKLM\...\{845A6828-18F2-4C1E-A858-D8BFDE48FF35}) (Version: 3.1.268.0 - adaware) Hidden
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Arturia Software Center 2.2.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 2.2.1 - Arturia)
Arturia USB MIDI Driver v4.66.0 (HKLM-x32\...\Software_Arturia_arturiausbmidi_Setup) (Version: 4.66.0 - Arturia)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{e8758547-b06a-4534-a291-d9062d2a6bf6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{b8af8e27-5c72-412c-bab7-dc6430e70f1b}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{e46f527f-1e64-4554-abc1-115f3429c25c}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{7f23d3ea-a821-4293-b7f7-34383bf06437}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{12b6811a-dcdb-43c1-b3e4-80aef31134c5}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{277875e0-972c-4705-b09c-ca5acf5b2f7c}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.38 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{55c3ae30-56f9-48ea-a96d-1fad2739e1a2}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{ae71a627-f426-4c18-afc9-b379b0e88f97}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{a3a1beb0-9f5b-4b4e-8cfa-ef25842faf55}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{d25743f5-a12e-4fa8-a426-6ee9c7b2ef9c}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{3fb92594-5d14-44b6-aa83-5e9823daa7e8}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.4501 - ASUSTeK COMPUTER INC) Hidden
Asus Sonic Radar 3 (HKLM-x32\...\{f302c1fc-67c2-40b1-93c7-266d93310a2d}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus Sonic Studio 3 (HKLM-x32\...\{44d9a0cd-0414-49c0-8488-dc0849f46bd1}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC)
Asus SonicRadar3Setup (HKLM\...\{09AE428F-CB54-42C8-8342-D0EC6E4136D0}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Asus SonicStudio3Setup (HKLM\...\{ACA23ED7-018F-47AE-8C9C-2096E1455DA4}) (Version: 3.6.45.60920 - ASUSTeK COMPUTER INC) Hidden
Audient USB Audio Driver v4.2.0 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 4.2.0 - Audient)
AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.07.71 - ASUSTeK Computer Inc.)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.30 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{e6f373bb-3881-463c-bd1a-3c948b067041}) (Version: 1.0.30 - ASUS) Hidden
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.03.56 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{fae81274-d8ce-4fcf-a8c8-2c1d949df742}) (Version: 3.03.56 - ASUSTeK Computer Inc.)
Autodesk Advanced Material Library Low Resolution Image Library 2021 (HKLM-x32\...\{AB7DC10F-1D72-4F90-988F-CDC2D6323A48}) (Version: 19.1.23.0 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{B4545986-9002-4090-9E58-44F985F2FF4F}) (Version: 19.1.23.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.2.0.34 - Autodesk)
Autodesk Genuine Service (HKLM\...\{879EB006-4A55-4873-8BC5-2183B2B5E0F5}) (Version: 4.1.2.25 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2021 (HKLM-x32\...\{69D8FFED-B14E-4998-BBC2-535006E195D6}) (Version: 19.1.23.0 - Autodesk)
Autodesk Maya 2020 (HKLM\...\{0EBFFCF6-F972-4D40-863F-E673B5C38236}) (Version: 20.4.0.1627 - Autodesk) Hidden
Autodesk Maya 2022 (HKLM\...\{8B1E10C5-191A-33AD-83FD-8D0F9B1A9DBD}) (Version: 2022.0.0.217 - Autodesk, Inc.)
Autodesk Maya 2022 (HKLM\...\{976D7A66-A5CC-443B-9880-6EFC5CEFCD11}) (Version: 22.0.0.217 - Autodesk) Hidden
Autodesk Single Sign On Component (HKLM\...\{D3715C06-96BD-4E88-A18D-8CA9FDD332D6}) (Version: 12.2.2.1802 - Autodesk)
AWS Command Line Interface v2 (HKLM\...\{6189DED0-023E-44BF-AFFE-3AD85A35F5E4}) (Version: 2.0.10.0 - Amazon Web Services)
Axiom (HKLM\...\Blue Cat's Axiom_is1) (Version: 1.0.0 - Blue Cat Audio & Team V.R)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BIAS Amp 2 (HKLM\...\BIAS AMP 2 Pack (64bit)_is1) (Version: 2.2.1.1289 - Positive Grid & Team V.R)
Bifrost Extension 2.2.1.0 for Maya 2022 (HKLM\...\{F2EA156C-FBCF-4933-B551-7EF2E6970F66}) (Version: 2.2.1.0 - Autodesk)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.6-355 - House of Life)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Calibrize 2.0 (HKLM-x32\...\Calibrize_is1) (Version:  - Colorjinn)
Canvas Installer (HKLM-x32\...\{1813307D-70AA-425F-A4B4-0D8F9EA43376}) (Version: 1.4.9.0 - Dell Inc.)
Canvas Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-37 - Wacom Technology Corp.)
Check Point Early Launch Anti-Malware driver (HKLM-x32\...\{7F36E030-2513-4140-B1E4-D8FB1CFF4214}) (Version: 8.60.6.1501 - Check Point Software Technologies Ltd.) Hidden
Check Point SBA (HKLM\...\{ED8CFEAD-5428-4693-ABE6-8489F9E5503A}) (Version: 86.6.7113 - Check Point Software Technologies Ltd.) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
CMake (HKLM\...\{859D3A77-6AF2-4359-8C9A-557E28799C41}) (Version: 3.17.2 - Kitware)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 75.0.3770.100 - Comodo)
COMODO Secure Shopping (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA478445}) (Version: 1.4.159.0 - COMODO) Hidden
COMODO Secure Shopping (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.4.478445.159 - Comodo)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{7f2fddab-1f7d-4301-b534-6723e6315fe1}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID, Inc.)
Daedalus Mainnet (HKLM-x32\...\Daedalus Mainnet) (Version: 4.0.5 - IOHK)
DB Browser for SQLite (HKLM-x32\...\{60A6564D-4E90-4F6F-859B-8E60C769AEFD}) (Version: 3.11.2 - DB Browser for SQLite Team)
Denuvo Anti-Cheat (HKLM\...\Denuvo Anti-Cheat) (Version: 2.7.0.40281 - Denuvo GmbH)
Destructor (HKLM\...\Blue Cat's Destructor_is1) (Version: 1.3.2 - Team V.R)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
DMG Audio All Plugins (HKLM\...\DMGAudio All Plugins_is1) (Version: 2021.06.22 - DMGAudio & Team V.R)
Dropbox (HKLM-x32\...\Dropbox) (Version: 131.4.3968 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.503.1 - Dropbox, Inc.) Hidden
Dual Monitor Tools (HKLM-x32\...\{5CE3BD1A-324F-4F87-96BB-30F08DB6E839}) (Version: 2.7.0.0 - GNE)
EA Desktop (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.0.117.4975 - Electronic Arts) Hidden
EA Desktop (HKLM-x32\...\{70b14ac1-a22c-4d27-8864-c665ea5d45db}) (Version: 12.0.117.4975 - Electronic Arts)
Emsisoft Anti-Malware (HKLM\...\{CA975286-D816-410C-B6C9-F7213CA84695}) (Version: 21.9.0.11176 - Emsisoft Ltd.)
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{de9f7705-d509-49a2-90f2-29a80ff3b785}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Eventide Ensemble Bundle (HKLM\...\Eventide Ensemble Bundle_is1) (Version: 2.14.4 - Eventide)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle_is1) (Version: 2021.05.07 - FabFilter)
GALAX GAMER RGB (HKLM\...\{06A16AA8-BBA7-4362-962E-16651962D87C}) (Version: 1.00.02 - Galaxy Microsystems Ltd.) Hidden
GALAX GAMER RGB (HKLM-x32\...\{1257fdeb-ffa3-4e17-9d4b-189075ea3656}) (Version: 1.00.02 - Galaxy Microsystems Ltd.)
Genshin Impact (HKLM\...\Genshin Impact) (Version: 2.9.1.0 - miHoYo Co.,Ltd)
Git LFS version 2.11.0 (HKLM\...\{286391DE-F778-44EA-9375-1B21AAA04FF0}_is1) (Version: 2.11.0 - GitHub, Inc.)
Git version 2.31.1 (HKLM\...\Git_is1) (Version: 2.31.1 - The Git Development Community)
Glorious Core (HKLM-x32\...\{A717F79A-3E09-4441-B378-86CE25CD64C3}}_is1) (Version:  - Glorious)
Glorious Model O Software (HKLM-x32\...\{0969D386-B5B4-41BD-98E3-4A1A7D32CB97}_is1) (Version: 1.0.9 - Glorious PC Gaming Race LLC.)
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.27 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
Gpg4win (3.1.15) (HKLM-x32\...\Gpg4win) (Version: 3.1.15 - The Gpg4win Project)
Guitar Rig 6 (HKLM\...\Guitar Rig 6 Pro_is1) (Version: 6.2.2 - Native Instruments & Team V.R)
Haste (HKLM\...\{74A16A8C-48F3-456F-8D43-EE7995543A1C}) (Version: 2.34.124 - Haste) Hidden
Haste (HKLM\...\Haste 2.34.124) (Version: 2.34.124 - Haste)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.23.318 - SurfRight B.V.)
Horizon Zero Dawn (HKLM-x32\...\Horizon Zero Dawn_is1) (Version:  - )
icecap_collection_neutral (HKLM-x32\...\{929EAD9A-42D2-4FC7-B7E6-529AAD5F6D0D}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{84EC5964-D540-4494-9043-BF7BEE37D1E1}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{16D7574C-1007-4A85-93FF-666E74AD60D2}) (Version: 16.5.29521 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{F5C67FC5-BF18-4304-9268-A971876B245A}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
iD (HKLM\...\iD) (Version: 4.2.1.0 - Audient)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
InVision Studio (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\invision-studio) (Version: 1.28.2 - InVisionApp)
IObit Malware Fighter 8 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 8.9.0.875 - IObit)
iTunes (HKLM\...\{298FB192-1160-4551-BB70-1D2442DA9777}) (Version: 12.11.4.15 - Apple Inc.)
JDownloader 2 (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{83d4c398-3b93-4ab0-95f0-6091b0a2f601}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Ledger Live 2.25.1 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.25.1 - Ledger Live Team)
Lethal (HKLM\...\Lethal_is1) (Version: 1.0.20 - Lethal Audio Co Pty Ltd & Team V.R)
Lethal CORE LIBRARY (HKLM-x32\...\{47923BC5-6B8C-4595-A444-F1D961501F10}) (Version: 1.0.15 - Lethal Audio)
Lethal X01-HIPHOP (HKLM-x32\...\{4BF6E709-8A2B-477A-96AF-155C84E72598}) (Version: 1.0.4 - Lethal Audio)
Lethal X02-EDM (HKLM-x32\...\{B18555EA-CD1E-478F-B950-B962E7F2D2FC}) (Version: 1.0.4 - Lethal Audio)
Lethal X03-TRANCE (HKLM-x32\...\{5C3C3EEC-2B59-4173-A20B-D2ADC8225FD4}) (Version: 1.0.4 - Lethal Audio)
Lethal X04-CINEMATIC AMBIENCE (HKLM-x32\...\{35053D71-95BF-4CD8-B68D-CCE9C8BEF92C}) (Version: 1.0.15 - Lethal Audio)
Lethal X06-TECH (HKLM-x32\...\{99000B8F-608B-4612-9480-2C8A1922767B}) (Version: 1.0.15 - Lethal Audio)
Lethal X08-PROGRESSIVE (HKLM-x32\...\{8488BDDB-96DA-48B9-8C16-20CF657DE0E1}) (Version: 1.0.4 - Lethal Audio)
Lethal X09-TRAP (HKLM-x32\...\{6A889553-8E8E-4F98-A738-84FAE19FB98C}) (Version: 1.0.4 - Lethal Audio)
Lethal X10-PIANO (HKLM-x32\...\{96B6707C-CDA2-47D0-A71E-834CD6F4CE75}) (Version: 1.0.15 - Lethal Audio)
Lethal X11-PSY TRANCE (HKLM-x32\...\{D74B50AB-7105-4E84-82BD-72D3862240CC}) (Version: 1.0.4 - Lethal Audio)
Lethal X12-CHIPTUNE (HKLM-x32\...\{752B4CBB-63E7-407D-BDDB-3B2CEEA0CE3A}) (Version: 1.0.4 - Lethal Audio)
Lethal X13-DEEP HOUSE (HKLM-x32\...\{9925D9D0-2230-4F0C-AD32-6B7E4543843D}) (Version: 1.0.15 - Lethal Audio)
Lethal X14-DANCE POP (HKLM-x32\...\{DAE05104-D7C5-4CAE-89A3-03EFB0ED7E22}) (Version: 1.0.15 - Lethal Audio)
Lethal X15-MODERN VINTAGE (HKLM-x32\...\{627E2B6F-FA3B-49C7-A77B-2C572A57272F}) (Version: 1.0.15 - Lethal Audio)
Lethal X16-FUTURE BASS (HKLM-x32\...\{6A165A9E-62F6-458B-BC10-27ACE452BDE4}) (Version: 1.0.15 - Lethal Audio)
Lethal X17-HIPHOP2 (HKLM-x32\...\{A1C5F6A5-7EB7-4140-AC46-EE445344C8B8}) (Version: 1.0.15 - Lethal Audio)
Lethal X19-HOUSE (HKLM-x32\...\{98343D89-A144-4A11-94A3-423D8E9595F7}) (Version: 1.0.15 - Lethal Audio)
Lethal X20-REGGAETON POP (HKLM-x32\...\{AB4BAC37-9783-46FA-BB5E-27A0C2B1B671}) (Version: 1.0.15 - Lethal Audio)
Lethal X21-INDUSTRIAL (HKLM-x32\...\{08AA5694-83C2-4EA0-8B33-9B56D5922A2F}) (Version: 1.0.15 - Lethal Audio)
Lethal X22-TECH2 (HKLM-x32\...\{06F1D44A-D4DF-4D36-8843-FC68E61FBE06}) (Version: 1.0.15 - Lethal Audio)
Lethal X23-BIGROOM (HKLM-x32\...\{F6DBC0DF-7AB3-49B7-8480-DB63B1EC92A1}) (Version: 1.0.15 - Lethal Audio)
Lethal X24-KPOP (HKLM-x32\...\{D4A1102D-C1D7-4B89-868C-B558170A8BED}) (Version: 1.0.15 - Lethal Audio)
Liberica JDK 16 Full (64-bit) (HKLM\...\{EA94E235-AEFF-4B53-9DCD-40D02F7B0B88}) (Version: 16.0.1.9 - BellSoft)
Line 6 & Ampeg Bundle (HKLM\...\Line 6 & Ampeg Bundle_is1) (Version: 2021.5 - Yamaha Guitar Group, Line 6 & Team V.R)
Malwarebytes version 4.4.6.132 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.6.132 - Malwarebytes)
MayaUSD Extension 0.8.0 202102180129-2f83c8f for Maya 2022 (HKLM\...\{D2BC25AB-9C8C-489B-9BB9-E0C4FDF5BB22}) (Version: 0.8.0 - Autodesk)
McAfee Safe Connect (HKLM-x32\...\{1706e61a-227e-4107-8d01-24431f9c5143}) (Version: 2.9 - McAfee, LLC.)
McAfee Safe Connect (HKLM-x32\...\{FBA8975A-B1C2-4195-93CD-1DB0E1CF92CD}) (Version: 2.9 - McAfee, LLC.) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Melodics version 2.1.6404.0 (HKLM\...\Melodics_is1) (Version: 2.1.6404.0 - )
Microsoft .NET Core SDK 3.1.201 (x64) from Visual Studio (HKLM\...\{AE0BA5F1-D63A-4784-944F-114B82FB8202}) (Version: 3.1.201.015034 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 93.0.961.47 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{BAF67399-85CD-4555-9B49-1F80EB921C35}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\...\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\...\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30040 (HKLM-x32\...\{5c6cccca-61ec-4667-a8d9-e133a59a5a73}) (Version: 14.29.30040.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.56.2 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.5.2061.411 - Microsoft Corporation)
MIDI Control Center 1.13.2 (HKLM\...\MIDI Control Center_is1) (Version: 1.13.2 - Arturia)
MixBox version 1.2.0 (HKLM\...\{7E232CD1-01E5-4992-AA82-6BC2374A9D23}_is1) (Version: 1.2.0 - IK Multimedia)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 92.0 (x64 en-US)) (Version: 92.0 - Mozilla)
MtoA for Maya 2022 (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\MtoA2022) (Version: 4.2.1 - Autodesk)
Node.js (HKLM\...\{97FD2F60-C3CD-417D-A5F6-C538B37054CC}) (Version: 12.16.3 - Node.js Foundation)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 471.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.96 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Opera Stable 79.0.4143.22 (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Opera 79.0.4143.22) (Version: 79.0.4143.22 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.103.48818 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.06 - Patriot Memory) Hidden
Patriot Viper RGB (HKLM-x32\...\{72d8889e-2136-423e-b16f-aa8db820adad}) (Version: 1.00.06 - Patriot Memory)
Piano V2 2.8.0 (HKLM-x32\...\Piano V2_is1) (Version: 2.8.0 - Arturia)
Pixologic ZBrush 2021.1 1.0.0 (HKLM-x32\...\Pixologic ZBrush 2021.1 1.0.0) (Version: 1.0.0 - Crackingpatching.com Team)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 210729 - Kakao Corp.)
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
PureRef (HKLM-x32\...\PureRef) (Version: 1.11.1 - Idyllic Pixel)
PuTTY release 0.73 (64-bit) (HKLM\...\{44F7642C-AB7E-4468-B028-E8D08A0CBB0E}) (Version: 0.73.0.0 - Simon Tatham)
PyMEL for Python 3 (HKLM\...\{3C6A5692-8780-485D-A4EB-FBD4E5C794E6}) (Version: 22.0.0.0 - Autodesk) Hidden
Python 3.9.6 (64-bit) (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\{178e8fd0-1b1d-4cdf-8e5c-f5f53d25e0e4}) (Version: 3.9.6150.0 - Python Software Foundation)
Python 3.9.6 Add to Path (64-bit) (HKLM\...\{EC27BF73-AB7E-4867-9EEC-3AD456006835}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Core Interpreter (64-bit) (HKLM\...\{C4B7FF79-1195-436F-AA85-28EE995151B7}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Development Libraries (64-bit) (HKLM\...\{D6580352-5B95-49A9-B2F3-313D12D13968}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Documentation (64-bit) (HKLM\...\{2994270E-FE74-49E5-98BB-E65F5F0EC304}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Executables (64-bit) (HKLM\...\{9BE9E7F0-F9F1-487B-A2FC-790CD2898388}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 pip Bootstrap (64-bit) (HKLM\...\{69BCB7EC-54AF-47F2-A891-D335CE44A530}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Standard Library (64-bit) (HKLM\...\{4DD10049-CC97-48AE-BE76-4CB6E3111F7B}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Tcl/Tk Support (64-bit) (HKLM\...\{7C56D977-225C-4EBA-8308-E47DF9FA867F}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Test Suite (64-bit) (HKLM\...\{5C5B7907-C4E8-4E09-8CD6-3E844C7D65E2}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python 3.9.6 Utility Scripts (64-bit) (HKLM\...\{511119D2-41C4-48E1-A3DA-0A6A1E68AC76}) (Version: 3.9.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{3CC89AD9-6FF2-40BE-ADF4-8ADDD3030FCE}) (Version: 3.9.7483.0 - Python Software Foundation)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.6.0731.072613 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8746.1 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.95 - Realtek Semiconductor Corp.)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2_is1) (Version:  - )
Rokoko Motion Library - Maya 2020.2 (HKLM\...\Rokoko Motion Library 1.1.0) (Version: 1.1.0 - Rokoko)
Rokoko Motion Library - Maya 2022 (HKLM\...\Rokoko Motion Library 2.0.0) (Version: 2.0.0 - Rokoko)
Rokoko Motion Library (HKLM\...\{0DD90669-5CAB-489C-B9D5-D8FE4EE35235}) (Version: 2.0.0 - Rokoko) Hidden
Rokoko Motion Library (HKLM\...\{C301E810-4D70-40DF-92FC-04F113E778AF}) (Version: 1.1.0 - Rokoko) Hidden
Serum by Xfer Records (HKLM-x32\...\Serum) (Version:  - )
SketchUp 2020 (HKLM\...\{3018111d-9515-967c-baf8-b63c54330f67}) (Version: 20.0.363.132 - SketchUp) Hidden
SketchUp 2020 (HKLM-x32\...\{522800F1-9FCE-44F2-8D2E-2CEC5B25A9C2}) (Version: 20.0.363 - Trimble, Inc.)
Sofware IN LLC version 11.86 (HKLM-x32\...\Sofware IN LLC_is1) (Version: 11.86 - Tap LLC Soluteons)
Splice (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\splice) (Version: 3.7.24713 - Distributed Creation, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.7 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Substance in Maya 2022-2.1.9 (HKLM\...\{3275b177-e217-4a4d-9a5f-c215a422d225}_is1) (Version: 2.1.9 - Adobe)
Substance Launcher 1.5.2-beta.92 (HKLM\...\{8b9320fe-2b31-562a-9f54-9956b024276d}) (Version: 1.5.2-beta.92 - Allegorithmic an Adobe Company)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
Synthwave Drums 1.00 (HKLM-x32\...\Synthwave Drums 1.00) (Version: 1.00 - Beatskillz)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.41.0 - TechPowerUp)
Telegram Desktop version 2.9.2 (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.9.2 - Telegram FZ-LLC)
Toon Boom Harmony 20 Premium (HKLM-x32\...\{AED8B34D-6D7A-1014-A201-E3BB1D22153B}) (Version: 20.0.3 - Toon Boom Animation)
Toonboom Harmony 17.0.0 Build 14765 Activation (HKLM\...\Toonboom Harmony 17.0.0 Premium Activation_is1) (Version: 17.0.0 Build 14765 - countryboy)
UE4 Prerequisites (x64) (HKLM\...\{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UJAM BM-NEMESIS (HKLM\...\BM-NEMESIS_is1) (Version: 2.1.2 - UJAM)
Unity (HKLM-x32\...\Unity) (Version: 2020.1.1f1 - Unity Technologies ApS)
Unity Hub 2.4.0 (HKLM\...\{Unity Technologies - Hub}) (Version: 2.4.0 - Unity Technologies Inc.)
Universal CRT Redistributable (HKLM-x32\...\{A9D6F52C-694E-3E41-7AB8-5BEB644742A5}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Unlocker (HKLM-x32\...\{5577A25D-E4FE-4BFB-A660-E0D766BC4EDD}) (Version: 1.9.2 - ajua Custom Installers)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{6B25D94A-4B50-45E2-BBD3-54E68700E1BC}) (Version: 14.25.28508 - Microsoft Corporation) Hidden
version 1.0.6.4 (HKLM-x32\...\{A877D2BD-19D7-443E-95FD-DA0A8ECB88FA}_is1) (Version:  - Dynojet Research Inc.)
Visual Studio Community 2017 (HKLM-x32\...\9839af48) (Version: 15.9.28307.1093 - Microsoft Corporation)
Visual Studio Community 2019 (HKLM-x32\...\b50ff010) (Version: 16.5.30011.22 - Microsoft Corporation)
Voxengo Marquis Compressor (HKLM\...\Voxengo Marquis Compressor_is1) (Version: 2.6 - Voxengo)
VS Immersive Activate Helper (HKLM-x32\...\{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{D8B26CBD-15D2-440B-BCBD-5616D74EFC7D}) (Version: 16.0.98.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{FDC38876-AD68-4616-942D-AC3194DAB0A3}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{7DB17E2A-450D-4DBD-9C17-545A95804B0C}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{C309FC3D-20C2-4F48-AF46-E59674774602}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{692A0FB3-E6A2-4D41-AC03-4136B4312DC0}) (Version: 16.3.29209 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{ABBD10CA-0CFA-4D76-B033-F76C55A54336}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{E47B4703-2337-4ED0-BA24-3EC08D643684}) (Version: 16.4.29411 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{4D33D909-B071-41D2-B305-96B8586F911E}) (Version: 16.5.29814 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Version: 16.5.29521 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.940 - Broadcom Corporation)
Win2PDF 10 (HKLM\...\Win2PDF_is1) (Version: 10.0.62 - Dane Prairie Systems, LLC.)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows SDK AddOn (HKLM-x32\...\{1E76DFA7-96F3-4281-8E41-8A226C3E42EE}) (Version: 10.1.0.0 - Microsoft Corporation)
WinRAR 6.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
WinSCP 5.17.5 (HKLM-x32\...\winscp3_is1) (Version: 5.17.5 - Martin Prikryl)
WPS Office (11.2.0.10296) (HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\Kingsoft Office) (Version: 11.2.0.10296 - Kingsoft Corp.)
wtfast 4.16 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.16.0.1902 - Initex & AAA Internet Publishing)
Xfer Records Serum 1.33b4 (HKLM\...\Xfer Records Serum-r4e_is1) (Version: 1.3.3.4 - Xfer Records)
XLN Audio RC-20 Retro Color (HKLM\...\RC-20 Retro Color_is1) (Version: 1.1.1.2 - XLN Audio)
X-Rite Device Services Manager (HKLM\...\{95158828-CB92-4CD2-B85C-1B280CC6167D}) (Version: 3.1.7.6 - X-Rite)
ZBrush 2021 (HKLM\...\ZBrush 2021 2021) (Version: 2021 - Pixologic)
ZoneAlarm (HKLM-x32\...\{4073CD02-7996-48D7-AFDF-297676C27CA6}) (Version: 2.001.0044 - Check Point Software)
ZoneAlarm Firewall (HKLM-x32\...\{7B46F664-5425-45D9-8761-E506F5D71D12}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Pro (HKLM-x32\...\ZoneAlarm Pro) (Version: 15.8.169.18768 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{DD4F2B05-0B5A-4C76-AEFE-3C85E1064E57}) (Version: 15.8.169.18768 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Check Point Software Ltd.) Hidden
 
Packages:
=========
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_20.1.12.4_x64__adky2gkssdxte [2021-06-03] (Adobe Systems Incorporated)
ASUS Grid (Beta) -> C:\Program Files\WindowsApps\B9ECED6F.133F79A42C6_1.0.14.0_x64__qmba6cd70vzyy [2020-04-20] (ASUSTeK COMPUTER INC.)
Canvas Connect -> C:\Program Files\WindowsApps\DellInc.CanvasConnect_1.4.9.0_x64__htrsf667h5kn2 [2021-07-12] (Dell Inc)
Control PCGP -> C:\Program Files\WindowsApps\505GAMESS.P.A.ControlPCGP_1.0.6.0_x64__tefn33qh9azfc [2021-04-23] (0)
Dishonored 2 -> C:\Program Files\WindowsApps\BethesdaSoftworks.Dishonored2-PC_1.0.9.0_x64__3275kfvn8vcwc [2021-04-23] (0)
flowkey -> C:\Program Files\WindowsApps\app.flowkey.com-3258D263_1.0.0.0_neutral__td7nc3pb565me [2021-09-01] (app.flowkey.com)
Lenovo Display Control Center -> C:\Program Files\WindowsApps\E046963F.LenovoDisplayControlCenter_1.0.33091.0_x86__k1h2ywk1493x8 [2021-09-12] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-06] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-09-07] (NVIDIA Corp.)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-04-08] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-23] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0 [2021-09-04] (Spotify AB) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2021\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\kjeff\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\kjeff\AppData\Local\Kingsoft\WPS Office\11.2.0.10296\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\kjeff\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\kjeff\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2021\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{d936918b-9c4b-555e-074a-c79314be04e1}\localserver32 -> "C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\kjeff\Dropbox [2021-07-12 04:04]
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [Tuts Dropbox] => C:\Users\kjeff\Tuts Dropbox [2020-04-21 04:04]
CustomCLSID: HKU\S-1-5-21-881886857-835413342-2016909866-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2021\Inventor Server\Bin\TestServer.dll => No File
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\kjeff\AppData\Local\MEGAsync\ShellExtX64.dll [2021-05-12] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\kjeff\AppData\Local\MEGAsync\ShellExtX64.dll [2021-05-12] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\kjeff\AppData\Local\MEGAsync\ShellExtX64.dll [2021-05-12] (Mega Limited -> )
ShellIconOverlayIdentifiers: [                    IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2021-01-12] (g10 Code GmbH) [File not signed]
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\kjeff\AppData\Local\MEGAsync\ShellExtX64.dll [2021-05-12] (Mega Limited -> )
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.158.0\AdAwareShellExtension.dll [2021-06-23] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\kjeff\AppData\Local\MEGAsync\ShellExtX64.dll [2021-05-12] (Mega Limited -> )
ContextMenuHandlers3: [AdAwareContextMenu] -> {5B64240D-5B36-4B9F-A75F-4925B6A53D5B} => C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.10.158.0\AdAwareShellExtension.dll [2021-06-23] (Adaware Software (Lavasoft Software Canada Inc.) -> )
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\kjeff\AppData\Local\MEGAsync\ShellExtX64.dll [2021-05-12] (Mega Limited -> )
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2021-01-12] (g10 Code GmbH) [File not signed]
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\kjeff\AppData\Local\MEGAsync\ShellExtX64.dll [2021-05-12] (Mega Limited -> )
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmdi.inf_amd64_9413e5ce3f1b6ec6\nvshext.dll [2021-08-28] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2021-09-15] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-07-22] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-881886857-835413342-2016909866-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\kjeff\AppData\Local\Kingsoft\WPS Office\11.2.0.10296\office6\kwpsmenushellext64.dll [2021-09-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-881886857-835413342-2016909866-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\kjeff\AppData\Local\Kingsoft\WPS Office\11.2.0.10296\office6\kwpsmenushellext64.dll [2021-09-10] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\kjeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Personal - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\kjeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\daa1da0f0c204e66\Click&Clean.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory="Profile 1" --app-id=dacknjoogbepndbemlmljdobinliojbk --app-url
ShortcutWithArgument: C:\Users\kjeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\keyon (sdf) - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\kjeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\464d897d72e4e983\MetaMask.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory="Profile 1" --app-id=ejbalbakoplchlghecdalmeeeajnimhm --app-url
ShortcutWithArgument: C:\Users\kjeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2019-01-24 20:20 - 2019-01-24 20:20 - 002633728 _____ () [File not signed] C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 001664512 _____ () [File not signed] C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2021-01-12 08:30 - 2021-01-12 08:30 - 000453632 _____ (g10 Code GmbH) [File not signed] C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll
2021-05-18 09:17 - 2021-05-18 09:17 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2021-01-15 13:49 - 2021-01-15 13:49 - 001124352 _____ (Robert Simpson, et al.) [File not signed] [File is in use] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\System.Data.SQLite.dll
2021-06-08 04:47 - 2021-06-08 04:47 - 001189888 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\Common\x86\SQLite.Interop.dll
2021-06-08 04:47 - 2021-06-08 04:47 - 001189888 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\ZANG\UI\x86\SQLite.Interop.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 001502208 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1iO.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 003962368 _____ (X-Rite Inc.) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Pro.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 002359296 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1isis\EyeOne_iSis.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 001019392 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Fun.dll
2019-01-24 20:20 - 2019-01-24 20:20 - 004127232 _____ (X-Rite) [File not signed] C:\Program Files (x86)\X-Rite\Devices\i1Studio\i1Studio.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\kjeff\Dropbox:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\kjeff\Dropbox:com.dropbox.attrs [58]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-881886857-835413342-2016909866-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-881886857-835413342-2016909866-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
BHO: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho64.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
BHO-x32: IeUrlFilter Class -> {2DD257A3-5028-41AE-A1E7-A12F76A08893} -> C:\Program Files (x86)\COMODO\COMODO Secure Shopping\cssbho32.dll [2019-08-21] (Comodo Security Solutions, Inc. -> COMODO)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2021-01-12] (IObit Information Technology -> IObit)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7942 more sites.
 
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\123simsen.com -> www.123simsen.com
 
There are 7942 more sites.
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-03-18 23:49 - 2021-04-07 22:06 - 000000868 ____N C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.1  scinstallcheck.mcafee.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\BellSoft\LibericaJDK-16-Full\bin\;C:\Program Files (x86)\Razer\ChromaBroadcast\bin;C:\Program Files\Razer\ChromaBroadcast\bin;C:\Windows\system32;C:\Program Files\Java\jdk-14.0.1\bin;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files\dotnet\;C:\Program Files\CMake\bin;C:\Program Files\Amazon\AWSCLIV2\;C:\Program Files\nodejs\;C:\Program Files\PuTTY\;C:\Program Files\Git LFS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin;C:\Users\kjeff\AppData\Local\Microsoft\WindowsApps;C:\Users\kjeff\AppData\Roaming\npm;C:\Users\kjeff\AppData\Local\Programs\Microsoft VS Code\bin;C:\Program Files (x86)\Gpg4win\..\GnuPG\bin;C:\Program Files\Git\cmd;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;
HKU\S-1-5-21-881886857-835413342-2016909866-1001\Control Panel\Desktop\\Wallpaper -> c:\users\kjeff\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\lenovowallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "TouchZoomDesktop.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Toon Boom Harmony Network Connections.lnk"
HKLM\...\StartupApproved\Run: => "Restoro"
HKLM\...\StartupApproved\Run: => "CanvasLayout"
HKLM\...\StartupApproved\Run: => "RZSurroundHelper"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "DriverFix"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "Haste"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "RzAppEngine"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "Synapse3"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "Substance Launcher"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "YandexDisk2"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-881886857-835413342-2016909866-1001\...\StartupApproved\Run: => "JellyfinTray"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{455F0894-45A3-47E1-B0F6-0981845B3398}] => (Allow) C:\Program Files\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [{46EEE2FD-AD54-4F05-B250-F0913D2DDC8D}] => (Allow) C:\Program Files\e2eSoft\iVCam\iVCam.exe => No File
FirewallRules: [UDP Query User{825346B2-096E-45D5-B7C7-A62CB2E6748A}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [TCP Query User{84D79947-B884-4243-A024-31428EE1127F}C:\program files\e2esoft\ivcam\ivcam.exe] => (Allow) C:\program files\e2esoft\ivcam\ivcam.exe => No File
FirewallRules: [{16FB676D-160D-4151-9C81-A11E7AB51A2F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F381B60-A8C2-4102-BA8C-25D3B4EC264E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E42D40E7-3BEF-4841-89E3-43E9593E1253}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{06D70D34-0F3A-4909-8AC2-6986FF4531C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ACB7CA49-2E9D-4A37-9EB4-E4C779BC97A1}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{0A984389-3131-4ABE-B65D-A6682F6947F8}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7A2DFC14-E697-4AEC-9A12-1968C463CF2D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DOOMEternal\idTechLauncher.exe () [File not signed]
FirewallRules: [{7FF903A4-0725-4F75-A8CD-71DA760198D4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DOOMEternal\idTechLauncher.exe () [File not signed]
FirewallRules: [{DEE4FF8A-8E23-42E7-985C-65305CABBB9A}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{B84181CD-A55F-4ED7-BFCD-4D7BD570E80C}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{83D5DDE6-1152-4DE1-B7EF-9F2847B89EAA}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{93F9472D-2CFE-48B6-8B43-3B69C9BE4C1F}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F0BB2177-FCA1-4595-9E51-32AEAC638B48}] => (Allow) C:\Users\kjeff\AppData\Local\Kingsoft\WPS Office\11.2.0.9453\office6\wps.exe => No File
FirewallRules: [{3877F2C1-5A3C-4692-842E-EA97876D7326}] => (Allow) C:\Users\kjeff\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F5C320C0-4B40-4226-A52E-224183CCA798}] => (Allow) C:\Users\kjeff\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [UDP Query User{C349FE6D-42C2-4151-923E-F40B7A5BC8E7}C:\users\kjeff\desktop\quest.exe] => (Allow) C:\users\kjeff\desktop\quest.exe => No File
FirewallRules: [TCP Query User{C32A89D2-1C2C-4036-B822-8445D68D3FEC}C:\users\kjeff\desktop\quest.exe] => (Allow) C:\users\kjeff\desktop\quest.exe => No File
FirewallRules: [UDP Query User{EE3B76AA-A1E1-498F-9B15-A1533DF4B499}C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{584A90D2-35E1-4DD4-836B-71A2F712D7C7}C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{224C7F40-8D1F-453A-AA73-E123D803565F}C:\users\kjeff\documents\unreal projects\quest\windowsserver\quest\binaries\win64\questserver.exe] => (Allow) C:\users\kjeff\documents\unreal projects\quest\windowsserver\quest\binaries\win64\questserver.exe => No File
FirewallRules: [TCP Query User{9389BF6F-28AC-4CF7-9B96-C92286D2BC77}C:\users\kjeff\documents\unreal projects\quest\windowsserver\quest\binaries\win64\questserver.exe] => (Allow) C:\users\kjeff\documents\unreal projects\quest\windowsserver\quest\binaries\win64\questserver.exe => No File
FirewallRules: [UDP Query User{EE57B3F8-7F65-49E3-9696-EF3DB70BB29E}C:\program files\java\jdk-14.0.1\bin\java.exe] => (Allow) C:\program files\java\jdk-14.0.1\bin\java.exe => No File
FirewallRules: [TCP Query User{38A4A470-E373-4ECA-A8C4-D5DBB99C1D78}C:\program files\java\jdk-14.0.1\bin\java.exe] => (Allow) C:\program files\java\jdk-14.0.1\bin\java.exe => No File
FirewallRules: [UDP Query User{0B2D046C-17F0-407B-9605-7A654F931C64}C:\users\kjeff\documents\ue_4.24.3\engine\binaries\win64\ue4editor.exe] => (Allow) C:\users\kjeff\documents\ue_4.24.3\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{CCE239DA-6D84-4CE2-B350-63AB64A9331F}C:\users\kjeff\documents\ue_4.24.3\engine\binaries\win64\ue4editor.exe] => (Allow) C:\users\kjeff\documents\ue_4.24.3\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [{9B055CBA-6264-45C3-B1E6-90C52D25FC54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E34CB867-00BF-47A5-971E-1CEA8E718624}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{30D71027-7EF7-46A5-8291-6B29E7B1E5CC}C:\users\kjeff\documents\unreal projects\myproject\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\kjeff\documents\unreal projects\myproject\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [TCP Query User{62D0D18F-4CD1-4F90-A7EF-75C121DD9DCC}C:\users\kjeff\documents\unreal projects\myproject\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\kjeff\documents\unreal projects\myproject\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [UDP Query User{71CDC667-D749-452E-BB7C-849FE892599D}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [TCP Query User{9FDF0755-54BE-4D23-85DC-F739AB716CEA}E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) E:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe => No File
FirewallRules: [UDP Query User{B5131F10-413B-4743-9AB4-B702C0C9FE27}E:\program files\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe] => (Allow) E:\program files\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe => No File
FirewallRules: [TCP Query User{36199670-65DB-450E-89EA-A6A4D458684E}E:\program files\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe] => (Allow) E:\program files\ue_4.24\engine\binaries\win64\crashreportclienteditor.exe => No File
FirewallRules: [UDP Query User{0E047076-B1A7-4A74-96CC-CB566B9335CF}E:\program files\ue_4.24\engine\binaries\win64\ue4editor.exe] => (Allow) E:\program files\ue_4.24\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [TCP Query User{FE72E71C-114A-498B-AEDD-8F2E74A0C136}E:\program files\ue_4.24\engine\binaries\win64\ue4editor.exe] => (Allow) E:\program files\ue_4.24\engine\binaries\win64\ue4editor.exe => No File
FirewallRules: [{C6F8E4C1-3495-4D1C-8B09-2E8C6983F9D8}] => (Block) E:\Program Files\Pixologic\ZBrush.exe => No File
FirewallRules: [UDP Query User{EC552650-EDDF-4DA5-9ABD-42D0F3588E41}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{C171293B-9785-4285-B0CB-B1AD2C89429F}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{B6D18F27-1981-4D33-AAF6-38F81B15C949}] => (Allow) LPort=5454
FirewallRules: [{FB486230-2FE3-4A2E-8919-8EBB3724F85C}] => (Allow) C:\Program Files\Unity\Hub\Editor\2020.1.1f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{70A072DD-3099-4E38-8ACA-EFE1C8199C30}] => (Block) C:\Program Files\Unity\Hub\Editor\2020.1.1f1\Editor\Unity.exe (Unity Technologies Aps -> Unity Technologies ApS)
FirewallRules: [{6FE18B86-88EB-4B44-90CF-414FE9726E4E}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{F19AEA47-CAC5-4C64-824B-3C32643C7A34}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe (House of Life) [File not signed]
FirewallRules: [{EC861E43-A164-4D4E-8523-C3518E89A1AB}] => (Allow) C:\Program Files (x86)\BitLord\BitLord.exe (House of Life) [File not signed]
FirewallRules: [{0F5C4895-F8D4-472C-8B04-39B337C96939}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{68D2A642-C2AA-451E-B78C-7592E97CD264}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2C0BC869-D0DF-4ECE-9587-1DF276B00000}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{08AFFB83-805B-47F4-AEF7-7D828018347D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4114E422-A244-4820-9BE0-46D27BC08BEF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{F57ECE23-3F32-4BFC-B654-D40D4C4B754D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{F2A1889E-FF59-449B-A44A-641D709E80D2}] => (Allow) C:\Program Files\Daedalus Mainnet\cardano-node.exe (Input Output HK Limited -> )
FirewallRules: [{7F5C4058-8E89-4D65-97C2-9523D77DB4F6}] => (Allow) C:\Program Files\Daedalus Mainnet\cardano-node.exe (Input Output HK Limited -> )
FirewallRules: [{E40A00F0-7B9B-4B44-A564-C3F47CCED3E8}] => (Block) C:\Program Files\Adobe\Adobe Illustrator 2020\Support Files\Contents\Windows\Illustrator.exe (Adobe Inc. -> Adobe Inc.) [File not signed]
FirewallRules: [{7E42DF75-79DB-4EA4-95F9-708CF2C0ABA4}] => (Block) C:\Program Files\Adobe\Adobe Dreamweaver 2020\Dreamweaver.exe => No File
FirewallRules: [{48E5B05F-0EAB-464B-BCCC-0D477E9A752B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E9E9209A-DAB2-43D0-BC9E-9E3749EFAA4B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{183DB220-2078-4C99-939F-4918943915E3}] => (Block) C:\Program Files\Adobe\Adobe Photoshop 2021\Photoshop.exe (Adobe Inc. -> Adobe) [File not signed]
FirewallRules: [{C8C36C0F-0208-430F-ADD9-10124A75448C}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{46C2296E-9108-429E-BD19-A87707A6F7E6}] => (Allow) C:\Program Files (x86)\CocCoc\Update\coccoctorrentupdate.exe => No File
FirewallRules: [{BA152D6A-5D9F-4BAD-9B93-B17EE9BD86DC}] => (Allow) C:\Program Files (x86)\CocCoc\Update\coccoctorrentupdate.exe => No File
FirewallRules: [{9D59A543-99C7-43D0-9D88-C458FA4B9623}] => (Allow) C:\Program Files (x86)\CocCoc\Update\coccoctorrentupdate.exe => No File
FirewallRules: [{8E445714-4F8C-468C-87AF-A9F2C239FF98}] => (Allow) C:\Program Files (x86)\CocCoc\Update\coccoctorrentupdate.exe => No File
FirewallRules: [{A6AF936B-B058-4A6F-AF2D-263C83F3491B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{778DFC37-2C60-4E06-969A-10095D00DB8B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Ghostrunner\Ghostrunner.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{7B9AC3A3-12BD-4BDF-8880-50EB83802516}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{7407A5AB-5277-4E4D-A795-25DFADC724CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{6CDD1F86-9CD9-454D-9607-34B3D91471F2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{D2B86F77-067C-4D1B-87FA-E0A91B69302D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{210C4689-11A9-4289-8886-A73A02D0059C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{670394B2-FE77-4679-958B-59D3B98D481A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{21E73AC4-CC1B-485C-A4B6-32146109B3DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AE751F17-DD2F-4C96-A712-E984B5434F06}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E2A917E6-CCB2-4C42-8B10-ADA542D89D87}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4CDF27AC-442F-40DA-AE95-6198B76E407E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{35E55D7F-6F68-49A9-AB04-8AEF3920AB03}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6BB4EA37-ACDF-4993-869C-C478D3164A20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8345B2FE-5F38-4406-A90F-21CCD8F2A9E7}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0C944BD1-CABD-47C7-8F01-639EA8716F25}] => (Allow) C:\ProgramData\Ableton\Live 11 Suite\Program\Ableton Live 11 Suite.exe (Ableton AG -> Ableton) [File not signed]
FirewallRules: [{7AF41563-C2CD-472E-83ED-574B3ECFCF29}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{260618C0-D1C4-48B7-8D4B-197B5F855D04}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{1164E362-713E-4B70-8739-13BADEFCEBDF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{54DA817F-6144-49A2-A8FC-9E2699E43394}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{48D9D726-F286-4AA6-8C94-14FBB33AAD8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B4D1126-F12D-4A85-9E41-B9FB49A920FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4FD35E81-CDA6-4D69-B8A5-B70112C423CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F0BEC41B-1BAF-4CF3-97B5-84440519FB7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{269BF4E1-DCB3-42E3-9D02-AD271ABFA7D4}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{6F362325-C65F-42B4-BCAC-202424F08C83}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{FCA5BC25-3497-4B83-A6E0-CBB6AB0ABFEF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F5D3ADA5-8748-491E-908C-3C42A1FFE4CA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3A6D4D15-3E0B-4921-AA7B-6AE4B0F8FCBD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{916E7958-5B0D-4A88-87D5-C2FE8A86894D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5BD60BE8-2F5F-4196-8DEA-87B3377025B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6AE51DF6-5173-4370-90B6-204AF2150A12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A44AE379-6448-4210-AE57-0686DAA6BE22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D5B3295-45F2-4DDE-8FF2-61F2F5440579}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.167.586.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0C0ABA81-61FF-4F94-B11C-CB81C985A0ED}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Twelve Minutes\12M.exe () [File not signed]
FirewallRules: [{DBE2DD23-7D17-4782-B5C1-A6318C7ABB83}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Twelve Minutes\12M.exe () [File not signed]
FirewallRules: [{91D11BBD-FA22-4B9E-84EA-F2E10C1FF39E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{5EE3072A-F3DF-4A09-A28C-CBCC525BD5C9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{B412DD3E-0F71-4FEE-98EB-9609E655B87D}] => (Allow) C:\Program Files (x86)\wtfast\wtfast.exe (WTFast (AAA Internet Publishing Inc.) -> AAA Internet Publishing Inc.)
FirewallRules: [{6CAF04B2-B06A-471D-8C91-CCA75205D649}] => (Allow) E:\Games\Red Dead Redemption 2\RDR2.exe (Rockstar Games) [File not signed]
FirewallRules: [{638967E3-1AE4-49C6-8F89-2659AC79D451}] => (Allow) E:\Games\Red Dead Redemption 2\RDR2.exe (Rockstar Games) [File not signed]
FirewallRules: [{3FC8142B-DD19-49DA-A2BF-BCD1CEEF48D7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\93.0.961.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A42EA322-3632-46AE-A376-F36AA5E97F63}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{BABD7398-2F27-4CA1-924A-A712FA7CFA31}] => (Allow) C:\Users\kjeff\AppData\Local\Programs\Opera\79.0.4143.22\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{1B063D0A-4772-40C4-B564-B538F80AA0AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
 
==================== Restore Points =========================
 
15-09-2021 17:32:34 AA11
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (09/16/2021 03:22:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
Exception code: 0xc0000005
Fault offset: 0x000260b6
Faulting process id: 0x1d34
Faulting application start time: 0x01d7ab3865aae16c
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: hhctrl.ocx
Report Id: 2223a07e-c261-4929-81e2-0abfa24205ec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/16/2021 03:21:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x1d34
Faulting application start time: 0x01d7ab3865aae16c
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 80e75b2a-893b-4c44-b9e2-5bf40d8eca05
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/16/2021 03:20:39 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (09/16/2021 03:20:39 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (09/16/2021 03:20:39 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (09/16/2021 03:20:39 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (09/16/2021 03:20:35 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
 
Error: (09/16/2021 03:19:15 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-UF1CQQ5)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (09/16/2021 03:22:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IMF Service service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (09/16/2021 03:22:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/16/2021 03:22:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/16/2021 03:22:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/16/2021 03:22:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/16/2021 03:22:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The X-Rite Device Services Manager service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
 
Error: (09/16/2021 03:22:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
 
Error: (09/16/2021 03:22:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Windows Defender:
================
Date: 2021-09-15 01:54:11
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-13 21:54:23
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-11 21:08:31
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-10 22:35:09
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-09-10 21:27:58
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2021-09-15 20:17:59
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80070057
Error description: The parameter is incorrect. 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2021-09-11 01:18:12
Description: 
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 
 
Date: 2021-09-11 01:17:46
Description: 
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Offline.
Error code: 0x8000000a
Error description: The data necessary to complete this operation is not yet available. 
 
CodeIntegrity:
===============
Date: 2021-09-16 15:30:00
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-09-16 15:30:00
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-09-16 15:28:17
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume8\Program Files\Emsisoft Anti-Malware\eppcom64.dll that did not meet the Windows signing level requirements.
 
Date: 2021-09-16 15:24:56
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume8\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2021-09-16 15:24:02
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe that did not meet the Microsoft signing level requirements.
 
Date: 2021-09-16 15:23:29
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume8\Windows\System32\fontdrvhost.exe) attempted to load \Device\HarddiskVolume8\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 4007 12/08/2020
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B450-F GAMING
Processor: AMD Ryzen 7 3700X 8-Core Processor 
Percentage of memory in use: 23%
Total physical RAM: 32692.97 MB
Available physical RAM: 25138.78 MB
Total Virtual: 37556.97 MB
Available Virtual: 28135.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.84 GB) (Free:14.4 GB) NTFS
Drive d: (Storage) (Fixed) (Total:931.39 GB) (Free:42.32 GB) NTFS
Drive e: (Storage) (Fixed) (Total:476.92 GB) (Free:28.43 GB) NTFS
Drive g: (USB) (Removable) (Total:58.42 GB) (Free:58.32 GB) NTFS
 
\\?\Volume{af87a110-1875-4312-8ffd-4604bb318163}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{df1d2829-80bb-48f5-ad55-c62955abf54b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: BDDEFF4C)
 
Partition: GPT.
 
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 58.4 GB) (Disk ID: 1F1B63B5)
Partition 1: (Not Active) - (Size=58.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

Edited by LuckyJohn, 17 September 2021 - 02:24 AM.

  • 0

#5
DR M
Posted 17 September 2021 - 05:49 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,110 posts

Hi, John.
 
For future logs posting, please attach the logs instead of copy and paste them. It's easier for me to review them.

To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File.
 
Also please move the FRST on to your Desktop. Just drag it from G, where it is now located, and place it on to the Desktop.
 
Let's begin now.
 
======================
 
1. P2P programs

You have BitLord installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected again, as soon as you use it again. But it is your computer and of course your decision.

  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it along with the unwanted programs in Step 2 below..

 

2. Uninstall programs

2.1. Un-necessary programs
 
I see many programs installed in your computer. Do you need/use all of them? Please, take a look in the installed programs list and uninstall any program you do not need/use.
 
 
2.2. Pirated programs
 
Some of them are the paid versions of the products (e.g. Adobe Illustrator 2020, Adobe Photoshop 2021, Antares Auto-Tune Pro...). Do you have a legal license for them? I'm asking that, because using pirated products is the easiest way to install malware in your computer. We don't want that, so it is important for any user to uninstall any program with not a legal licence, before starting the cleaning procedure.
 
 
2.3. Antivirus - Antimalware
 
An anti-virus and an anti-malware product is a necessity. However, installing more than one of those programs may conflict with each other and cause the following:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
  • Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

In addition to the built-in Windows 10 antivirus, Microsoft Defender, you have all these installed in your computer!
 
adaware antivirus
Comodo Dragon 
COMODO Secure Shopping 
Emsisoft Anti-Malware
HitmanPro 3.8
IObit Malware Fighter 8
McAfee Safe Connect 
Spybot - Search & Destroy
Spybot Anti-Beacon
SUPERAntiSpyware 
ZoneAlarm 
ZoneAlarm Pro
Malwarebytes
 
PLEASE, if you don't want to stay with Microsoft Defender, choose one among Emsisoft and Spybot - Search & Destroy, as an antivirus solution, and Malwarebytes as an anti-malware solution. You can also keep Super AntiSpyware as a second anti-malware (on-demand) scanner. UNINSTALL all the others.
 
 
To uninstall the above programs:

  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
adaware antivirus
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the adaware antivirus items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

 

Repeat the above procedure for the following programs, in addition to other programs you don't need/use or you don't have a legal licence. 
 
Comodo Dragon 
COMODO Secure Shopping 
Emsisoft Anti-Malware *
HitmanPro 3.8
IObit Malware Fighter 8
McAfee Safe Connect 
Spybot - Search & Destroy *
Spybot Anti-Beacon
ZoneAlarm 
ZoneAlarm Pro
BitLord *
Other programs you don't need/use or don't have a legal licence

 
3. Question
 
Do you need this Chrome extension?
 
ExpressVPN: VPN proxy for a better internet
 
If not, please uninstall it.

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find Funmoods, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

 

In your next reply, please post:

 

Any program you uninstalled and if everything went fine.


  • 0

#6
DR M
Posted 19 September 2021 - 02:20 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,110 posts

Hi, John.

 

Are you still with me?


  • 0

#7
DR M
Posted 21 September 2021 - 12:05 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,110 posts
Hello.
 
Asking for help, providing your logs for analysis and then go away, is not just a simple thing. Plus, it's not kind at all. People spend a remarkable amount of time to analyse the logs and, as you know, time is valuable for all of us.
 
Due to lack of feedback, this topic has been closed.
 
If you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP