Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

see process called "Be Productive" running and toonboom softwa


  • Please log in to reply

#16
mallowmallow

mallowmallow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2022
Ran by samue (administrator) on DESKTOP-VMR9NA7 (21-01-2022 11:47:43)
Running from C:\Users\samue\Desktop
Loaded Profiles: samue
Platform: Microsoft Windows 10 Home Version 20H2 19042.867 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͡901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͡901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(Discord Inc. -> Discord Inc.) C:\Users\samue\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) C:\Program Files (x86)\MaskVPN\mask_svc_IObitDel.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\PPUninstaller.exe
(IObit CO., LTD -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SpatialAudioLicenseSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Spotify AB) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe <5>
(Wacom Co., Ltd. -> ) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe
(Western Digital Technologies, Inc. -> ) C:\Program Files\WD Desktop App\wdsync.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe <4>
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files (x86)\Western Digital\Discovery\Current\WDDiscoveryMonitor.exe
(Western Digital Technologies, Inc. -> Western Digital Corporation) C:\Program Files\WD Desktop App\kdd.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18389960 2018-09-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1312040 2018-12-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-06] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [81379600 2022-01-17] (Western Digital Technologies, Inc. -> Western Digital Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [Discord] => C:\Users\samue\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2495672 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (No File)
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-06] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0738FF8C-B2DB-4557-BF14-6AA032B8A753} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {078FBA31-9C80-4A43-AEC5-88E74F136F28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-27] (Google LLC -> Google LLC)
Task: {0BC7E0D8-4C01-465D-B5B3-5F32828DEF73} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {150BB8A6-3FBF-4C66-8E92-F17BF8D23CA0} - System32\Tasks\WD Discovery Service Task samue => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [78608 2022-01-17] (Western Digital Technologies, Inc. -> )
Task: {1E409E1B-58B1-4380-88B1-B766EDCB8B7D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {1EA0E6E3-46C9-406E-A9E2-7D3A2DA6A44F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\samue\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2022-01-20] (ESET, spol. s r.o. -> ESET)
Task: {2BFEE421-016B-478B-984D-BFF278196D39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {30D4F409-292D-4B26-B0D6-2655D56AD3FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3821F1DE-15AE-4064-B361-0A678B28FFFD} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3DA0675D-3FCC-4BD6-A21E-0D03108CE074} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {3DE2B95F-0A7A-447F-A6AB-D3119F3A74FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-27] (Google LLC -> Google LLC)
Task: {572F8315-0B42-4B4C-BE01-0716A435CACA} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {5FE26B08-4934-477E-9D79-0B9DACE3EDA2} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {61C41951-2C74-4357-9B3E-9D8A8EE5DD05} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\samue\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2022-01-20] (ESET, spol. s r.o. -> ESET)
Task: {6A19CD47-F03F-4B95-A7E6-F91BEF3E52ED} - System32\Tasks\Uninstaller_SkipUac_samue => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [7454232 2021-12-16] (IObit CO., LTD -> IObit)
Task: {7809B2BC-1799-43D3-9C09-2B695FA52517} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {9A699171-4AE3-4057-A9F5-2D9AC10FD510} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {9D4EAA9A-8F8E-4BD5-90B6-EB1E12F784F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9D5E980D-B2E6-4054-ABB3-C992721B7A9B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1443207549-266473185-1957000176-500 => C:\Users\samue\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {AAEBCE61-B9B4-440C-94B6-B582684935F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AF13FDA5-4AB9-4F54-B720-EF13EDAC884B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B2BB9FF9-D0A7-43C8-9330-1E0C99E65748} - System32\Tasks\WD Device Agent Task samue => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [723728 2022-01-17] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {C7E020DB-2CB2-4E82-A08D-B5252FA3BACD} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F4DF1DC4-68F6-4C44-8909-B5A9E719DCB7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {F5A92030-10EC-435D-A825-8069428DC71C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F6C699AB-1705-42FD-BA7F-25F85E3B5315} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{67e5bc1d-4207-4265-9467-7b7f63a4081d}: [DhcpNameServer] 10.0.1.1 10.0.1.3
Tcpip\..\Interfaces\{f633f7ab-56bb-4545-a271-410c006b76dc}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\samue\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-20]

FireFox:
========
FF DefaultProfile: 9rbtgwa0.default
FF ProfilePath: C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\9rbtgwa0.default [0000-00-00]
FF NewTab: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
FF ProfilePath: C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release [0000-00-00]
FF DownloadDir: C:\Users\samue\Desktop
FF Extension: (Dark Reader) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-12-07]
FF Extension: (Clear Cache) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2020-12-31]
FF Extension: (Tomato Clock) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-09-06]
FF Extension: (SponsorBlock for YouTube - Skip Sponsorships) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-19]
FF Extension: (TinEye Reverse Image Search) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2021-10-29]
FF Extension: (Tree Style Tab) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-12]
FF Extension: (uBlock Origin) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\[email protected] [2022-01-13]
FF Extension: (Flagfox) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2022-01-03]
FF Extension: (Halo-4-wallpaper-unsc) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{192fc524-b327-4258-a129-bac739726340}.xpi [2020-12-31]
FF Extension: (ANIMATED Neutron Stars by candelora) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{2c216ba1-594a-4039-a389-b954f42ff809}.xpi [2021-07-12]
FF Extension: (Blue and Black Stamped Metal) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{3cda8d03-de1b-47b2-9075-9050cb300ee6}.xpi [2020-12-31]
FF Extension: (Psychedelic Glass Squared) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{52b92fe9-753c-4514-851f-63689f4427f2}.xpi [2020-12-31]
FF Extension: (Dark) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{6341c2d3-7376-4d9b-847c-d4679d341d87}.xpi [2020-12-31]
FF Extension: (Misty dark forest II) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{ac92fc5a-c8cd-4f87-b75c-7a4268e9b5cc}.xpi [2020-12-31]
FF Extension: (Video DownloadHelper) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-07-01]
FF Extension: (Dark Carbon Fiber 1) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{c8b661e4-148d-4fa7-8cfb-81818fd98feb}.xpi [2020-12-31]
FF Extension: (Summerwood) - C:\Users\samue\AppData\Roaming\Mozilla\Firefox\Profiles\lkzehow4.default-release\Extensions\{fb7d2936-bd43-4dcd-ae06-bf7a15401808}.xpi [2020-12-31]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-06] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [844528 2021-10-06] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [61832 2020-12-04] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [805488 2021-07-04] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-05-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 EQU8_36; C:\ProgramData\EQU8\Splitgate\bin\anticheat.x64.equ8.exe [6161552 2021-09-01] (Int3 Software AB -> Int3 Software AB)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158232 2021-08-04] (IObit CO., LTD -> IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7972536 2022-01-19] (Malwarebytes Inc -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-26] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 MaskVPNService; "C:\Program Files (x86)\MaskVPN\mask_svc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 EQU8_HELPER_36; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_36.sys [38032 2021-09-22] (Int3 Software AB -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2022-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [79872 2020-09-17] (Microsoft Windows Hardware Compatibility Publisher -> FTDI Ltd.)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220568 2022-01-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2022-01-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [194480 2022-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-01-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156792 2022-01-20] (Malwarebytes Inc -> Malwarebytes)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [131288 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [29368 2021-11-19] (WDKTestCert dant_ppxe9ny,132779414088034662 -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2018-06-04] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R1 wdfsconnect2017; C:\WINDOWS\system32\drivers\wdfsconnect2017.sys [468112 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-21 11:47 - 2022-01-21 11:48 - 000027523 _____ C:\Users\samue\Desktop\FRST.txt
2022-01-21 11:42 - 2022-01-21 11:42 - 000000000 ____D C:\Users\samue\AppData\LocalLow\IGDump
2022-01-21 11:36 - 2022-01-21 11:37 - 000000000 ___HD C:\adobeTemp
2022-01-20 16:31 - 2022-01-20 16:32 - 000003562 _____ C:\Users\samue\Desktop\FSS.txt
2022-01-20 16:30 - 2022-01-20 16:30 - 000909824 _____ (Farbar) C:\Users\samue\Desktop\FSS.exe
2022-01-20 16:30 - 2022-01-20 16:30 - 000909824 _____ (Farbar) C:\Users\samue\Desktop\FSS(1).exe
2022-01-20 16:21 - 2022-01-20 17:59 - 000000000 ____D C:\ProgramData\ProductData
2022-01-20 16:21 - 2022-01-20 16:22 - 000000000 ____D C:\Users\samue\AppData\LocalLow\IObit
2022-01-20 16:21 - 2022-01-20 16:21 - 000003144 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_samue
2022-01-20 16:21 - 2022-01-20 16:21 - 000001431 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2022-01-20 16:21 - 2022-01-20 16:21 - 000001419 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2022-01-20 16:21 - 2022-01-20 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2022-01-20 16:21 - 2022-01-20 16:21 - 000000000 ____D C:\Program Files (x86)\IObit
2022-01-20 16:20 - 2022-01-20 16:22 - 000000000 ____D C:\Users\samue\AppData\Roaming\IObit
2022-01-20 16:20 - 2022-01-20 16:21 - 000000000 ____D C:\ProgramData\IObit
2022-01-20 16:19 - 2022-01-20 16:19 - 027299744 _____ (IObit ) C:\Users\samue\Desktop\iobituninstaller.exe
2022-01-20 10:29 - 2022-01-20 10:29 - 000002586 _____ C:\Users\Public\Desktop\Toon Boom Storyboard Pro 20.lnk
2022-01-20 10:29 - 2022-01-20 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Storyboard Pro 20
2022-01-20 10:27 - 2022-01-20 10:28 - 337791096 _____ (Toon Boom Animation) C:\Users\samue\Desktop\SBP20-win-17538.exe
2022-01-20 09:24 - 2022-01-20 09:24 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-01-20 09:24 - 2022-01-20 09:24 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-01-20 08:48 - 2022-01-20 09:26 - 000001385 _____ C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-01-20 08:48 - 2022-01-20 09:26 - 000001279 _____ C:\Users\samue\Desktop\ESET Online Scanner.lnk
2022-01-20 08:48 - 2022-01-20 08:48 - 000000000 ____D C:\Users\samue\AppData\Local\ESET
2022-01-20 08:46 - 2022-01-20 08:46 - 013311448 _____ (ESET) C:\Users\samue\Desktop\esetonlinescanner.exe
2022-01-20 08:28 - 2022-01-20 08:28 - 000194480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-01-20 08:28 - 2022-01-20 08:28 - 000156792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-01-20 08:28 - 2022-01-20 08:28 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-01-20 08:26 - 2022-01-20 08:26 - 000003629 _____ C:\Users\samue\Desktop\AdwCleaner[C01] curr.txt
2022-01-19 18:22 - 2022-01-19 18:22 - 000000000 ____D C:\Users\samue\AppData\Local\mbam
2022-01-19 18:21 - 2022-01-19 18:21 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000220568 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2022-01-19 18:21 - 2022-01-19 18:21 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-19 18:21 - 2022-01-19 18:21 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-01-19 18:21 - 2022-01-19 18:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-19 18:21 - 2022-01-19 18:21 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-19 18:20 - 2022-01-19 18:20 - 002911928 _____ (Malwarebytes) C:\Users\samue\Desktop\MBSetup.exe
2022-01-19 18:17 - 2022-01-20 08:26 - 000000000 ____D C:\AdwCleaner
2022-01-19 18:16 - 2022-01-19 18:17 - 008540344 _____ (Malwarebytes) C:\Users\samue\Desktop\AdwCleaner.exe
2022-01-19 06:46 - 2022-01-19 07:37 - 000003117 _____ C:\Users\samue\Desktop\Search.txt
2022-01-17 19:44 - 2022-01-17 19:44 - 104833009 _____ C:\Users\samue\Desktop\my_digital_oil_painting_brushes_by_martinapalazzese_dcisknh.abr
2022-01-17 18:50 - 2022-01-17 18:50 - 337618776 _____ (Toon Boom Animation) C:\Users\samue\Desktop\SBP20-win-16823.exe
2022-01-17 18:49 - 2022-01-20 08:29 - 000000000 ____D C:\Users\samue\AppData\Roaming\WD Discovery
2022-01-17 18:49 - 2022-01-17 18:49 - 000003236 _____ C:\WINDOWS\system32\Tasks\WD Discovery Service Task samue
2022-01-17 18:49 - 2022-01-17 18:49 - 000003172 _____ C:\WINDOWS\system32\Tasks\WD Device Agent Task samue
2022-01-17 18:49 - 2022-01-17 18:49 - 000001306 _____ C:\Users\Public\Desktop\WD Discovery.lnk
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\Users\samue\AppData\Roaming\WDDesktop
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\Program Files\WD Desktop App
2022-01-17 18:49 - 2022-01-17 18:49 - 000000000 ____D C:\Program Files (x86)\Western Digital
2022-01-17 18:49 - 2017-11-21 12:03 - 000468112 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdfsconnect2017.sys
2022-01-17 18:49 - 2017-11-21 12:03 - 000020624 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdvpnpbus.sys
2022-01-17 18:49 - 2017-11-10 12:51 - 000223744 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\SysWOW64\wdfsconnectNetRdr2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000180224 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000154112 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000118272 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectNetRdr2017.dll
2022-01-17 18:49 - 2017-11-10 12:51 - 000002560 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\wdfsconnectevtmsg.dll
2022-01-17 18:48 - 2022-01-20 08:29 - 000000000 ____D C:\Users\samue\.wdc
2022-01-17 18:48 - 2022-01-17 18:48 - 000000000 ____D C:\Users\samue\AppData\Roaming\com.wdc.softwareInstaller
2022-01-17 17:31 - 2022-01-20 09:31 - 000047526 _____ C:\Users\samue\Desktop\Addition.txt
2022-01-17 17:30 - 2022-01-17 17:30 - 000000000 ____D C:\Users\samue\Desktop\FRST-OlderVersion
2022-01-17 17:23 - 2022-01-17 17:30 - 002311680 _____ (Farbar) C:\Users\samue\Desktop\FRST64(1).exe
2022-01-17 17:21 - 2022-01-21 11:47 - 000000000 ____D C:\FRST
2022-01-17 17:21 - 2022-01-17 17:21 - 000000000 ____D C:\Users\samue\Downloads\FRST-OlderVersion
2022-01-16 15:27 - 2022-01-16 15:27 - 337791096 _____ (Toon Boom Animation) C:\Users\samue\Downloads\SBP20-win-17538(2).exe
2022-01-16 01:28 - 2022-01-16 01:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-01-16 00:54 - 2022-01-20 15:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-01-15 15:11 - 2022-01-15 15:11 - 021736720 _____ C:\Users\samue\Downloads\thumbnails goblin_girl_2022 jan_15_2022.sbbkp
2022-01-14 15:11 - 2022-01-14 15:11 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2022-01-12 15:17 - 2022-01-12 15:17 - 009365290 _____ C:\Users\samue\Downloads\thumbnails goblin_girl_2022 its a backup.sbbkp
2022-01-12 00:54 - 2022-01-12 00:54 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2022.lnk
2022-01-08 13:03 - 2022-01-08 13:04 - 000375625 _____ C:\Users\samue\Downloads\MB_TextureBrushes.xml
2022-01-08 12:35 - 2022-01-08 12:35 - 000000000 ____D C:\Users\samue\Desktop\Goblin Girl Boards
2022-01-03 14:11 - 2022-01-03 14:11 - 000083682 _____ C:\Users\samue\Downloads\magnificent_2.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000602099 _____ C:\Users\samue\Downloads\the_centurion.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000192289 _____ C:\Users\samue\Downloads\ruritania.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000052615 _____ C:\Users\samue\Downloads\cardinal.zip
2022-01-03 14:10 - 2022-01-03 14:10 - 000020918 _____ C:\Users\samue\Downloads\seagram_tfb.zip
2022-01-03 14:09 - 2022-01-03 14:09 - 000328104 _____ C:\Users\samue\Downloads\enchanted_land.zip
2021-12-29 20:03 - 2022-01-19 00:02 - 000000000 ____D C:\Users\samue\Documents\The Witcher 3
2021-12-29 18:24 - 2021-12-29 18:24 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk
2021-12-28 19:59 - 2021-12-28 20:04 - 000000000 ____D C:\Users\samue\AppData\Local\Ori and the Will of The Wisps
2021-12-28 19:59 - 2021-12-28 19:59 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Moon Studios
2021-12-27 18:13 - 2021-12-27 18:13 - 000000000 ____D C:\Users\samue\AppData\LocalLow\adamgryu
2021-12-27 18:03 - 2021-12-27 18:03 - 000000000 ____D C:\Users\samue\AppData\Local\TheAscent
2021-12-27 12:01 - 2021-12-27 12:01 - 3436665791 _____ C:\WINDOWS\MEMORY.DMP
2021-12-27 12:01 - 2021-12-27 12:01 - 003138716 _____ C:\WINDOWS\Minidump\122721-15015-01.dmp
2021-12-27 09:47 - 2021-12-27 09:47 - 000000000 ____D C:\Users\samue\Documents\DARKSiDERS
2021-12-27 09:47 - 2021-12-27 09:47 - 000000000 ____D C:\Users\samue\AppData\Roaming\milkfactory

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-21 11:39 - 2021-07-17 15:03 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-01-21 11:39 - 2020-06-28 00:24 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Mozilla
2022-01-21 11:37 - 2021-07-17 15:06 - 000000000 ___RD C:\Users\samue\Creative Cloud Files
2022-01-21 11:36 - 2021-03-26 00:21 - 000003126 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2022-01-21 11:36 - 2021-03-26 00:21 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2022-01-21 11:36 - 2021-03-26 00:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-21 11:36 - 2020-12-16 23:13 - 000000000 ____D C:\Users\samue\AppData\Roaming\WTablet
2022-01-21 11:36 - 2020-10-27 18:12 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-21 11:36 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-21 06:30 - 2020-09-01 18:42 - 000000000 ____D C:\Users\samue\AppData\Roaming\discord
2022-01-21 06:28 - 2020-09-01 18:42 - 000000000 ____D C:\Users\samue\AppData\Local\Discord
2022-01-21 06:09 - 2020-06-28 00:17 - 000000000 ____D C:\Users\samue\AppData\Local\D3DSCache
2022-01-20 20:54 - 2021-11-06 12:11 - 000000000 ____D C:\Users\samue\Desktop\goblins
2022-01-20 18:54 - 2021-03-26 00:21 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-20 18:54 - 2021-03-26 00:21 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-20 18:14 - 2021-09-28 20:08 - 000000000 ____D C:\Users\samue\AppData\Roaming\Pixpil
2022-01-20 18:14 - 2021-09-09 22:28 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Behold Studios
2022-01-20 18:14 - 2021-08-16 20:48 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Eastshade Studios
2022-01-20 18:14 - 2021-07-04 19:48 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Harebrained Schemes
2022-01-20 18:14 - 2020-07-14 12:31 - 000000000 ____D C:\Users\samue\AppData\LocalLow\Team Cherry
2022-01-20 18:07 - 2020-10-16 22:52 - 000000000 ____D C:\Users\samue\AppData\Local\Paradox Interactive
2022-01-20 18:06 - 2021-06-30 00:17 - 000000000 ____D C:\Program Files\Rockstar Games
2022-01-20 18:06 - 2021-06-30 00:17 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2022-01-20 18:03 - 2021-06-30 00:23 - 000000000 ____D C:\Users\samue\AppData\Local\Rockstar Games
2022-01-20 18:03 - 2021-06-30 00:18 - 000000000 ____D C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2022-01-20 18:03 - 2021-06-30 00:18 - 000000000 ____D C:\ProgramData\Rockstar Games
2022-01-20 18:03 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-20 17:59 - 2021-07-12 14:09 - 000000000 ____D C:\Users\samue\AppData\LocalLow\League of Geeks
2022-01-20 16:31 - 2021-07-17 15:06 - 000000000 ____D C:\Users\samue\AppData\Local\CrashDumps
2022-01-20 16:24 - 2021-02-18 08:18 - 000000000 ____D C:\Program Files (x86)\MaskVPN
2022-01-20 16:23 - 2020-07-21 23:37 - 000000000 ____D C:\Games
2022-01-20 16:15 - 2020-06-28 00:19 - 000000000 ____D C:\Users\samue\AppData\Local\Packages
2022-01-20 16:15 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-20 16:13 - 2020-10-14 19:51 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2022-01-20 16:13 - 2020-10-13 19:40 - 000000000 ____D C:\GOG Games
2022-01-20 16:13 - 2020-08-04 01:09 - 000000000 ____D C:\ProgramData\GOG.com
2022-01-20 13:20 - 2021-09-09 18:04 - 000001456 _____ C:\Users\samue\AppData\Local\Adobe Save for Web 13.0 Prefs
2022-01-20 12:48 - 2021-04-29 17:46 - 000000000 ____D C:\Users\samue\AppData\Roaming\Toon Boom Animation
2022-01-20 10:04 - 2021-03-26 00:21 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-20 09:09 - 2020-12-29 23:19 - 000000000 ____D C:\Users\samue\Desktop\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]
2022-01-20 09:05 - 2020-12-23 12:36 - 000000000 ____D C:\Program Files (x86)\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]
2022-01-20 08:28 - 2021-03-26 00:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-20 08:28 - 2021-03-26 00:18 - 000000000 ____D C:\Users\samue
2022-01-20 08:28 - 2021-03-26 00:17 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-20 08:28 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-20 08:25 - 2020-12-15 17:41 - 000000000 ____D C:\Program Files\Adobe
2022-01-19 18:21 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-01-19 18:15 - 2021-03-26 00:17 - 000636440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-19 06:34 - 2021-08-29 20:55 - 000000000 ____D C:\Users\samue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-01-17 23:34 - 2021-03-26 00:21 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-17 23:34 - 2021-03-26 00:21 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-17 18:49 - 2020-03-13 13:21 - 000000000 ____D C:\ProgramData\Package Cache
2022-01-17 17:37 - 2020-06-28 00:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-01-16 23:04 - 2021-12-08 17:41 - 000000000 ____D C:\Users\samue\Desktop\gobelins work
2022-01-16 01:28 - 2020-06-28 00:24 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-01-15 16:26 - 2021-06-29 05:20 - 000000084 _____ C:\WINDOWS\system32\perfdish001.dat
2022-01-15 10:24 - 2020-07-19 01:16 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-15 10:24 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-15 07:52 - 2020-01-08 16:49 - 000000000 ____D C:\Program Files\Microsoft Office
2022-01-14 15:11 - 2020-12-16 23:12 - 000000000 ____D C:\Program Files\Tablet
2022-01-12 00:57 - 2020-12-10 23:26 - 000000000 ____D C:\Users\samue\AppData\Local\AMD_Common
2022-01-12 00:54 - 2020-12-16 23:05 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-01-12 00:53 - 2021-03-08 18:38 - 000000000 ____D C:\Users\samue\AppData\Roaming\audacity
2022-01-06 20:55 - 2020-10-27 18:13 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-06 20:55 - 2020-10-27 18:13 - 000002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-30 14:49 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-12-28 18:42 - 2020-09-15 22:17 - 000000000 ____D C:\Users\samue\AppData\Roaming\RenPy
2021-12-27 12:01 - 2021-12-16 10:08 - 000000000 ____D C:\Users\samue\AppData\Roaming\Apple Computer
2021-12-27 12:01 - 2021-04-16 10:12 - 000000000 ____D C:\WINDOWS\Minidump

==================== Files in the root of some directories ========

2021-09-09 18:04 - 2022-01-20 13:20 - 000001456 _____ () C:\Users\samue\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-01-06 02:13 - 2021-01-07 20:12 - 000025282 _____ () C:\Users\samue\AppData\Local\digikamrc
2021-07-17 15:16 - 2021-07-17 15:16 - 000000000 _____ () C:\Users\samue\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by samue (21-01-2022 11:48:26)
Running from C:\Users\samue\Desktop
Microsoft Windows 10 Home Version 20H2 19042.867 (X64) (2021-03-26 05:21:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1443207549-266473185-1957000176-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1443207549-266473185-1957000176-503 - Limited - Disabled)
Guest (S-1-5-21-1443207549-266473185-1957000176-501 - Limited - Disabled)
samue (S-1-5-21-1443207549-266473185-1957000176-1003 - Administrator - Enabled) => C:\Users\samue
WDAGUtilityAccount (S-1-5-21-1443207549-266473185-1957000176-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Animate 2022 (HKLM-x32\...\FLPR_22_0_2) (Version: 22.0.2 - Adobe Inc.)
Adobe Bridge 2022 (HKLM-x32\...\KBRG_12_0_1) (Version: 12.0.1 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.0.788.2 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe InDesign 2022 (HKLM-x32\...\IDSN_17_0_1) (Version: 17.0.1 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_11_1) (Version: 11.1 - Adobe Inc.)
Adobe Media Encoder 2022 (HKLM-x32\...\AME_22_1_1) (Version: 22.1.1 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_1) (Version: 23.1.0.143 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{1774a753-7604-40a0-adbd-e3dc95bea5a8}) (Version: 2.04.04.111 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{4fedae1b-6980-4848-9ba0-229c946a3dac}) (Version: 2.10.13.408 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
Aurora (HKLM-x32\...\{A65BAA2D-2281-4DEE-93E0-34F323527587}) (Version: 1.0.3 - Aurora)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Capture One 20 (HKLM\...\CaptureOne13_is1) (Version: 13.0.0.155 - Phase One A/S)
CLIP STUDIO 1.8.0 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.8.0 - CELSYS)
CLIP STUDIO PAINT 1.8.2 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.8.2 - CELSYS)
Discord (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Discord) (Version: 0.0.311 - Discord Inc.)
Documentation Manager (HKLM\...\{1C8E0D25-2AD1-4A5B-885E-03256A0ED8B6}) (Version: 21.70.0.6 - Intel Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{15F081E3-93FF-4FF3-B447-42CC458C4F79}) (Version: 3.11.0021 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
GameInput Redistributable (HKLM-x32\...\{7E52156F-18FE-B953-BEA9-6BE6A77AFDFF}) (Version: 10.1.19041.3906 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.71 - Google LLC)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000070-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.70.0.3 - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{9be285a1-83bf-4416-853d-015017626f25}) (Version: 21.70.0.6 - Intel Corporation) Hidden
IObit Uninstaller 11 (HKLM-x32\...\IObitUninstall) (Version: 11.2.0.10 - IObit)
LibreOffice 7.0.4.2 (HKLM\...\{B3171B83-4945-43E0-A101-841638C05506}) (Version: 7.0.4.2 - The Document Foundation)
Malwarebytes version 4.5.2.157 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.2.157 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14729.20260 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 97.0.1072.62 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29914 (HKLM-x32\...\{43d1ce82-6f55-4860-a938-20e5deb28b98}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 96.0.1 (x64 en-US)) (Version: 96.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 77.0.1 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14729.20260 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenToonz version 1.4.0 (HKLM\...\{DF519282-600D-4E03-9190-6046329B1CB4}_is1) (Version: 1.4.0 - DWANGO Co., Ltd.)
Photo Mechanic Full (HKLM\...\{342310B8-3A44-49AB-9B22-0CC4968DA410}) (Version: 6.0.2818 - Camera Bits, Inc.)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
PSD Repair Kit 2.3 (HKLM-x32\...\PSD Repair Kit_is1) (Version:  - File Master LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8522 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
SketchUp 2020 (HKLM-x32\...\{522800F1-9FCE-44F2-8D2E-2CEC5B25A9C2}) (Version: 20.2.172 - Trimble, Inc.)
SketchUpPro (HKLM\...\{5778f9a3-781e-16f1-a6bf-08fd59dfa77b}) (Version: 20.2.172.37 - SketchUp) Hidden
TakeMyFile (HKLM-x32\...\{21AC19EB-58FC-43D8-984F-008619E193D6}_is1) (Version: 1.02 - US-Media-Capital)
Toon Boom Storyboard Pro 20 (HKLM-x32\...\{85D673AF-6DCA-1014-920B-4EFA9FCDC13C}) (Version: 20.10.2.17538 - Toon Boom Animation)
UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.45-1 - Wacom Technology Corp.)
WD Desktop App 2.1.0.322 (HKLM-x32\...\{9478cae3-730b-4ffe-b22b-ae8b7787f5d5}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Desktop App 2.1.0.322 (x64) (HKLM\...\{CA7F7232-526E-41BD-971A-47BE28C18516}) (Version: 2.1.0.322 - Western Digital Corporation) Hidden
WD Discovery (HKLM-x32\...\WDDiscovery) (Version: 4.3.336 - Western Digital Technologies, Inc.)
WD SES Driver Setup (HKLM-x32\...\{924A274D-38B6-4930-8859-F3F51CFA8DDD}) (Version: 1.1.0.25 - Western Digital) Hidden
Windows Driver Package - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows Driver Package - Phase One A/S (WinUSB) USBDevice  (12/14/2018 1.15.0.0) (HKLM\...\9398055CF8BEEF1D6FCF147047450F15A1C7AF2A) (Version: 12/14/2018 1.15.0.0 - Phase One A/S)
Zoom (HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)

Packages:
=========
7-Zip File Manager (Unofficial) -> C:\Program Files\WindowsApps\HaukeGtze.7-ZipFileManagerUnofficial_1.1900.3.0_x64__6bk20wvc8rfx2 [2020-08-21] (Hauke Hasselberg)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-07-17] (Adobe Systems Incorporated)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220 [2021-03-19] (Dolby Laboratories)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.38.0.0_x64__ypmq2qh89vmny [2021-03-18] (Turnipsoft)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-11-28] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-18] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0 [2021-04-01] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0D62594C70D7} -> [Creative Cloud Files] => C:\Users\samue\Creative Cloud Files [2021-07-17 15:06]
CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1443207549-266473185-1957000176-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
SSODL: WDFSMountNotificator-wdfsconnect2017 - {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} - C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
SSODL-x32: WDFSMountNotificator-wdfsconnect2017 - {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} - C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects: Virtual Storage Mount Notification -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} => C:\WINDOWS\system32\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A} => C:\WINDOWS\SysWOW64\wdfsconnectMntNtf2017.dll [2017-11-10] (Western Digital Technologies, Inc.) [File not signed]
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay01] -> {4F8A325E-9DAF-44B8-A825-1A14DFA0FA78} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay02] -> {0176BDDE-B59A-4A1E-808B-CAD461415CCA} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay03] -> {B65909D1-57AF-41F5-AB94-BEB733F62B35} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay04] -> {C6C2397D-8238-4332-8935-86C39C7C165F} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay05] -> {E7B3BCF9-0386-4B5F-AE6A-91B9F1423973} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [    WDDesktopIconOverlay06] -> {564EA121-D9DA-485D-82C2-C2ED7BFCCEAD} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers1: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers1: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers4: [PMShellExt] -> {D33CAA34-6010-4798-A3A3-11600C03EDDB} => C:\Program Files\Camera Bits\Photo Mechanic\PMShellMenu\PMShellMenu.dll [2019-04-05] (Camera Bits, Inc.) [File not signed]
ContextMenuHandlers4: [WDDesktopContextMenu] -> {f351d8c9-ff13-3519-92fa-763cce46b27b} => C:\Program Files\WD Desktop App\kda.DLL [2021-07-26] (Western Digital Technologies, Inc. -> Western Digital Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2020-12-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers6: [IObitUninstaller] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2021-12-14] (IObit CO., LTD -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-19] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-23 12:38 - 2019-11-27 11:16 - 009683968 _____ () [File not signed] [File is in use] C:\Program Files\Phase One\Capture One 20\WIC\WIC64\P1.AppCore.dll
2022-01-17 18:49 - 2022-01-17 18:49 - 001987072 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\ffmpeg.dll
2022-01-17 18:49 - 2022-01-17 18:49 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libegl.dll
2022-01-17 18:49 - 2022-01-17 18:49 - 002250240 _____ () [File not signed] C:\Program Files (x86)\Western Digital\Discovery\Current\swiftshader\libglesv2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2020-03-19 05:40 - 2020-03-19 05:40 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 00:13 - 2015-02-19 00:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll
2020-12-23 12:38 - 2019-11-27 11:18 - 000295424 _____ () [File not signed] C:\Program Files\Phase One\Capture One 20\WIC\WIC64\P1.WIC.NativeComWrapper.dll
2021-07-26 02:54 - 2021-07-26 02:54 - 002637985 _____ () [File not signed] C:\Program Files\WD Desktop App\libfusewdfs.dll
2021-03-19 03:38 - 2021-03-19 03:38 - 000168960 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220\DAXRPCClient.dll
2021-03-19 03:38 - 2021-03-19 03:38 - 037922304 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220\DolbyAccess.dll
2021-01-14 21:16 - 2021-01-14 21:16 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.2028.0_x64__rz1tebttyb220\e_sqlite3.dll
2020-12-04 06:51 - 2020-12-04 06:51 - 001470976 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-01-08 16:49 - 2020-01-08 16:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-01-08 16:49 - 2020-01-08 16:49 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2017-02-13 13:54 - 2017-02-13 13:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 16:39 - 2009-10-21 16:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 13:58 - 2020-07-27 13:58 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-12-04 07:02 - 2020-12-04 07:02 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: No Name -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A}' -> No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO-x32: No Name -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A}' -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-01-15] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-18 23:49 - 2019-03-18 23:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\samue\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\the_roses_of_heliogabalus.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{6724CE91-2CCA-4CBB-A498-80FB345D87FB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [UDP Query User{894B3385-DA6F-43A9-96E7-7D6F956E79F0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

==================== Restore Points =========================

15-01-2022 01:32:57 Scheduled Checkpoint
16-01-2022 15:24:09 Removed Toon Boom Storyboard Pro 20.
17-01-2022 18:47:51 Removed Toon Boom Storyboard Pro 20.
19-01-2022 06:43:00 Removed Java 8 Update 301
19-01-2022 06:43:12 Removed Java 8 Update 301 (64-bit)
20-01-2022 10:22:51 Removed Toon Boom Storyboard Pro 20.
20-01-2022 10:29:39 Installed Toon Boom Storyboard Pro 20.
20-01-2022 16:14:09 Removed Minecraft Launcher

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/21/2022 02:33:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WaaSMedicAgent.exe, version: 10.0.19041.662, time stamp: 0xc38bc2fc
Faulting module name: WaaSMedicCapsule.dll, version: 10.0.19041.662, time stamp: 0x5eff0ccc
Exception code: 0xc0000005
Fault offset: 0x000000000000ae62
Faulting process id: 0x3af8
Faulting application start time: 0x01d80e987d389633
Faulting application path: C:\WINDOWS\System32\WaaSMedicAgent.exe
Faulting module path: C:\WINDOWS\System32\WaaSMedicCapsule.dll
Report Id: 99302e73-4d20-4814-bdde-4a85badad7ab
Faulting package full name:
Faulting package-relative application ID:

Error: (01/20/2022 04:31:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.19041.844, time stamp: 0x5d74feca
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000028d0fd8
Faulting process id: 0x54c8
Faulting application start time: 0x01d80e40d1d22d7b
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: unknown
Report Id: afce44a5-52d5-4abb-ae20-31d5aeaeda9c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/20/2022 04:31:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: explorer.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00000000028D0FD8

Error: (01/20/2022 08:48:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ESETOnlineScanner.exe, version: 10.23.28.0, time stamp: 0x6176c73b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004000
Faulting process id: 0x14c4
Faulting application start time: 0x01d80e045fd0ef5c
Faulting application path: C:\Users\samue\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Faulting module path: unknown
Report Id: a9c984e7-ee01-477b-a383-c0bb8a84a22d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/20/2022 08:30:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.1213, time stamp: 0x61dc568d
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x292c
Faulting application start time: 0x01d80e01a23fd1a3
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 4dc054ab-ccd7-493b-90ac-8db42c7d48dc
Faulting package full name:
Faulting package-relative application ID:

Error: (01/19/2022 05:59:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/17/2022 05:39:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinStore.App.exe version 12101.1001.14.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1bcc

Start Time: 01d80bf300b50dd8

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe

Report Id: 43b3606f-7df5-4c6b-926d-d667bd6bc373

Faulting package full name: Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Cross-process

Error: (01/17/2022 05:37:20 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-VMR9NA7)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (01/21/2022 11:48:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/21/2022 11:48:44 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/21/2022 11:46:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/21/2022 11:46:44 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/21/2022 11:44:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/21/2022 11:44:44 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VMR9NA7)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Error: (01/21/2022 11:42:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error:
The system cannot find the file specified.

Error: (01/21/2022 11:42:44 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2021-04-14 19:36:15
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-13 12:24:48
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-11 10:05:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-10 10:58:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-04-08 11:05:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-11-28 23:42:03
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\amdpcidev.inf_amd64_4e064472fc95e244\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:49
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:49
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\W7x64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:47
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\IODriver\PCI\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:47
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\{2AC4B528-F55F-47BC-B598-781D8A0A9B7E}\IODriver\PCI\PCI Driver\W7x64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-11-28 23:39:46
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\samue\AppData\Roaming\AMD\Chipset_Driver_Installer\AMD_Chipset_Drivers\MSIFiles\program files\AMD\Chipset_IODrivers\PCI Driver\WTx64\AMDPCIDev.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. P1.50 10/14/2019
Motherboard: ASRock B450M Gaming
Processor: AMD Ryzen 7 3700X 8-Core Processor
Percentage of memory in use: 56%
Total physical RAM: 16313.94 MB
Available physical RAM: 7081.02 MB
Total Virtual: 32185.94 MB
Available Virtual: 15829.34 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.88 GB) (Free:238.58 GB) NTFS
Drive e: (easystore) (Fixed) (Total:7452.03 GB) (Free:7451.7 GB) NTFS

\\?\Volume{aafe6565-c049-4b41-bf82-d2ddefc2acc6}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{743177cf-dafe-4a84-a588-20a0f7ad96e8}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 190CD766)

Partition: GPT.

==========================================================
Disk: 1 (Size: 7452 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

Advertisements


#17
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 3,312 posts

Hi, Mallow.
 
Although you downloaded IObit Uninstaller for a reason, please do not download anything else until we finish from here. Or at least, ask me before. 
 
Moving on.

 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1443207549-266473185-1957000176-1003\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (No File)
Task: {9D5E980D-B2E6-4054-ABB3-C992721B7A9B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1443207549-266473185-1957000176-500 => C:\Users\samue\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
FF NewTab: Mozilla\Firefox\Profiles\9rbtgwa0.default -> hxxps://segoonow.com/homepage?hp=1&bitmask=9996&pId=AE190201&iDate=2021-02-18 01:18:29&bName=
R2 MaskVPNService; "C:\Program Files (x86)\MaskVPN\mask_svc.exe" [X]
2022-01-20 09:09 - 2020-12-29 23:19 - 000000000 ____D C:\Users\samue\Desktop\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]
2022-01-20 09:05 - 2020-12-23 12:36 - 000000000 ____D C:\Program Files (x86)\Capture One 20 Pro 13.0.0.155 (x64) Multilingual + Keygen [SadeemPC]
BHO: No Name -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A}' -> No File
BHO-x32: No Name -> {10065F2E-7FE7-4B96-B041-2F0D4E4C880A}' -> No File
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. Restore missing services
 
2.1. Enter Safe mode

  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

 

2.2. Restore Services
 
Once in Safe mode, do the following:

 

3. Run FSS again

 

If Step 2 completed without errors, please do the following: 

  • Restart in normal mode.
  • Right click on the tool icon and run it as administrator, as you did before.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

 

 

In your next reply please post:

  1. The fixlog
  2. If the process of restoring services ran smoothly
  3. If restoring services completed without errors, the FSS.txt

  • 0






Similar Topics

3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP