Proxy Virus time: http=localhost:8000;https=localhost:8000 – Virus, Trojan, Spyware, and Malware Removal Help | #firefox | #chrome | #microsoftedge

same problem that Phideous was having in this post: 

https://www.bleepingcomputer.com/forums/t/742727/proxy-virus-time-httplocalhost8000;httpslocalhost8000/

 

I have done the same anti viral measures as phideous

 

any help would be great thanks 

 

logs: 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2021

Ran by Pasath (administrator) on DESKTOP-97O75D8 (Micro-Star International Co., Ltd. MS-7C91) (07-07-2021 23:36:02)

Running from C:UsersPasathDownloads

Loaded Profiles: Pasath

Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: English (United Kingdom)

Default browser: Chrome

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() [File not signed] C:Program Files (x86)Remote MouseRemoteMouseService.exe

(Adobe Inc. -> Adobe Inc) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonIPCBoxAdobeIPCBroker.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe

(Adobe Inc. -> Adobe Inc.) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

(Adobe Inc. -> Adobe Systems Inc.) C:Program Files (x86)AdobeAcrobat DCAcrobatacrotray.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:Program Files (x86)AdobeAcrobat DCAcrobatAdobeCollabSync.exe <2>

(Adobe Inc. -> Adobe Systems Incorporated) C:Program FilesAdobeAdobe Creative Cloud ExperienceCCXProcess.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe

(Adobe Systems Incorporated) C:Program FilesWindowsAppsAcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7rAcrobatNotificationClient.exe

(Adobe Systems Incorporated) C:Program FilesWindowsAppsAdobeNotificationClient_2.0.1.8_x86__enpm4xejd91ycAdobeNotificationClient.exe

(Apple Inc. -> Apple Inc.) C:Program FilesBonjourmDNSResponder.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.CpuIdRemote64.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.DisplayAdapter.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe

(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE.exe

(Discord Inc. -> Discord Inc.) C:UsersPasathAppDataLocalDiscordapp-1.0.9002Discord.exe <6>

(Electronic Arts, Inc. -> Electronic Arts) C:Program Files (x86)OriginOriginWebHelperService.exe

(Flexera Software LLC -> Flexera) C:Program FilesCommon FilesMacrovision SharedFlexNet PublisherFNPLicensingService64.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:Program Files (x86)GoogleUpdate1.3.36.82GoogleCrashHandler64.exe

(Google LLC -> Google LLC) C:Program FilesGoogleChromeApplicationchrome.exe <33>

(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:WindowsSystem32ibtsiva.exe

(Logitech Inc -> Logitech, Inc.) C:Program FilesLGHUBlghub_updater.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE

(Microsoft Corporation -> Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16WINWORD.EXE

(Microsoft Corporation -> Microsoft Corporation) C:UsersPasathAppDataLocalMicrosoftOneDrive21.119.0613.0001FileCoAuth.exe

(Microsoft Corporation -> Microsoft Corporation) C:UsersPasathAppDataLocalMicrosoftOneDriveOneDrive.exe

(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFramework64v4.0.30319MSBuild.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbweGamingServices.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbweGamingServicesNet.exe

(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbweHxOutlook.exe

(Microsoft Corporation) C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbweHxTsr.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.721.5282.0_x64__8wekyb3d8bbweGameBar.exe

(Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.XboxGamingOverlay_5.721.5282.0_x64__8wekyb3d8bbweGameBarFTServer.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:Windowsregedit.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe <3>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32oobeUserOOBEBroker.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32rundll32.exe <2>

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32spaceman.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32Taskmgr.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32WindowsPowerShellv1.0powershell.exe

(Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe

(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:WindowsSystem32CorsairGamingAudioCfgService64.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe

(Motion Systems Michał Stanek -> MotionSystems) C:Program Files (x86)Next Level RacingPlatform ManagerMoSyAppWatcherSvc32.exe

(Motion Systems Michał Stanek -> MotionSystems) C:Program Files (x86)Next Level RacingPlatform ManagerMoSyAppWatcherSvc64.exe

(Motion Systems Michał Stanek -> Next Level Racing) C:Program Files (x86)Next Level RacingPlatform ManagerPlatformManager.exe

(NetSupport Ltd -> NetSupport Ltd) C:UsersPasathAppDataRoamingZ4RV3Bpqctfmon.exe

(Node.js Foundation -> Node.js) C:Program FilesAdobeAdobe Creative Cloud Experiencelibsnode.exe

(NVIDIA Corporation -> Node.js) C:Program Files (x86)NVIDIA CorporationNvNodeNVIDIA Web Helper.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA Share.exe <3>

(NVIDIA Corporation -> NVIDIA Corporation) C:Program FilesNVIDIA CorporationShadowPlaynvsphelper64.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a51067c0ac557884Display.NvContainerNVDisplay.Container.exe <2>

(Piriform Software Ltd -> Piriform Software Ltd) C:Program FilesCCleanerCCleaner64.exe

(remotemouse.net) [File not signed] C:Program Files (x86)Remote MouseRemoteMouse.exe

(RemoteMouse.net) [File not signed] C:Program Files (x86)Remote MouseRemoteMouseCore.exe

(Robert McNeel & Associates (TLM, Inc.) -> Robert McNeel & Associates) C:Program Files (x86)McNeelUpdate5.0McNeelUpdateService.exe

 

==================== Registry (Whitelisted) ===================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…Run: [AdobeGCInvoker-1.0] => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM…Run: [AdobeAAMUpdater-1.0] => C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

HKLM…Run: [WindowsDefender] => “%ProgramFiles%Windows DefenderMSASCuiL.exe”

HKLM-x32…Run: [TeamsMachineInstaller] => C:Program Files (x86)Teams InstallerTeams.exe [101284632 2020-09-17] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32…Run: [Next Level Racing Platform Manager] => C:Program Files (x86)Next Level RacingPlatform ManagerPlatformManager.exe [5426792 2020-11-16] (Motion Systems Michał Stanek -> Next Level Racing)

HKLM-x32…Run: [Adobe Creative Cloud] => C:Program FilesAdobeAdobe Creative CloudACCCreative Cloud.exe [2095672 2021-01-20] (Adobe Inc. -> Adobe Inc.)

HKLM-x32…Run: [Adobe CCXProcess] => C:Program Files (x86)AdobeAdobe Creative Cloud ExperienceCCXProcess.exe [129288 2021-02-03] (Adobe Inc. -> )

HKLM-x32…Run: [Acrobat Assistant 8.0] => C:Program Files (x86)AdobeAcrobat DCAcrobatAcrotray.exe [5296352 2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

HKLM-x32…Run: [] => [X]

HKLM-x32…Run: [CORSAIR iCUE Software] => C:Program Files (x86)CorsairCORSAIR iCUE SoftwareiCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [Steam] => C:Program Files (x86)Steamsteam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [Spotify] => C:UsersPasathAppDataRoamingSpotifySpotify.exe [24091264 2021-07-03] (Spotify AB -> Spotify Ltd)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [EpicGamesLauncher] => C:Program Files (x86)Epic GamesLauncherPortalBinariesWin64EpicGamesLauncher.exe [33249248 2021-06-19] (Epic Games Inc. -> Epic Games, Inc.)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [LGHUB] => C:Program FilesLGHUBlghub.exe [123792288 2021-05-08] (Logitech Inc -> Logitech, Inc.)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [com.squirrel.Teams.Teams] => C:UsersPasathAppDataLocalMicrosoftTeamsUpdate.exe [2453688 2021-01-29] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [Facebook.MessengerDesktop] => C:UsersPasathAppDataLocalProgramsMessengerMessenger.exe messenger://openAtLogin

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [Adobe Acrobat Synchronizer] => C:Program Files (x86)AdobeAcrobat DCAcrobatAdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [Discord] => C:UsersPasathAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [ctfmon_] => C:UsersPasathAppDataRoamingZ4RV3Bpqctfmon.exe [112176 2020-05-06] (NetSupport Ltd -> NetSupport Ltd) <==== ATTENTION

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Run: [CCleaner Smart Cleaning] => C:Program FilesCCleanerCCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…RunOnce: [Delete Cached Update Binary] => C:Windowssystem32cmd.exe /q /c del /q “C:UsersPasathAppDataLocalMicrosoftOneDriveUpdateOneDriveSetup.exe”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…RunOnce: [Delete Cached Standalone Update Binary] => C:Windowssystem32cmd.exe /q /c del /q “C:UsersPasathAppDataLocalMicrosoftOneDriveStandaloneUpdaterOneDriveSetup.exe”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…RunOnce: [Uninstall 21.109.0530.0001] => C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersPasathAppDataLocalMicrosoftOneDrive21.109.0530.0001”

HKUS-1-5-21-4046646743-2370866350-3589897510-1005…RunOnce: [Delete Cached Update Binary] => C:Windowssystem32cmd.exe /q /c del /q “C:UsersPasath StudyAppDataLocalMicrosoftOneDriveUpdateOneDriveSetup.exe”

HKUS-1-5-21-4046646743-2370866350-3589897510-1005…RunOnce: [Delete Cached Standalone Update Binary] => C:Windowssystem32cmd.exe /q /c del /q “C:UsersPasath StudyAppDataLocalMicrosoftOneDriveStandaloneUpdaterOneDriveSetup.exe”

HKUS-1-5-21-4046646743-2370866350-3589897510-1006…Run: [LGHUB] => C:Program FilesLGHUBlghub.exe [123792288 2021-05-08] (Logitech Inc -> Logitech, Inc.)

HKUS-1-5-21-4046646743-2370866350-3589897510-1006…RunOnce: [Delete Cached Update Binary] => C:Windowssystem32cmd.exe /q /c del /q “C:UsersnadinAppDataLocalMicrosoftOneDriveUpdateOneDriveSetup.exe”

HKUS-1-5-21-4046646743-2370866350-3589897510-1006…RunOnce: [Delete Cached Standalone Update Binary] => C:Windowssystem32cmd.exe /q /c del /q “C:UsersnadinAppDataLocalMicrosoftOneDriveStandaloneUpdaterOneDriveSetup.exe”

HKUS-1-5-21-4046646743-2370866350-3589897510-1006…RunOnce: [Uninstall 21.073.0411.0002amd64] => C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersnadinAppDataLocalMicrosoftOneDrive21.073.0411.0002amd64”

HKUS-1-5-21-4046646743-2370866350-3589897510-1006…RunOnce: [Uninstall 21.073.0411.0002] => C:Windowssystem32cmd.exe /q /c rmdir /s /q “C:UsersnadinAppDataLocalMicrosoftOneDrive21.073.0411.0002”

HKLM…PrintMonitorsAdobe PDF Port Monitor: C:Windowssystem32AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)

HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program FilesGoogleChromeApplication91.0.4472.124Installerchrmstp.exe [2021-07-01] (Google LLC -> Google LLC)

Startup: C:UsersPasathAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSend to OneNote.lnk [2021-03-09]

ShortcutTarget: Send to OneNote.lnk -> C:Program FilesMicrosoft OfficerootOffice16ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

 

==================== Scheduled Tasks (Whitelisted) ============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {1486E449-3679-41CB-95BC-72BB4DED9116} – System32TasksNvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program Files (x86)NVIDIA CorporationNvNodenvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {1EC196AD-6DBA-406D-B0FA-6E25D745F49E} – System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)

Task: {23CF17EF-1CAE-4F33-8533-13B3782E2175} – System32TasksNvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {28071DAC-8786-474A-84CD-9270F0C2A6F3} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {351A87EF-2437-45A5-8C00-5557CB02D320} – System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {43497D07-B5EE-4F4C-BA3C-0BA526704237} – System32TasksMozillaFirefox Default Browser Agent 308046B0AF4A39CB => C:Program FilesMozilla Firefoxdefault-browser-agent.exe [690616 2021-07-05] (Mozilla Corporation -> Mozilla Foundation)

Task: {4C579F99-BDCC-43E4-B2EE-7B231FD239C7} – System32TasksMicrosoftVisualStudioUpdatesBackgroundDownload => C:Program Files (x86)Microsoft Visual StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceBackgroundDownload.exe [65448 2021-05-31] (Microsoft Corporation -> Microsoft)

Task: {540BBA0F-C553-48DF-B66F-7AC1EFA1D151} – System32TasksNvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvDriverUpdateCheck” -l 3 -f C:ProgramDataNVIDIANvContainerDriverUpdateCheck.log

Task: {54F1E6D4-DFD4-466B-B613-F8F341B35A30} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5275568 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Task: {674DF641-9F75-46E5-86C8-08F3AE3D5065} – System32TasksCCleaner Update => C:Program FilesCCleanerCCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)

Task: {7A0D6C1D-0C40-4C76-A27E-DF08CCAF40DD} – System32TasksNvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {81E0F5A1-5668-49F2-8E21-300D19BDBC0C} – System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23124896 2021-06-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {83672F28-105C-41EB-9654-1C3F907E0B48} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {857206ED-A67A-4271-83B2-4E367655A049} – System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)

Task: {8B68ECA6-18B5-49A5-8E26-2128813B1008} – System32TasksNvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:Program FilesNVIDIA CorporationNvBackendNvBatteryBoostCheck” -l 3 -f C:ProgramDataNVIDIANvContainerBatteryBoostCheck.log

Task: {91390869-CAAB-4F32-9D5E-08CC6EE7EA9F} – System32TasksNvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {92657352-A613-482C-B399-CD125ED6BA22} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {958BC850-1C58-42CD-A44A-9E7A96E50955} – System32TasksNvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {993EF5AA-FD89-4ED9-9767-A1E226D09FB5} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {ACCC376B-88A2-470B-8570-DC957048F371} – System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147320 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)

Task: {AFFEA287-22B4-4FEB-9E62-53367C1BE7DB} – System32TasksAdobeGCInvoker-1.0 => C:Program Files (x86)Common FilesAdobeAdobeGCClientAGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {BB79804F-D81D-43CA-86D0-2D81D68E2639} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23124896 2021-06-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {BC925A80-6D15-462A-AC90-C270CA432590} – System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {DB32B073-C836-4A1B-A90F-7A65C5905B39} – System32TasksNvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNvBackendNvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {DD9F16EF-69A6-43CE-A006-040AAE780919} – System32TasksNVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationNVIDIA GeForce ExperienceNVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {DE62B510-C410-4984-A0B9-D019C2FB6233} – System32TasksNvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:Program FilesNVIDIA CorporationUpdate CoreNvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)

Task: {EBB4CD77-BA86-41AD-A9D6-B05A8D5BBD5F} – System32Taskselevator_b58b0b144169daf1a5b3ae13ea6f5142 => C:Program Files (x86)SimHubSimHubWPF.exe [3001856 2020-12-24] () [File not signed]

Task: {FED81636-50CA-4496-A5EB-4FB65D3716DA} – System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [147320 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)

Task: {FFB2C646-4F03-4FB5-B688-75F950C7EC80} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5275568 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [S-1-5-21-4046646743-2370866350-3589897510-1001] => Proxy is enabled.

ProxyServer: [S-1-5-21-4046646743-2370866350-3589897510-1001] => http=localhost:8000;https=localhost:8000

Winsock: Catalog5 08 C:Program Files (x86)BonjourmdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)

Winsock: Catalog5-x64 08 C:Program FilesBonjourmdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)

TcpipParameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip..Interfaces{5e8e16e8-c3ee-43cf-9637-64732d145236}: [DhcpNameServer] 192.168.0.1

Tcpip..Interfaces{63178dd4-d9d1-49d9-a60d-1cb2f84c42ff}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip..Interfaces{e8687bbc-a37f-4f29-86b9-0e78cc7ac2c3}: [DhcpNameServer] 192.168.42.129

ManualProxies: 1http=localhost:8000;https=localhost:8000

 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:UsersPasathAppDataLocalMicrosoftEdgeUser DataDefault [2021-07-07]

Edge Extension: (Outlook) – C:UsersPasathAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsbjhmmnoficofgoiacjaajpkfndojknpb [2020-12-25]

Edge Extension: (Word) – C:UsersPasathAppDataLocalMicrosoftEdgeUser DataDefaultExtensionshikhggiobiflkdfdgdajcfklmcibbopi [2020-12-25]

Edge Extension: (Excel) – C:UsersPasathAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsleffmjdabcgaflkikcefahmlgpodjkdm [2020-12-25]

Edge Extension: (PowerPoint) – C:UsersPasathAppDataLocalMicrosoftEdgeUser DataDefaultExtensionsopfacbhaojodjaojgocnibmklknchehf [2020-12-25]

 

FireFox:

========

FF DefaultProfile: 2p748bdw.default

FF ProfilePath: C:UsersPasathAppDataRoamingMozillaFirefoxProfiles2p748bdw.default [2021-03-15]

FF ProfilePath: C:UsersPasathAppDataRoamingMozillaFirefoxProfilesbstjseh7.default-release [2021-07-07]

FF HKLM…FirefoxExtensions: [web2pdfextension.17@acrobat.adobe.com] – C:Program Files (x86)AdobeAcrobat DCAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi

FF Extension: (Adobe Acrobat) – C:Program Files (x86)AdobeAcrobat DCAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi [2020-12-07]

FF HKLM-x32…FirefoxExtensions: [web2pdfextension.17@acrobat.adobe.com] – C:Program Files (x86)AdobeAcrobat DCAcrobatBrowserWCFirefoxExtnWebExtnsigned_extnadobe_acrobat-1.0-windows.xpi

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll [2021-01-20] (Adobe Inc. -> Adobe Systems)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:Program Files (x86)VideoLANVLCnpvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:Program Files (x86)AdobeAcrobat DCAcrobatAirnppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect32.dll [2021-01-20] (Adobe Inc. -> Adobe Systems)

 

Chrome: 

=======

CHR Profile: C:UsersPasathAppDataLocalGoogleChromeUser DataDefault [2021-07-07]

CHR Notifications: Default -> hxxps://fullsend.com; hxxps://www.itonlinelearning.com; hxxps://www.reddit.com

CHR Extension: (Slides) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2020-12-22]

CHR Extension: (Docs) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2020-12-22]

CHR Extension: (Google Drive) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-12-22]

CHR Extension: (YouTube) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-22]

CHR Extension: (Weava Highlighter – PDF & Web) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionscbnaodkpfinfiipjblikofhlhlcickei [2021-04-18]

CHR Extension: (Adobe Acrobat) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsefaidnbmnnnibpcajpcglclefindmkaj [2021-03-11]

CHR Extension: (Sheets) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2020-12-22]

CHR Extension: (Google Docs Offline) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]

CHR Extension: (AdBlock — best ad blocker) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom [2021-06-24]

CHR Extension: (Grammarly for Chrome) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionskbfnbcaeplbcioakkpcpgfkobkghlhen [2021-07-06]

CHR Extension: (Chrome Web Store Payments) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]

CHR Extension: (Bitwarden – Free Password Manager) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsnngceckbapebfimnlniiiahkandclblb [2021-07-02]

CHR Extension: (Netflix Party is now Teleparty) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionsoocalimimngaihdkbihfgmpkcpnmlaoa [2021-07-06]

CHR Extension: (Gmail) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-12-22]

CHR Extension: (Chrome Media Router) – C:UsersPasathAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-02]

CHR HKLM-x32…ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj]

 

==================== Services (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeARMservice; C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

R2 AdobeUpdateService; C:Program Files (x86)Common FilesAdobeAdobe Desktop CommonElevationManagerAdobeUpdateService.exe [852024 2021-01-20] (Adobe Inc. -> Adobe Inc.)

R2 AGMService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:Program Files (x86)Common FilesAdobeAdobeGCClientAGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)

S3 BEService; C:Program Files (x86)Common FilesBattlEyeBEService.exe [8444360 2021-01-02] (BattlEye Innovations e.K. -> )

R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11279752 2021-06-17] (Microsoft Corporation -> Microsoft Corporation)

R2 CorsairGamingAudioConfig; C:WindowsSystem32CorsairGamingAudioCfgService64.exe [616344 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

R2 CorsairService; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)

S3 EasyAntiCheat; C:Program Files (x86)EasyAntiCheatEasyAntiCheat.exe [803952 2020-12-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)

R2 LGHUBUpdaterService; C:Program FilesLGHUBlghub_updater.exe [10605472 2021-05-08] (Logitech Inc -> Logitech, Inc.)

R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7462200 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

R2 McNeelUpdate; C:Program Files (x86)McNeelUpdate5.0McNeelUpdateService.exe [71928 2021-02-23] (Robert McNeel & Associates (TLM, Inc.) -> Robert McNeel & Associates)

R2 MotionSystems AppWatcher32; C:Program Files (x86)Next Level RacingPlatform ManagerMoSyAppWatcherSvc32.exe [324712 2020-11-16] (Motion Systems Michał Stanek -> MotionSystems)

R2 MotionSystems AppWatcher64; C:Program Files (x86)Next Level RacingPlatform ManagerMoSyAppWatcherSvc64.exe [362088 2020-11-16] (Motion Systems Michał Stanek -> MotionSystems)

S3 Origin Client Service; C:Program Files (x86)OriginOriginClientService.exe [2556048 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)

R2 Origin Web Helper Service; C:Program Files (x86)OriginOriginWebHelperService.exe [3474584 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)

R2 RemoteMouseService; C:Program Files (x86)Remote MouseRemoteMouseService.exe [10752 2021-04-30] () [File not signed]

S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 ss_conn_launcher_service; C:WindowsSystem32SamsungEasySetupss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 VSStandardCollectorService150; C:Program Files (x86)Microsoft Visual StudioSharedCommonDiagnosticsHub.Collection.ServiceStandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)

S3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2105.5-0MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a51067c0ac557884Display.NvContainerNVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%NVIDIANVDisplay.ContainerLocalSystem.log -l 3 -d C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a51067c0ac557884Display.NvContainerpluginsLocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystemLocalSystem

 

===================== Drivers (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AppleLowerFilter; C:WindowsSystem32driversAppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)

S3 CorsairGamingAudioService; C:WindowsSystem32driversCorsairGamingAudio64.sys [60312 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:Program Files (x86)CorsairCORSAIR iCUE SoftwareCorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)

R3 CorsairVBusDriver; C:WindowsSystem32driversCorsairVBusDriver.sys [45984 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 CorsairVHidDriver; C:WindowsSystem32driversCorsairVHidDriver.sys [21920 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)

R3 cpuz150; C:Windowstempcpuz150cpuz150_x64.sys [44832 2021-07-07] (CPUID S.A.R.L.U. -> CPUID)

S3 dg_ssudbus; C:Windowssystem32DRIVERSssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R1 ESProtectionDriver; C:Windowssystem32driversmbae64.sys [199128 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

R2 LGHUBTemperatureService; C:Program FilesLGHUBlogi_core_temp.sys [22864 2021-05-08] (Logitech Inc -> Logitech)

R3 logi_joy_bus_enum; C:Windowssystem32driverslogi_joy_bus_enum.sys [37200 2021-05-08] (Logitech Inc -> Logitech)

S3 logi_joy_vir_hid; C:Windowssystem32driverslogi_joy_vir_hid.sys [25928 2021-05-08] (Logitech Inc -> Logitech)

R3 logi_joy_xlcore; C:Windowssystem32driverslogi_joy_xlcore.sys [66896 2021-05-08] (Logitech Inc -> Logitech)

R2 MBAMChameleon; C:WindowsSystem32DriversMbamChameleon.sys [220752 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

S0 MbamElam; C:WindowsSystem32DRIVERSMbamElam.sys [19912 2021-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:WindowsSystem32DRIVERSfarflt.sys [198888 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:Windowssystem32DRIVERSmbam.sys [69016 2021-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:WindowsSystem32Driversmbamswissarmy.sys [248992 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:Windowssystem32DRIVERSmwac.sys [156880 2021-07-07] (Malwarebytes Inc -> Malwarebytes)

S3 ssudmdm; C:Windowssystem32DRIVERSssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 ss_conn_usb_driver2; C:WindowsSystem32Driversss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S0 WdBoot; C:WindowsSystem32driverswdWdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:WindowsSystem32driverswdWdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:WindowsSystem32driverswdWdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)

S3 WinRing0_1_2_0; C:Program Files (x86)SimHubOpenHardwareMonitorLib.sys [14544 2021-01-16] (Noriyuki MIYAZAKI -> OpenLibSys.org)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) (Whitelisted) =========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-07 22:57 – 2021-07-07 23:00 – 000066297 _____ C:UsersPasathDownloadsAddition.txt

2021-07-07 22:56 – 2021-07-07 23:36 – 000036597 _____ C:UsersPasathDownloadsFRST.txt

2021-07-07 22:21 – 2021-07-07 23:36 – 000000000 ____D C:FRST

2021-07-07 22:19 – 2021-07-07 22:20 – 002301440 _____ (Farbar) C:UsersPasathDownloadsFRST64.exe

2021-07-07 21:40 – 2021-07-07 21:41 – 000000000 ____D C:Program FilesCCleaner

2021-07-07 21:40 – 2021-07-07 21:40 – 000003936 _____ C:Windowssystem32TasksCCleaner Update

2021-07-07 21:40 – 2021-07-07 21:40 – 000002890 _____ C:Windowssystem32TasksCCleanerSkipUAC

2021-07-07 21:40 – 2021-07-07 21:40 – 000000863 _____ C:UsersPublicDesktopCCleaner.lnk

2021-07-07 21:40 – 2021-07-07 21:40 – 000000863 _____ C:ProgramDataDesktopCCleaner.lnk

2021-07-07 21:40 – 2021-07-07 21:40 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner

2021-07-07 21:39 – 2021-07-07 21:39 – 035958288 _____ (Piriform Software Ltd) C:UsersPasathDownloadsccsetup582.exe

2021-07-07 20:45 – 2021-07-07 20:45 – 000198888 _____ (Malwarebytes) C:Windowssystem32Driversfarflt.sys

2021-07-07 20:45 – 2021-07-07 20:45 – 000156880 _____ (Malwarebytes) C:Windowssystem32Driversmwac.sys

2021-07-07 20:45 – 2021-07-07 20:45 – 000069016 _____ (Malwarebytes) C:Windowssystem32Driversmbam.sys

2021-07-07 20:42 – 2021-07-07 20:42 – 000248992 _____ (Malwarebytes) C:Windowssystem32Driversmbamswissarmy.sys

2021-07-07 20:42 – 2021-07-07 20:42 – 000220752 _____ (Malwarebytes) C:Windowssystem32DriversMbamChameleon.sys

2021-07-07 20:42 – 2021-07-07 20:42 – 000199128 _____ (Malwarebytes) C:Windowssystem32Driversmbae64.sys

2021-07-07 20:42 – 2021-07-07 20:42 – 000019912 _____ (Malwarebytes) C:Windowssystem32DriversMbamElam.sys

2021-07-07 20:42 – 2021-07-07 20:42 – 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk

2021-07-07 20:42 – 2021-07-07 20:42 – 000002021 _____ C:UsersPublicDesktopMalwarebytes.lnk

2021-07-07 20:42 – 2021-07-07 20:42 – 000002021 _____ C:ProgramDataDesktopMalwarebytes.lnk

2021-07-07 20:42 – 2021-07-07 20:42 – 000000000 ____D C:UsersPasathAppDataLocalmbam

2021-07-07 20:42 – 2021-07-07 20:42 – 000000000 ____D C:ProgramDataMalwarebytes

2021-07-07 20:38 – 2021-07-07 20:38 – 000000000 ____D C:Program FilesMalwarebytes

2021-07-07 20:37 – 2021-07-07 20:37 – 002093656 _____ (Malwarebytes) C:UsersPasathDownloadsMBSetup.exe

2021-07-06 23:34 – 2021-07-06 23:34 – 000000000 ____D C:UsersPasathAppDataLocalOneDrive

2021-07-06 22:17 – 2021-07-06 22:17 – 000592732 _____ C:UsersPasathDownloadsPCP_A2_Presentation.pdf

2021-07-06 16:44 – 2021-07-06 16:44 – 000238135 _____ C:UsersPasathDownloadsdia_site_rules_for_contractors_version_3_0_august_2014.pdf

2021-07-05 23:02 – 2021-07-05 23:02 – 000000000 ____D C:Windowssystem32TasksMozilla

2021-07-05 22:11 – 2021-07-06 23:16 – 000000000 ____D C:Program FilesMozilla Firefox

2021-07-05 21:47 – 2021-07-05 21:47 – 008534023 _____ C:UsersPasathDownloadsBusiness Process Mapping I_Introduction slides.pptx

2021-07-05 21:47 – 2021-07-05 21:47 – 008376466 _____ C:UsersPasathDownloadsBusiness Process Mapping I_Flowcharts slides.pptx

2021-07-05 21:47 – 2021-07-05 21:47 – 007165318 _____ C:UsersPasathDownloadsTopic 1 BP Analysis Part II.pptx

2021-07-05 21:47 – 2021-07-05 21:47 – 006071152 _____ C:UsersPasathDownloadsTopic 1 Process Synthesis.pptx

2021-07-05 21:47 – 2021-07-05 21:47 – 005482905 _____ C:UsersPasathDownloadsTopic 3 Benchmarking.pptx

2021-07-05 21:47 – 2021-07-05 21:47 – 005421368 _____ C:UsersPasathDownloadsTopic 2 Business Process Analysis.pptx

2021-07-05 21:47 – 2021-07-05 21:47 – 004930544 _____ C:UsersPasathDownloadsTopic 2 Six sigma.pptx

2021-07-05 21:46 – 2021-07-05 21:46 – 007183709 _____ C:UsersPasathDownloadsRelationship Maps Slides.pptm

2021-07-05 21:46 – 2021-07-05 21:46 – 005339715 _____ C:UsersPasathDownloadsConcluding mapping Slides.pptx

2021-07-05 21:46 – 2021-07-05 21:46 – 005339715 _____ C:UsersPasathDownloadsConcluding mapping Slides (1).pptx

2021-07-05 21:45 – 2021-07-05 21:45 – 022837996 _____ C:UsersPasathDownloadsTopic 1A(1).pptx

2021-07-05 21:45 – 2021-07-05 21:45 – 014111344 _____ C:UsersPasathDownloadsTopic 1B(1).pptx

2021-07-05 19:27 – 2021-07-05 19:27 – 000002536 _____ C:UsersPasathAppDataLocalrootCert.pfx

2021-07-05 19:26 – 2021-07-07 20:48 – 000000000 ____D C:UsersPasathAppDataRoamingnl6Qjtpu

2021-07-05 19:25 – 2021-07-05 19:25 – 000000486 _____ C:UsersPasathAppDataRoamings1947.vbs

2021-07-05 19:25 – 2021-07-05 19:25 – 000000436 _____ C:UsersPasathAppDataRoamingdrvsetup.txt

2021-07-03 17:04 – 2021-07-03 17:04 – 000336071 _____ C:UsersPasathDownloadsEthics_and_Technology_Controversies,_Questions,_an…_—-_(Chapter_2_Ethical_Concepts_and_Ethical_Theories_Frameworks_for_Analyzi…).pdf

2021-07-02 19:52 – 2021-07-02 19:52 – 000000000 ____D C:UsersPasathAppDataRoamingZ4RV3Bpq

2021-07-02 19:52 – 2021-07-02 19:52 – 000000000 ____D C:UsersPasathAppDataLocalNetSupport

2021-07-02 19:51 – 2021-07-02 19:51 – 000001322 _____ C:UsersPasathDownloadsChrome.Updated.247b30 (2).zip

2021-07-02 19:51 – 2021-07-02 19:51 – 000001322 _____ C:UsersPasathDownloadsChrome.Updated.247b30 (1).zip

2021-07-02 19:50 – 2021-07-02 19:50 – 000001322 _____ C:UsersPasathDownloadsChrome.Updated.247b30.zip

2021-07-02 00:21 – 2021-07-02 00:21 – 000000000 ____D C:UsersPasathAppDataRoamingnpm

2021-07-02 00:21 – 2021-07-02 00:21 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsNode.js

2021-07-01 23:19 – 2021-07-01 23:19 – 009834496 _____ C:UsersPasathDownloadsnode-v0.12.14-x64.msi

2021-07-01 23:15 – 2021-07-01 23:15 – 009497216 _____ (Joyent, Inc) C:UsersPasathDownloadsnode.exe

2021-07-01 19:30 – 2021-07-01 22:29 – 000000000 ____D C:UsersPasathDocumentsUTS

2021-07-01 13:56 – 2021-07-01 13:56 – 000000000 ____D C:UsersPasathAppDataLocalnode-gyp

2021-07-01 13:48 – 2021-07-01 13:48 – 000000000 ____D C:UsersPasath.config

2021-07-01 13:27 – 2021-07-01 13:46 – 000000052 _____ C:UsersPasath.node_repl_history

2021-07-01 13:02 – 2021-07-01 13:02 – 002617172 _____ C:UsersPasathDownloadsangulartemplatefinal-master.zip

2021-06-30 23:49 – 2021-07-01 13:15 – 000000000 ____D C:UsersPasathAppDataLocalnpm-cache

2021-06-30 00:32 – 2021-06-30 00:32 – 000612209 _____ C:UsersPasathDownloadsPCP_A1_Written research report.pdf

2021-06-27 15:48 – 2021-06-27 15:48 – 001824727 _____ C:UsersPasathDownloadsVideo recording guide.pdf

2021-06-09 23:43 – 2021-06-09 23:43 – 002755584 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb

2021-06-09 23:43 – 2021-06-09 23:43 – 002755584 _____ (Microsoft Corporation) C:Windowssystem32mshtml.tlb

2021-06-09 23:43 – 2021-06-09 23:43 – 002260480 _____ (The ICU Project) C:Windowssystem32icu.dll

2021-06-09 23:43 – 2021-06-09 23:43 – 001864192 _____ (The ICU Project) C:WindowsSysWOW64icu.dll

2021-06-09 23:43 – 2021-06-09 23:43 – 001823792 _____ (Microsoft Corporation) C:Windowssystem32winload.efi

2021-06-09 23:43 – 2021-06-09 23:43 – 001393496 _____ (Microsoft Corporation) C:Windowssystem32winresume.efi

2021-06-09 23:43 – 2021-06-09 23:43 – 001314120 _____ (Microsoft Corporation) C:Windowssystem32SecConfig.efi

2021-06-09 23:43 – 2021-06-09 23:43 – 000657464 _____ C:Windowssystem32WindowManagementAPI.dll

2021-06-09 23:43 – 2021-06-09 23:43 – 000568832 _____ (Microsoft Corporation) C:Windowssystem32inetcpl.cpl

2021-06-09 23:43 – 2021-06-09 23:43 – 000563712 _____ (Microsoft Corporation) C:Windowssystem32winspool.drv

2021-06-09 23:43 – 2021-06-09 23:43 – 000468440 _____ C:WindowsSysWOW64WindowManagementAPI.dll

2021-06-09 23:43 – 2021-06-09 23:43 – 000451072 _____ (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl

2021-06-09 23:43 – 2021-06-09 23:43 – 000423936 _____ (Microsoft Corporation) C:WindowsSysWOW64winspool.drv

2021-06-09 23:43 – 2021-06-09 23:43 – 000287232 _____ C:Windowssystem32CoreMas.dll

2021-06-09 23:43 – 2021-06-09 23:43 – 000272384 _____ C:Windowssystem32TpmTool.exe

2021-06-09 23:43 – 2021-06-09 23:43 – 000223744 _____ C:WindowsSysWOW64TpmTool.exe

2021-06-09 23:43 – 2021-06-09 23:43 – 000097280 _____ C:Windowssystem32Driverscimfs.sys

2021-06-09 23:43 – 2021-06-09 23:43 – 000011353 _____ C:Windowssystem32DrtmAuthTxt.wim

 

==================== One month (modified) ==================

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2021-07-07 23:21 – 2021-02-18 22:21 – 000000000 ____D C:UsersPasathAppDataRoamingdiscord

2021-07-07 22:56 – 2020-12-25 15:43 – 000000000 ____D C:UsersPasathAppDataLocalCrashDumps

2021-07-07 22:50 – 2020-11-19 09:41 – 000000000 ____D C:Windowssystem32SleepStudy

2021-07-07 22:40 – 2021-02-18 22:20 – 000000000 ____D C:UsersPasathAppDataLocalDiscord

2021-07-07 22:37 – 2019-12-07 19:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft

2021-07-07 21:22 – 2020-12-29 22:04 – 000000000 ____D C:UsersPasathAppDataRoamingMessenger

2021-07-07 21:22 – 2020-12-29 22:04 – 000000000 ____D C:UsersPasathAppDataLocalMessenger

2021-07-07 20:54 – 2019-12-07 19:03 – 000032768 _____ C:Windowssystem32configELAM

2021-07-07 20:52 – 2021-01-20 10:54 – 000000000 ___HD C:UsersPublicDocumentsAdobeGCData

2021-07-07 20:52 – 2021-01-20 10:54 – 000000000 ___HD C:ProgramDataDocumentsAdobeGCData

2021-07-07 20:47 – 2020-12-23 04:09 – 000795742 _____ C:Windowssystem32PerfStringBackup.INI

2021-07-07 20:47 – 2019-12-07 19:13 – 000000000 ____D C:WindowsINF

2021-07-07 20:45 – 2020-12-23 07:20 – 000000000 ___RD C:UsersPasathOneDrive

2021-07-07 20:43 – 2020-12-23 07:20 – 000003382 _____ C:Windowssystem32TasksOneDrive Standalone Update Task-S-1-5-21-4046646743-2370866350-3589897510-1001

2021-07-07 20:43 – 2020-12-23 07:18 – 000002386 _____ C:UsersPasathAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk

2021-07-07 20:42 – 2020-12-22 21:24 – 000000000 ____D C:ProgramDataNVIDIA

2021-07-07 20:42 – 2019-12-07 19:14 – 000000000 ___HD C:WindowsELAMBKUP

2021-07-07 20:40 – 2020-12-23 04:04 – 000008192 ___SH C:DumpStack.log.tmp

2021-07-07 20:40 – 2020-11-19 09:41 – 000000006 ____H C:WindowsTasksSA.DAT

2021-07-07 20:39 – 2019-12-07 19:03 – 001835008 _____ C:Windowssystem32configBBI

2021-07-07 19:35 – 2021-02-07 20:20 – 000000444 _____ C:Windowssystem32Driversetchosts.ics

2021-07-07 19:21 – 2021-03-08 10:16 – 000004170 _____ C:Windowssystem32TasksUser_Feed_Synchronization-{F70B9164-39D2-4A99-B72B-23D967B87CAD}

2021-07-06 23:24 – 2021-03-15 20:58 – 000000000 ____D C:UsersPasathAppDataLocalLowMozilla

2021-07-06 23:24 – 2021-03-15 20:58 – 000000000 ____D C:ProgramDataMozilla

2021-07-06 23:20 – 2020-12-23 07:18 – 000000000 ____D C:UsersPasathAppDataLocalPackages

2021-07-06 23:16 – 2021-03-15 20:58 – 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service

2021-07-06 10:03 – 2019-12-07 19:03 – 000000000 ____D C:WindowsCbsTemp

2021-07-05 23:02 – 2021-03-15 20:58 – 000001005 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk

2021-07-05 04:22 – 2020-12-25 16:48 – 000000000 ____D C:UsersPasathAppDataRoamingSpotify

2021-07-04 11:27 – 2019-12-07 19:14 – 000000000 ____D C:WindowsAppReadiness

2021-07-03 15:23 – 2020-12-25 16:48 – 000000000 ____D C:UsersPasathAppDataLocalSpotify

2021-07-03 12:03 – 2020-11-19 09:44 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk

2021-07-03 12:03 – 2020-11-19 09:44 – 000002276 _____ C:UsersPublicDesktopMicrosoft Edge.lnk

2021-07-03 12:03 – 2020-11-19 09:44 – 000002276 _____ C:ProgramDataDesktopMicrosoft Edge.lnk

2021-07-03 12:03 – 2019-12-07 19:14 – 000000000 ___HD C:Program FilesWindowsApps

2021-07-02 18:58 – 2020-11-19 09:44 – 000003480 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineUA

2021-07-02 18:58 – 2020-11-19 09:44 – 000003356 _____ C:Windowssystem32TasksMicrosoftEdgeUpdateTaskMachineCore

2021-07-02 01:20 – 2021-01-09 21:06 – 000000000 ____D C:UsersPasathAppDataRoamingvlc

2021-07-01 13:48 – 2020-12-23 07:18 – 000000000 ___HD C:UsersPasath

2021-07-01 13:03 – 2021-04-26 21:46 – 000000000 ____D C:UsersPasathwork

2021-07-01 13:01 – 2020-12-22 20:55 – 000002247 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk

2021-07-01 13:01 – 2020-12-22 20:55 – 000002206 _____ C:UsersPublicDesktopGoogle Chrome.lnk

2021-07-01 13:01 – 2020-12-22 20:55 – 000002206 _____ C:ProgramDataDesktopGoogle Chrome.lnk

2021-07-01 07:32 – 2020-12-25 16:13 – 000000000 ____D C:Program Files (x86)Steam

2021-06-30 19:18 – 2020-12-29 22:19 – 000000000 ____D C:Program Files (x86)Origin

2021-06-27 21:50 – 2020-12-29 22:16 – 000000000 ____D C:ProgramDataOrigin

2021-06-27 16:50 – 2020-12-29 22:16 – 000000000 ____D C:UsersPasathAppDataLocalOrigin

2021-06-24 00:34 – 2020-12-29 21:29 – 000000000 ____D C:Program FilesMicrosoft Office

2021-06-22 21:45 – 2021-01-16 21:45 – 000000000 ____D C:UsersPasathAppDataLocalElevatedDiagnostics

2021-06-19 00:06 – 2020-12-29 22:16 – 000000000 ____D C:UsersPasathAppDataRoamingOrigin

2021-06-18 22:01 – 2021-02-20 23:13 – 000000000 ____D C:Program FilesMicrosoft Update Health Tools

2021-06-12 21:54 – 2020-11-19 09:41 – 000000000 ____D C:Windowssystem32Driverswd

2021-06-10 22:30 – 2021-01-20 11:05 – 000002114 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Acrobat Distiller DC.lnk

2021-06-10 22:30 – 2021-01-20 11:05 – 000002103 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAdobe Acrobat DC.lnk

2021-06-10 00:27 – 2019-12-07 19:14 – 000000000 ___RD C:WindowsImmersiveControlPanel

2021-06-10 00:26 – 2020-11-19 09:41 – 000479120 _____ C:Windowssystem32FNTCACHE.DAT

2021-06-10 00:25 – 2019-12-08 00:49 – 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection

2021-06-10 00:25 – 2019-12-08 00:45 – 000000000 ____D C:Windowssystem32Driversen-GB

2021-06-10 00:25 – 2019-12-08 00:45 – 000000000 ____D C:Windowsen-GB

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ___RD C:WindowsPrintDialog

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:WindowsSysWOW64lv-LV

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:WindowsSysWOW64et-EE

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:WindowsSysWOW64Dism

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:WindowsSystemResources

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:Windowssystem32oobe

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:Windowssystem32migwiz

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:Windowssystem32lv-LV

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:Windowssystem32et-EE

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:Windowssystem32Dism

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:WindowsPolicyDefinitions

2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:Windowsbcastdvr

2021-06-09 23:39 – 2020-12-26 22:12 – 000000000 ____D C:Windowssystem32MRT

2021-06-09 23:38 – 2020-12-26 22:12 – 132447432 ____C (Microsoft Corporation) C:Windowssystem32MRT.exe

2021-06-09 21:04 – 2020-12-26 18:22 – 000002136 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk

 

==================== Files in the root of some directories ========

 

2021-07-05 19:25 – 2021-07-05 19:25 – 000000436 _____ () C:UsersPasathAppDataRoamingdrvsetup.txt

2021-07-05 19:25 – 2021-07-05 19:25 – 000000486 _____ () C:UsersPasathAppDataRoamings1947.vbs

2021-01-24 12:13 – 2021-03-08 22:24 – 000000128 _____ () C:UsersPasathAppDataRoamingwinscp.rnd

2021-01-20 11:06 – 2021-01-20 11:06 – 000000000 _____ () C:UsersPasathAppDataLocaloobelibMkey.log

2021-07-05 19:27 – 2021-07-05 19:27 – 000002536 _____ () C:UsersPasathAppDataLocalrootCert.pfx

 

==================== SigCheck ============================

 

(There is no automatic fix for files that do not pass verification.)

 

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2021

Ran by Pasath (07-07-2021 23:36:41)

Running from C:UsersPasathDownloads

Windows 10 Pro Version 20H2 19042.1052 (X64) (2020-12-22 18:05:51)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

Administrator (S-1-5-21-4046646743-2370866350-3589897510-500 – Administrator – Disabled)

DefaultAccount (S-1-5-21-4046646743-2370866350-3589897510-503 – Limited – Disabled)

Guest (S-1-5-21-4046646743-2370866350-3589897510-501 – Limited – Disabled)

nadin (S-1-5-21-4046646743-2370866350-3589897510-1006 – Limited – Enabled) => C:Usersnadin

pasat (S-1-5-21-4046646743-2370866350-3589897510-1003 – Limited – Enabled)

Pasath (S-1-5-21-4046646743-2370866350-3589897510-1001 – Administrator – Enabled) => C:UsersPasath

Pasath Study (S-1-5-21-4046646743-2370866350-3589897510-1005 – Limited – Enabled) => C:UsersPasath Study

sliya (S-1-5-21-4046646743-2370866350-3589897510-1004 – Limited – Disabled)

tliya (S-1-5-21-4046646743-2370866350-3589897510-1002 – Limited – Disabled)

WDAGUtilityAccount (S-1-5-21-4046646743-2370866350-3589897510-504 – Limited – Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

 

==================== Installed Programs ======================

 

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat DC (HKLM-x32…{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20048 – Adobe Systems Incorporated)

Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20048 – Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32…Adobe Creative Cloud) (Version: 5.3.1.470 – Adobe Inc.)

Adobe Genuine Service (HKLM-x32…AdobeGenuineService) (Version:  – Adobe)

Adobe Illustrator 2021 (HKLM-x32…ILST_25_2) (Version: 25.2 – Adobe Inc.)

Adobe InDesign 2021 (HKLM-x32…IDSN_16_1) (Version: 16.1 – Adobe Inc.)

Adobe Photoshop 2021 (HKLM-x32…PHSP_22_2) (Version: 22.2.0.183 – Adobe Inc.)

Amazon Redshift ODBC Driver 64-bit (HKLM…{960BF695-03D5-48CF-9DC2-6AC5800C4FBE}) (Version: 1.4.10.1000 – Amazon Web Services, Inc.)

AMD Chipset Software (HKLM-x32…AMD_Chipset_IODrivers) (Version: 2.10.26.336 – Advanced Micro Devices, Inc.)

AMD_Chipset_Drivers (HKLM-x32…{b7b5b85e-6364-4ab4-ab0f-3a89b0de0fe2}) (Version: 2.10.26.336 – Advanced Micro Devices, Inc.) Hidden

Audacity 3.0.0 (HKLM-x32…Audacity_is1) (Version: 3.0.0 – Audacity Team)

Bonjour (HKLM…{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 – Apple Inc.) Hidden

Brackets (HKLM-x32…{43086E55-5B37-4DA8-852F-EEC6C75ECFE9}) (Version: 1.14.17770 – brackets.io)

CCleaner (HKLM…CCleaner) (Version: 5.82 – Piriform)

ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32…{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 – Microsoft Corporation) Hidden

CORSAIR iCUE Software (HKLM-x32…{10730A22-FBFF-43C4-92EA-1583832711B4}) (Version: 3.37.140 – Corsair)

Cyberduck (HKLM…{FD14D6A7-844D-4253-97BE-4BA8370AB4C6}) (Version: 7.8.2.34203 – iterate GmbH) Hidden

Cyberduck (HKLM-x32…{2159f06f-36c3-4105-8668-3d62bc4c8859}) (Version: 7.8.2.34203 – iterate GmbH)

DiagnosticsHub_CollectionService (HKLM…{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 – Microsoft Corporation) Hidden

Discord (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Discord) (Version: 0.0.309 – Discord Inc.)

Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32…{F878746A-C5F7-420A-A672-4DFEF74ADC3A}) (Version: 6.2.0.0 – Microsoft Corporation) Hidden

Epic Games Launcher (HKLM-x32…{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 – Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (HKLM…{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Excel (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 – Excel)

Git version 2.30.0.2 (HKLM…Git_is1) (Version: 2.30.0.2 – The Git Development Community)

GitKraken (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…gitkraken) (Version: 7.5.0 – Axosoft, LLC)

Google Chrome (HKLM-x32…Google Chrome) (Version: 91.0.4472.124 – Google LLC)

Guitar Rig 6 (HKLM…Guitar Rig 6 Pro_is1) (Version: 6.1.1 – Native Instruments & Team V.R)

icecap_collection_neutral (HKLM-x32…{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 – Microsoft Corporation) Hidden

icecap_collection_x64 (HKLM…{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 – Microsoft Corporation) Hidden

icecap_collectionresources (HKLM-x32…{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 – Microsoft Corporation) Hidden

icecap_collectionresourcesx64 (HKLM-x32…{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 – Microsoft Corporation) Hidden

Intel® Wireless Bluetooth® (HKLM-x32…{00000030-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.30.0.5 – Intel Corporation)

IntelliTraceProfilerProxy (HKLM-x32…{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 – Microsoft Corporation) Hidden

Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32…{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 – Microsoft Corporation)

Launcher Prerequisites (x64) (HKLM-x32…{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden

Logitech G HUB (HKLM…{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.3.9205 – Logitech)

Malwarebytes version 4.4.2.123 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 – Malwarebytes)

MAMP & MAMP PRO 4.2.0 version 4.2.0 (HKLM-x32…{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 4.2.0 – MAMP GmbH)

Messenger 97.11.116 (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 97.11.116 – Facebook, Inc.)

Microsoft .NET SDK 5.0.300 (x64) from Visual Studio (HKLM…{7D721068-4D31-4A38-B152-A4112C38708E}) (Version: 5.3.21.26805 – Microsoft Corporation)

Microsoft 365 Apps for enterprise – en-us (HKLM…O365ProPlusRetail – en-us) (Version: 16.0.14026.20308 – Microsoft Corporation)

Microsoft Edge (HKLM-x32…Microsoft Edge) (Version: 91.0.864.64 – Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32…Microsoft EdgeWebView) (Version: 91.0.864.64 – Microsoft Corporation)

Microsoft ODBC Driver 17 for SQL Server (HKLM…{E36FFC78-D25E-4962-872B-9CE0E50E62CD}) (Version: 17.5.1.1 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…OneDriveSetup.exe) (Version: 21.119.0613.0001 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-4046646743-2370866350-3589897510-1005…OneDriveSetup.exe) (Version: 21.002.0104.0005 – Microsoft Corporation)

Microsoft OneDrive (HKUS-1-5-21-4046646743-2370866350-3589897510-1006…OneDriveSetup.exe) (Version: 21.083.0425.0003 – Microsoft Corporation)

Microsoft Server Speech Platform Runtime (x64) (HKLM…{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM…{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 – Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32…{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 – Microsoft Corporation)

Microsoft Teams (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Teams) (Version: 1.3.00.34662 – Microsoft Corporation)

Microsoft Update Health Tools (HKLM…{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 – Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM…{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 – Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022 (HKLM-x32…{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 – Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM…{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32…{f9b04b37-35d5-4a19-a51b-fcf4a8734851}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32…{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32…{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40649 (HKLM-x32…{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32…{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32…{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32…{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32…{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32…{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)

Microsoft Visual Studio Code (User) (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.55.2 – Microsoft Corporation)

Microsoft Visual Studio Installer (HKLM…{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.10.2174.31177 – Microsoft Corporation)

Mozilla Firefox 89.0.2 (x64 en-US) (HKLM…Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 – Mozilla)

Mozilla Maintenance Service (HKLM…MozillaMaintenanceService) (Version: 86.0.1 – Mozilla)

Next Level Racing Platform Manager 2.109.2011.16 (HKLM…{C08C3571-0FBF-4455-8BF2-7046409AE507}) (Version: 2.109.2011.16 – MotionSystems.eu)

Node.js (HKLM…{1B49F0F2-1F28-471C-BA3E-C3DBB3665BEA}) (Version: 0.12.14 – Node.js Foundation)

Notion 2.0.16 (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.16 – Notion Labs, Incorporated)

NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 – NVIDIA Corporation)

NVIDIA GeForce Experience 3.22.0.32 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 – NVIDIA Corporation)

NVIDIA Graphics Driver 460.89 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 – NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.38.40 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 – NVIDIA Corporation)

NVIDIA PhysX System Software 9.19.0218 (HKLM…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20308 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20308 – Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20246 – Microsoft Corporation) Hidden

Origin (HKLM-x32…Origin) (Version: 10.5.101.48500 – Electronic Arts, Inc.)

Outlook (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 – Outlook)

Paradox Launcher v2 (HKLM…{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 – Paradox Interactive)

PowerPoint (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…319814cb56b667dff88f54e08be8f51f) (Version: 1.0 – PowerPoint)

Promontory_GPIO Driver (HKLM-x32…{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 – Advanced Micro Devices, Inc.) Hidden

psqlODBC_x64 (HKLM…{3F8971B0-061B-4163-9D3F-EA94151B2FCF}) (Version: 09.06.0504 – PostgreSQL Global Development Group)

Python 3.9.4 (64-bit) (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…{8a52f2bf-c3d0-4872-bc3d-61f6eab0cbf2}) (Version: 3.9.4150.0 – Python Software Foundation)

Python 3.9.4 Core Interpreter (64-bit) (HKLM…{1C17C2CE-B315-4C1C-885A-E37181C7368E}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 Development Libraries (64-bit) (HKLM…{CB856DD1-55A4-42B3-B676-73DDE515A589}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 Documentation (64-bit) (HKLM…{73524E2A-5D97-4CB8-8438-5FE8F9653F1C}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 Executables (64-bit) (HKLM…{EDBB67F1-B275-4AC6-9D32-0A033570A705}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 pip Bootstrap (64-bit) (HKLM…{1FDC7BC3-4CE5-4236-A8C2-0C4A7AFFDFA4}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 Standard Library (64-bit) (HKLM…{91ED5736-9D50-4991-87DC-CFB0492D1A22}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM…{4E0E4F08-ECD0-4737-ABFC-030B702AC2BF}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 Test Suite (64-bit) (HKLM…{F12FD64B-8964-4F40-8448-7FA3955C5AD6}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python 3.9.4 Utility Scripts (64-bit) (HKLM…{BBCC595F-93C2-4054-9565-8F4F19B3D706}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden

Python Launcher (HKLM-x32…{BDD80906-41E0-43DB-8C65-D8BCCEB3A3F8}) (Version: 3.9.7400.0 – Python Software Foundation)

Realtek Ethernet Controller Driver (HKLM-x32…{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.42.526.2020 – Realtek)

Remote Mouse version 4.000 (HKLM-x32…{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 4.000 – Remote Mouse)

Rhino 7 (HKLM…{21A8E9ED-1B91-42C3-8C0F-ECF0DE3C2C8E}) (Version: 7.3.21053.23031 – Robert McNeel & Associates) Hidden

Rhino 7 (HKLM-x32…{ea1f3dca-3045-4622-998a-fc35aeaafa8d}) (Version: 7.3.21053.23031 – Robert McNeel & Associates)

Rhino Installer Engine (HKLM…{FD6BB71B-2563-4191-9DC3-1CEB8DC8CD50}) (Version: 7.3.21053.23031 – Robert McNeel & Associates) Hidden

Rhinoceros 7 Language Pack Installer (en-US) (HKLM…{D2D611C6-C538-488B-B416-A86965B4AD87}) (Version: 7.3.21053.23031 – Robert McNeel & Associates) Hidden

SimHub version 7.3.2 (HKLM-x32…{019253FE-5A17-42BE-A6B8-D71A729FA5DE}_is1) (Version: 7.3.2 – Wotever)

Spotify (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…Spotify) (Version: 1.1.62.583.gdac868ed – Spotify AB)

STAR WARS Battlefront II (HKLM-x32…{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 – Electronic Arts)

STAR WARS: Squadrons (HKLM-x32…{04e47f47-22cd-436d-a373-472125e7fcd6}) (Version: 1.0.9.35700 – Electronic Arts)

Steam (HKLM-x32…Steam) (Version: 2.10.91.91 – Valve Corporation)

Tableau 2020.4 (20204.21.0114.0916) (HKLM…{98A12BE9-601A-4248-A60F-01F347D81693}) (Version: 20.4.1644 – Tableau Software) Hidden

Tableau 2020.4 (20204.21.0114.0916) (HKLM-x32…{03a3fb07-5afb-4479-a29e-c2e4110b3ff0}) (Version: 20.4.1644 – Tableau Software)

Teams Machine-Wide Installer (HKLM-x32…{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.26064 – Microsoft Corporation)

TypeScript SDK (HKLM-x32…{C34D7309-4E94-4B6A-ABE8-C1EE566E9C1F}) (Version: 4.2.4.0 – Microsoft Corporation) Hidden

Ubisoft Connect (HKLM-x32…Uplay) (Version: 38.2 – Ubisoft)

Update for  (KB2504637) (HKLM-x32…{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 – Microsoft Corporation)

vcpp_crt.redist.clickonce (HKLM-x32…{C1971FA7-C832-480E-91DC-21FBB0794C32}) (Version: 14.29.30037 – Microsoft Corporation) Hidden

Visual Studio Community 2019 (HKLM-x32…11c06eb7) (Version: 16.10.31321.278 – Microsoft Corporation)

VLC media player (HKLM-x32…VLC media player) (Version: 3.0.11 – VideoLAN)

VS Immersive Activate Helper (HKLM-x32…{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

VS JIT Debugger (HKLM…{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

VS Script Debugging Common (HKLM…{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden

vs_BlendMsi (HKLM-x32…{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_clickoncebootstrappermsi (HKLM-x32…{6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26}) (Version: 16.10.31206 – Microsoft Corporation) Hidden

vs_clickoncebootstrappermsires (HKLM-x32…{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_clickoncesigntoolmsi (HKLM-x32…{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_communitymsi (HKLM-x32…{F2362422-8A5F-473B-B793-E9592B1EA9FA}) (Version: 16.10.31306 – Microsoft Corporation) Hidden

vs_communitymsires (HKLM-x32…{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 – Microsoft Corporation) Hidden

vs_devenvmsi (HKLM-x32…{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_filehandler_amd64 (HKLM-x32…{8B6AE4FB-1E51-4BB4-B52C-CAC8A0340310}) (Version: 16.10.31206 – Microsoft Corporation) Hidden

vs_filehandler_x86 (HKLM-x32…{B0AA3BF6-3C13-4C9A-A043-4CEFBBE0A2D3}) (Version: 16.10.31206 – Microsoft Corporation) Hidden

vs_FileTracker_Singleton (HKLM-x32…{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 – Microsoft Corporation) Hidden

vs_minshellinteropmsi (HKLM-x32…{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 – Microsoft Corporation) Hidden

vs_minshellmsi (HKLM-x32…{E6B8D127-6C17-4E21-BA5C-B1D0C322BBA2}) (Version: 16.10.31320 – Microsoft Corporation) Hidden

vs_minshellmsires (HKLM-x32…{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 – Microsoft Corporation) Hidden

vs_SQLClickOnceBootstrappermsi (HKLM-x32…{9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B}) (Version: 16.10.31205 – Microsoft Corporation) Hidden

vs_tipsmsi (HKLM-x32…{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 – Microsoft Corporation) Hidden

vs_vswebprotocolselectormsi (HKLM-x32…{634F7BE2-E181-4544-946F-B8BA774B9059}) (Version: 16.10.31206 – Microsoft Corporation) Hidden

WinSCP 5.17.9 (HKLM-x32…winscp3_is1) (Version: 5.17.9 – Martin Prikryl)

Word (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 – Word)

Zoom (HKUS-1-5-21-4046646743-2370866350-3589897510-1001…ZoomUMX) (Version: 5.5.4 (13142.0301) – Zoom Video Communications, Inc.)

 

Packages:

=========

Acrobat Notification Client -> C:Program FilesWindowsAppsAcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-20] (Adobe Systems Incorporated)

Adobe Notification Client -> C:Program FilesWindowsAppsAdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-02-28] (Adobe Systems Incorporated)

Age of Empires II: Definitive Edition -> C:Program FilesWindowsAppsMicrosoft.MSPhoenix_101.101.47820.0_x64__8wekyb3d8bbwe [2021-05-05] (Microsoft Studios)

F1 2019 PC GP -> C:Program FilesWindowsAppsCodemastersSoftwareCompan.F12019PCGP_1.66.9979.0_x64__4cfye3zbe1gaw [2021-01-03] (Codemasters Software Company Limited)

Forza Horizon 4 -> C:Program FilesWindowsAppsMicrosoft.SunriseBaseGame_1.472.937.2_x64__8wekyb3d8bbwe [2021-07-01] (Microsoft Studios)

Forza Horizon 4 Formula Drift Car Pack -> C:Program FilesWindowsAppsMicrosoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2021-02-15] (Microsoft Studios)

Forza Motorsport 7 -> C:Program FilesWindowsAppsMicrosoft.ApolloBaseGame_1.174.4791.2_x64__8wekyb3d8bbwe [2020-12-30] (Microsoft Studios)

Forza Motorsport 7 Hoonigan Car Pack -> C:Program FilesWindowsAppsMicrosoft.ForzaMotorsport7PreorderBonus_1.3.3.2_neutral__8wekyb3d8bbwe [2020-12-30] (Microsoft Studios)

freda epub ebook reader -> C:Program FilesWindowsApps5957Turnipsoft.freda_4.39.4.0_x64__ypmq2qh89vmny [2021-06-24] (Turnipsoft)

LIFX -> C:Program FilesWindowsAppsLIFX.LIFXAllJoyn_1.8.7.0_x64__12cgvk5sr8bq2 [2021-06-07] (LIFX)

Microsoft Flight Simulator -> C:Program FilesWindowsAppsMicrosoft.FlightSimulator_1.17.3.0_x64__8wekyb3d8bbwe [2021-06-19] (Microsoft Studios)

Microsoft Flight Simulator Digital Ownership -> C:Program FilesWindowsAppsMicrosoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-12-25] (Microsoft Studios)

Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]

No Man’s Sky -> C:Program FilesWindowsAppsHelloGames.NoMansSky_3.53.8275.0_x64__bs190hzg1sesy [2021-06-17] (Hello Games)

NVIDIA Control Panel -> C:Program FilesWindowsAppsNVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-04] (NVIDIA Corp.)

Prison Architect UWP -> C:Program FilesWindowsAppsParadoxInteractive.PrisonArchitectUWP_1.0.39.0_x64__zfnrdv2de78ny [2021-06-30] (Paradox Interactive)

 

==================== Custom CLSID (Whitelisted): ==============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKUS-1-5-21-4046646743-2370866350-3589897510-1001_ClassesCLSID{0E270DAA-1BE6-48F2-AC49-0AD74CA922A7} -> [Creative Cloud Files] => C:UsersPasathCreative Cloud Files [2021-01-20 10:57]

CustomCLSID: HKUS-1-5-21-4046646743-2370866350-3589897510-1001_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UsersPasathAppDataLocalMicrosoftTeamsMeetingAddin1.0.20289.5x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKUS-1-5-21-4046646743-2370866350-3589897510-1001_ClassesCLSID{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}InprocServer32 -> C:UsersPasathAppDataLocalMicrosoftTeamsMeetingAddin1.0.20244.4x64Microsoft.Teams.AddinLoader.dll => No File

CustomCLSID: HKUS-1-5-21-4046646743-2370866350-3589897510-1001_ClassesCLSID{e8c77137-e224-5791-b6e9-ff0305797a13}InprocServer32 -> C:Program Files (x86)AdobeAdobe Creative CloudUtilsnpAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)

ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )

ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:Program Files (x86)AdobeAcrobat DCAcrobat ElementsContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-07-07] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:WindowsSystem32DriverStoreFileRepositorynv_dispi.inf_amd64_a51067c0ac557884nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:Program Files (x86)Common FilesAdobeCoreSyncExtensionCoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:Program Files (x86)AdobeAcrobat DCAcrobat ElementsContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-07-07] (Malwarebytes Corporation -> Malwarebytes)

 

==================== Codecs (Whitelisted) ====================

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:UsersPasathAppDataRoamingMicrosoftWindowsStart MenuProgramsExcel.lnk -> C:Program Files (x86)MicrosoftEdgeApplicationmsedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=leffmjdabcgaflkikcefahmlgpodjkdm

ShortcutWithArgument: C:UsersPasathAppDataRoamingMicrosoftWindowsStart MenuProgramsOutlook.lnk -> C:Program Files (x86)MicrosoftEdgeApplicationmsedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=bjhmmnoficofgoiacjaajpkfndojknpb

ShortcutWithArgument: C:UsersPasathAppDataRoamingMicrosoftWindowsStart MenuProgramsPowerPoint.lnk -> C:Program Files (x86)MicrosoftEdgeApplicationmsedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=opfacbhaojodjaojgocnibmklknchehf

ShortcutWithArgument: C:UsersPasathAppDataRoamingMicrosoftWindowsStart MenuProgramsWord.lnk -> C:Program Files (x86)MicrosoftEdgeApplicationmsedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=hikhggiobiflkdfdgdajcfklmcibbopi

 

==================== Loaded Modules (Whitelisted) =============

 

2020-12-29 20:25 – 2020-12-29 20:25 – 000357376 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareActionsConverters.dll

2020-12-29 20:05 – 2020-12-29 20:05 – 000760832 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareLegacyCommands.dll

2020-12-29 20:05 – 2020-12-29 20:05 – 000744960 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareLegacyNotifications.dll

2020-12-29 20:04 – 2020-12-29 20:04 – 000658944 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareMobileProto.dll

2020-12-29 20:05 – 2020-12-29 20:05 – 000203776 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareModelHelpers.dll

2020-12-29 20:04 – 2020-12-29 20:04 – 000209408 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarequazip.dll

2020-12-29 20:04 – 2020-12-29 20:04 – 000101376 _____ () [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarezlib.dll

2021-07-07 20:40 – 2021-07-07 20:40 – 000005120 _____ () [File not signed] C:UsersPasathAppDataLocalTempForceSeatPM_Main-kXPFZXoutput.dll

2020-12-29 21:55 – 2020-12-29 21:55 – 000000000 ____L (Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16AppVIsvSubsystems64.dll

2020-12-29 21:55 – 2020-12-29 21:55 – 000000000 ____L (Microsoft Corporation) C:Program FilesMicrosoft OfficerootOffice16c2r64.dll

2020-12-29 01:48 – 2019-04-19 17:12 – 001391104 _____ (Remote Mouse) [File not signed] C:Program Files (x86)Remote Mousewindows_api.dll

2020-11-15 14:51 – 2020-11-15 14:51 – 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE SoftwareSiUSBXp.dll

2019-12-21 19:53 – 2019-12-21 19:53 – 001276928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerLIBEAY32.dll

2019-12-21 19:53 – 2019-12-21 19:53 – 000276992 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:Program Files (x86)Next Level RacingPlatform Managerssleay32.dll

2020-12-29 22:19 – 2020-12-29 22:19 – 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:Program Files (x86)OriginLIBEAY32.dll

2020-12-29 22:19 – 2020-12-29 22:19 – 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:Program Files (x86)Originssleay32.dll

2020-12-29 20:04 – 2020-12-29 20:04 – 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarelibcrypto-1_1.dll

2020-12-29 20:04 – 2020-12-29 20:04 – 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:Program Files (x86)CorsairCORSAIR iCUE Softwarelibssl-1_1.dll

2020-12-29 22:19 – 2020-12-29 22:19 – 001611264 _____ (The Qt Company Ltd) [File not signed] C:Program Files (x86)Originplatformsqwindows.dll

2021-06-30 19:18 – 2020-12-29 22:19 – 005487104 _____ (The Qt Company Ltd) [File not signed] C:Program Files (x86)OriginQt5Core.dll

2021-06-30 19:18 – 2020-12-29 22:19 – 005841920 _____ (The Qt Company Ltd) [File not signed] C:Program Files (x86)OriginQt5Gui.dll

2021-06-30 19:18 – 2020-12-29 22:19 – 001179136 _____ (The Qt Company Ltd) [File not signed] C:Program Files (x86)OriginQt5Network.dll

2021-06-30 19:18 – 2020-12-29 22:19 – 000146432 _____ (The Qt Company Ltd) [File not signed] C:Program Files (x86)OriginQt5WebSockets.dll

2021-06-30 19:18 – 2020-12-29 22:19 – 005089792 _____ (The Qt Company Ltd) [File not signed] C:Program Files (x86)OriginQt5Widgets.dll

2021-06-30 19:18 – 2020-12-29 22:19 – 000184832 _____ (The Qt Company Ltd) [File not signed] C:Program Files (x86)OriginQt5Xml.dll

2020-10-11 07:22 – 2020-10-11 07:22 – 000027648 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform Managerimageformatsqgif.dll

2020-10-11 07:21 – 2020-10-11 07:21 – 000026112 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform Managerimageformatsqico.dll

2020-10-11 07:23 – 2020-10-11 07:23 – 000365568 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform Managerimageformatsqjpeg.dll

2020-10-11 07:25 – 2020-10-11 07:25 – 000021504 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform Managerimageformatsqsvg.dll

2020-10-11 07:24 – 2020-10-11 07:24 – 001176576 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform Managerplatformsqwindows.dll

2020-10-11 07:11 – 2020-10-11 07:11 – 005107200 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Core.dll

2020-10-11 07:16 – 2020-10-11 07:16 – 005193728 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Gui.dll

2020-10-11 07:15 – 2020-10-11 07:15 – 000994816 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Network.dll

2020-10-11 07:30 – 2020-10-11 07:30 – 003113984 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Qml.dll

2020-10-11 07:33 – 2020-10-11 07:33 – 003112448 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Quick.dll

2020-10-11 07:25 – 2020-10-11 07:25 – 000254976 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Svg.dll

2020-10-11 07:20 – 2020-10-11 07:20 – 004416000 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Widgets.dll

2020-10-11 07:12 – 2020-10-11 07:12 – 000149504 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform ManagerQt5Xml.dll

2020-10-11 07:23 – 2020-10-11 07:23 – 000122880 _____ (The Qt Company Ltd.) [File not signed] C:Program Files (x86)Next Level RacingPlatform Managerstylesqwindowsvistastyle.dll

 

==================== Alternate Data Streams (Whitelisted) ========

 

==================== Safe Mode (Whitelisted) ==================

 

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

 

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”

HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

 

==================== Association (Whitelisted) =================

 

==================== Internet Explorer (Whitelisted) ==========

 

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:Program Files (x86)Common FilesAdobeAcrobatWCIEActiveXDCx64AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:Program Files (x86)Common FilesAdobeAcrobatWCIEActiveXDCx64AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:Program Files (x86)Common FilesAdobeAcrobatWCIEActiveXDCAcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:Program Files (x86)Common FilesAdobeAcrobatWCIEActiveXDCAcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:Program Files (x86)Common FilesAdobeAcrobatWCIEActiveXDCx64AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:Program Files (x86)Common FilesAdobeAcrobatWCIEActiveXDCAcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKUS-1-5-21-4046646743-2370866350-3589897510-1001…sharepoint.com -> hxxps://studentutsedu-files.sharepoint.com

 

==================== Hosts content: =========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2019-12-07 19:14 – 2019-12-07 19:12 – 000000824 _____ C:Windowssystem32driversetchosts

 

2021-02-07 20:20 – 2021-07-07 19:35 – 000000444 _____ C:Windowssystem32driversetchosts.ics

92.168.137.1 DESKTOP-97O75D8.mshome.net # 2026 3 2 3 10 30 45 185

 

==================== Other Areas ===========================

 

(Currently there is no automatic fix for this section.)

 

HKUS-1-5-21-4046646743-2370866350-3589897510-1001Control PanelDesktop\Wallpaper -> C:UsersPasathAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackground240060.jpg

HKUS-1-5-21-4046646743-2370866350-3589897510-1005Control PanelDesktop\Wallpaper -> C:WindowswebwallpaperWindowsimg0.jpg

HKUS-1-5-21-4046646743-2370866350-3589897510-1006Control PanelDesktop\Wallpaper -> C:UsersnadinAppDataLocalMicrosoftWindowsThemesRoamedThemeFilesDesktopBackgroundrose_books_texts_119588_1920x1080.jpg

DNS Servers: 192.168.1.1

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(If an entry is included in the fixlist, it will be removed.)

 

HKLM…StartupApprovedRun: => “SecurityHealth”

HKLM…StartupApprovedRun32: => “TeamsMachineInstaller”

HKLM…StartupApprovedRun32: => “Adobe Creative Cloud”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…StartupApprovedRun: => “EpicGamesLauncher”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…StartupApprovedRun: => “LGHUB”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…StartupApprovedRun: => “OneDrive”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…StartupApprovedRun: => “com.squirrel.Teams.Teams”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…StartupApprovedRun: => “Spotify”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…StartupApprovedRun: => “Steam”

HKUS-1-5-21-4046646743-2370866350-3589897510-1001…StartupApprovedRun: => “Facebook.MessengerDesktop”

 

==================== FirewallRules (Whitelisted) ================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{28AEF2D8-4627-43A5-9420-D2C0015EC38E}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{C542B00A-A430-4954-8120-AF401927C133}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{3D5E1D67-2216-4232-A72D-661E61F0F0A0}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [{E245A781-A68D-46F3-9BA0-449CC1304A1A}] => (Allow) C:Program Files (x86)SteamSteam.exe (Valve -> Valve Corporation)

FirewallRules: [TCP Query User{EC2F4D1A-33F0-4BC3-8CFC-F2D7311FE2BE}C:userspasathappdataroamingspotifyspotify.exe] => (Allow) C:userspasathappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [UDP Query User{6DC0B4E5-6014-4701-B124-A2BFC12620ED}C:userspasathappdataroamingspotifyspotify.exe] => (Allow) C:userspasathappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)

FirewallRules: [{BE453046-8A66-4939-BE3D-8592763C1449}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{FE1CF638-A4DF-4AF1-ABA6-889DDB9C5A02}] => (Allow) C:Program Files (x86)Steambincefcef.win7steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{C8A0AB17-9788-45F1-8494-E9921593CF64}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CD63375A-DE57-4F2C-88A4-1574E25A98DF}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [TCP Query User{BB1376F4-F9DB-45F9-8A35-C41515A14D08}C:program files (x86)origin gamesstar wars squadronsstarwarssquadrons.exe] => (Allow) C:program files (x86)origin gamesstar wars squadronsstarwarssquadrons.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [UDP Query User{9599AF82-F246-43EF-A7E0-735A0D9B6378}C:program files (x86)origin gamesstar wars squadronsstarwarssquadrons.exe] => (Allow) C:program files (x86)origin gamesstar wars squadronsstarwarssquadrons.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{1FB60EEA-09C4-4D7D-9366-E5821513D92F}] => (Allow) A:SteamLibrarysteamappscommonAssassins Creed OdysseyACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{395A78BB-566E-4BE5-BC7E-F0D059FB9BB4}] => (Allow) A:SteamLibrarysteamappscommonAssassins Creed OdysseyACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )

FirewallRules: [{6C18D35E-F9BE-47F7-91BA-BCB588B7DAD6}] => (Allow) A:SteamLibrarysteamappscommonCities_Skylinesdowser.exe (Paradox Interactive AB (publ) -> )

FirewallRules: [{7F1F0A26-B275-4777-8A36-63207DBCC20C}] => (Allow) A:SteamLibrarysteamappscommonCities_Skylinesdowser.exe (Paradox Interactive AB (publ) -> )

FirewallRules: [TCP Query User{05A4E243-BA62-450B-89AA-E81FABF5688B}A:program filesmodifiablewindowsappshalomccmccbinarieswin64mcc-win64-shipping-winstore.exe] => (Allow) A:program filesmodifiablewindowsappshalomccmccbinarieswin64mcc-win64-shipping-winstore.exe () [File not signed]

FirewallRules: [UDP Query User{A3F2DE1C-FF39-4055-A1CE-A52885AF046C}A:program filesmodifiablewindowsappshalomccmccbinarieswin64mcc-win64-shipping-winstore.exe] => (Allow) A:program filesmodifiablewindowsappshalomccmccbinarieswin64mcc-win64-shipping-winstore.exe () [File not signed]

FirewallRules: [TCP Query User{C38E2E04-6135-487F-989F-998D22340556}C:program fileslghublghub_agent.exe] => (Allow) C:program fileslghublghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [UDP Query User{ECC731D7-E779-4440-B976-D110ABB7666F}C:program fileslghublghub_agent.exe] => (Allow) C:program fileslghublghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [{49D67567-9285-4F04-834C-3DAA6397BFBE}] => (Allow) A:SteamLibrarysteamappscommonPGA TOUR 2K21golf.exe () [File not signed]

FirewallRules: [{F787015A-FADF-4D8E-B7E0-814887E6C383}] => (Allow) A:SteamLibrarysteamappscommonPGA TOUR 2K21golf.exe () [File not signed]

FirewallRules: [TCP Query User{8BBC3C93-7A08-4E0D-A2A8-D1C39CCB1198}C:program fileslghublghub_agent.exe] => (Block) C:program fileslghublghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [UDP Query User{B4D562F8-A728-454A-859F-E27EAF4FF299}C:program fileslghublghub_agent.exe] => (Block) C:program fileslghublghub_agent.exe (Logitech Inc -> Logitech, Inc.)

FirewallRules: [{1B8677D5-FBAB-4EC1-B5F9-C992CF6FD91E}] => (Allow) C:Program Files (x86)SimHubSimHubWPF.exe () [File not signed]

FirewallRules: [{EC935030-FD09-4A2D-9911-015C917F6A70}] => (Allow) C:Program Files (x86)Origin GamesSTAR WARS Squadronsstarwarssquadrons_launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)

FirewallRules: [{27DFF0F5-8F2C-4250-8220-DD9A0E2015B9}] => (Allow) C:Program Files (x86)Origin GamesSTAR WARS Squadronsstarwarssquadrons_launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)

FirewallRules: [TCP Query User{873DCC0C-69FD-4A42-9818-BDEF4F1AA572}C:xamppapachebinhttpd.exe] => (Block) C:xamppapachebinhttpd.exe => No File

FirewallRules: [UDP Query User{7774A7B4-8D5E-46F4-AC9C-57CCB432D252}C:xamppapachebinhttpd.exe] => (Block) C:xamppapachebinhttpd.exe => No File

FirewallRules: [TCP Query User{F78A0DAD-8862-41CC-B378-957695B20D6B}C:program files (x86)bracketsnode.exe] => (Block) C:program files (x86)bracketsnode.exe (Adobe Inc. -> Node.js)

FirewallRules: [UDP Query User{123F15D8-2B11-46D8-ABA6-8B3C7CD3265D}C:program files (x86)bracketsnode.exe] => (Block) C:program files (x86)bracketsnode.exe (Adobe Inc. -> Node.js)

FirewallRules: [{7454C68F-D90F-4171-B184-7368BB5DB799}] => (Allow) C:Program Files (x86)Origin GamesSTAR WARS Battlefront IIstarwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{106AB12E-D3F2-4FAA-8596-3CBFAABFD085}] => (Allow) C:Program Files (x86)Origin GamesSTAR WARS Battlefront IIstarwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{1B352F12-3792-4C92-93B2-A57CBFCD711D}] => (Allow) C:Program Files (x86)Origin GamesSTAR WARS Battlefront IIstarwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [{B66E8B5C-B080-4952-83B9-FEE250B72B21}] => (Allow) C:Program Files (x86)Origin GamesSTAR WARS Battlefront IIstarwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)

FirewallRules: [TCP Query User{782C3D84-47EE-4490-B688-35E14F1848FC}C:userspasathappdatalocalprogramsmessengermessenger.exe] => (Allow) C:userspasathappdatalocalprogramsmessengermessenger.exe (Facebook, Inc. -> Facebook, Inc.)

FirewallRules: [UDP Query User{74EA81FF-D804-40FE-824B-582F179BD7AB}C:userspasathappdatalocalprogramsmessengermessenger.exe] => (Allow) C:userspasathappdatalocalprogramsmessengermessenger.exe (Facebook, Inc. -> Facebook, Inc.)

FirewallRules: [{B6AD8576-6E1E-4510-8819-ACC5EB8C7460}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{A3DBB151-1CEB-46D2-912F-FDF870DCF979}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{B76AD361-C538-470A-88A1-2D3E061D0CAF}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{DF2213A3-6568-498B-AFFD-699AF3D81200}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [TCP Query User{B290ADB2-4AF4-4CA3-BEE7-196B548920FD}C:xamppmysqlbinmysqld.exe] => (Block) C:xamppmysqlbinmysqld.exe => No File

FirewallRules: [UDP Query User{E9B4F951-B284-4020-A8A7-4A40789BEA8F}C:xamppmysqlbinmysqld.exe] => (Block) C:xamppmysqlbinmysqld.exe => No File

FirewallRules: [TCP Query User{1B8EC05B-5C64-426D-92E3-4805245F74B4}C:mampbinapachebinhttpd.exe] => (Allow) C:mampbinapachebinhttpd.exe (Apache Software Foundation) [File not signed]

FirewallRules: [UDP Query User{F0D73998-2842-41DB-BAF2-537C18B89FD7}C:mampbinapachebinhttpd.exe] => (Allow) C:mampbinapachebinhttpd.exe (Apache Software Foundation) [File not signed]

FirewallRules: [TCP Query User{55424F1D-3305-44C0-8A32-97D6683C7EC9}C:mampbinmysqlbinmysqld.exe] => (Allow) C:mampbinmysqlbinmysqld.exe () [File not signed]

FirewallRules: [UDP Query User{2F6640FC-964B-4004-9537-C834BACC9537}C:mampbinmysqlbinmysqld.exe] => (Allow) C:mampbinmysqlbinmysqld.exe () [File not signed]

FirewallRules: [{A2AB05B9-6BBB-463F-925C-2BDD5A525115}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{2D9F0DA6-7CC5-47D7-AE1E-D735C6965A1B}] => (Allow) C:Program Files (x86)Steambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{E146FB11-4914-45F0-BDAB-F4DD9E238A59}] => (Allow) A:SteamLibrarysteamappscommonF1 2018F1_2018.exe (Codemasters Software Company Limited) [File not signed]

FirewallRules: [{C4680713-3BDF-468A-A760-4DE2E36E907B}] => (Allow) A:SteamLibrarysteamappscommonF1 2018F1_2018.exe (Codemasters Software Company Limited) [File not signed]

FirewallRules: [{FDF7B492-5B79-45BD-ADB5-4B3FE6C6B19A}] => (Allow) C:UsersPasathAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{CA3E31E4-FC77-497F-8B4F-2F2385255B59}] => (Allow) C:UsersPasathAppDataRoamingZoombinairhost.exe => No File

FirewallRules: [{345DE735-763F-4C72-B668-571DC4938EBE}] => (Allow) C:UsersPasathAppDataRoamingZoombinairhost.exe => No File

FirewallRules: [{14819A6D-519E-4501-84E7-8B02E574EE20}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{37590DE4-E68C-4F59-A048-A65F985CDD5B}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [TCP Query User{10C995AB-D023-46CA-9C83-9344F43D163F}C:2flightsimulator.exe] => (Block) C:2flightsimulator.exe => No File

FirewallRules: [UDP Query User{0F4859BD-2858-4BF2-AFAE-356BF68ABAC1}C:2flightsimulator.exe] => (Block) C:2flightsimulator.exe => No File

FirewallRules: [{E6F7AF83-E7E0-40AA-B341-51E1B5566166}] => (Allow) A:SteamLibrarysteamappscommonF1 2020F1_2020_dx12.exe (Codemasters Software Company Limited) [File not signed]

FirewallRules: [{E6ACD133-8FC4-4724-BBDE-05A68AF7EEED}] => (Allow) A:SteamLibrarysteamappscommonF1 2020F1_2020_dx12.exe (Codemasters Software Company Limited) [File not signed]

FirewallRules: [{FA2E7857-B774-4344-9A50-CDB14C68D45E}] => (Allow) A:SteamLibrarysteamappscommonF1 2020F1_2020.exe (Codemasters Software Company Limited) [File not signed]

FirewallRules: [{E7715A64-B7CC-4045-A2F5-4DBF58501E50}] => (Allow) A:SteamLibrarysteamappscommonF1 2020F1_2020.exe (Codemasters Software Company Limited) [File not signed]

FirewallRules: [TCP Query User{FC59EFF9-A8C9-42C4-B462-A8ADA19EE3C0}A:snowrunneren_ussourcesbinsnowrunner.exe] => (Block) A:snowrunneren_ussourcesbinsnowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)

FirewallRules: [UDP Query User{57500507-B3B6-41BC-99A6-7AA0F657DAA1}A:snowrunneren_ussourcesbinsnowrunner.exe] => (Block) A:snowrunneren_ussourcesbinsnowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)

FirewallRules: [TCP Query User{6C9C94FA-788A-42AC-85AD-2FC65DE7A53C}C:7flightsimulator.exe] => (Allow) C:7flightsimulator.exe => No File

FirewallRules: [UDP Query User{5B7500C6-5E00-4253-964D-D52F3F90D2F6}C:7flightsimulator.exe] => (Allow) C:7flightsimulator.exe => No File

FirewallRules: [{AA087F59-BD5F-4045-BFA1-6E61A1391D35}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouse.exe (remotemouse.net) [File not signed]

FirewallRules: [{4616A7E9-4BA9-4B8D-8D33-E40C0D684D97}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouse.exe (remotemouse.net) [File not signed]

FirewallRules: [{10F8D6C0-BEF7-4121-9CD8-A65D7E05EDFD}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouseCore.exe (RemoteMouse.net) [File not signed]

FirewallRules: [{E79F21EF-B372-441C-BE8E-790B3219F6D8}] => (Allow) C:Program Files (x86)Remote MouseRemoteMouseCore.exe (RemoteMouse.net) [File not signed]

FirewallRules: [{EC25C457-C852-4307-9DCC-131EACCB833C}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{743D0A9F-D877-4A3A-914B-13D19C98BC21}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{607D9843-21FF-47D5-8070-48A672695A5B}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{B37D4AC1-F9C3-446D-A741-1DE91964B1CE}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{B0A5D326-B1CF-4C0C-8A4F-6D458B55E018}] => (Allow) C:Program FilesNVIDIA CorporationNvContainernvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{51AC52C0-0A83-4598-91B7-8D40BB207E53}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{170985C7-E730-4803-B332-426C1066DF2C}] => (Allow) C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)

FirewallRules: [{7D138627-B9F6-4C30-8579-475E4A0B78C6}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{470643E2-A8AC-47E0-BF16-76F4C783B2F0}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{FC70D57C-910D-4EAA-B962-BD63F32918BD}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{4B23789D-8288-49B2-9D4B-D2EE5AE328D2}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{520C57DE-7A9F-4B95-9C68-745C9AEDAD90}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)

FirewallRules: [{0E702018-8F00-4E88-97C8-2BB22B3DBF4C}] => (Allow) C:Program Files (x86)MicrosoftEdgeWebViewApplication91.0.864.64msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{B9723321-66F6-40B2-AA9D-675DE0F971AB}] => (Allow) C:WindowsMicrosoft.NETFramework64v4.0.30319MSBuild.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{87B5AFBC-7C77-400B-8721-AF08EFC3DD5D}] => (Allow) C:WindowsMicrosoft.NETFramework64v4.0.30319MSBuild.exe (Microsoft Corporation -> Microsoft Corporation)

 

==================== Restore Points =========================

 

25-06-2021 03:01:10 Scheduled Checkpoint

30-06-2021 22:23:58 Installed Node.js

01-07-2021 23:16:39 Installed Node.js

06-07-2021 10:02:48 Windows Modules Installer

 

==================== Faulty Device Manager Devices ============

 

 

==================== Event log errors: ========================

 

Application errors:

==================

Error: (07/07/2021 10:56:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Brackets.exe, version: 1.14.2.0, time stamp: 0x5e82f6b5

Faulting module name: libcef.dll, version: 3.2623.1401.0, time stamp: 0x5af14176

Exception code: 0x80000003

Fault offset: 0x00199179

Faulting process ID: 0x36bc

Faulting application start time: 0x01d7732f79c783fa

Faulting application path: C:Program Files (x86)BracketsBrackets.exe

Faulting module path: C:Program Files (x86)Bracketslibcef.dll

Report ID: cfbb53d7-951b-4d37-9cc7-095d9b7a5e97

Faulting package full name: 

Faulting package-relative application ID:

 

Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 1.0.7.F.E.9.4.6.E.E.C.1.F.5.C.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-97O75D8-2.local.

 

Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353   23 1.0.7.F.E.9.4.6.E.E.C.1.F.5.C.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-97O75D8.local.

 

Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 11.1.168.192.in-addr.arpa. PTR DESKTOP-97O75D8-2.local.

 

Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353   23 11.1.168.192.in-addr.arpa. PTR DESKTOP-97O75D8.local.

 

Error: (07/07/2021 08:40:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname DESKTOP-97O75D8.local already in use; will try DESKTOP-97O75D8-2.local instead

 

Error: (07/07/2021 08:40:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-97O75D8.local. Addr 192.168.1.11

 

Error: (07/07/2021 08:40:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353   16 DESKTOP-97O75D8.local. AAAA FD44:C346:801D:7F00:3C5F:1CEE:649E:F701

 

 

System errors:

=============

Error: (07/07/2021 08:40:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Server service terminated with the following error: 

A system shutdown is in progress.

 

Error: (07/07/2021 08:39:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Server service terminated with the following error: 

A system shutdown is in progress.

 

 

Windows Defender:

================

Date: 2021-07-05 19:25:56

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Behavior:Win32/SilentCleanupUACBypass.B

Severity: Severe

Category: Suspicious Behaviour

Path: behavior:_pid:13748:157999162968573; process:_pid:13748,ProcessStart:132699507467359969

Detection Origin: Unknown

Detection Type: Concrete

Detection Source: Unknown

Process Name: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe

Security intelligence Version: AV: 1.343.424.0, AS: 1.343.424.0, NIS: 1.343.424.0

Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

 

Date: 2021-07-05 19:25:56

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Behavior:Win32/SilentCleanupUACBypass.B

Severity: Severe

Category: Suspicious Behaviour

Path: behavior:_pid:13748:157999162968573; process:_pid:13748,ProcessStart:132699507467359969

Detection Origin: Unknown

Detection Type: Concrete

Detection Source: Unknown

Process Name: Unknown

Security intelligence Version: AV: 1.343.424.0, AS: 1.343.424.0, NIS: 1.343.424.0

Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

 

Date: 2021-07-05 19:25:56

Description: 

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: Behavior:Win32/UACBypassExp.ZI

Severity: Severe

Category: Suspicious Behaviour

Path: behavior:_pid:13748:63445193320407; process:_pid:13748,ProcessStart:132699507467359969; regkeyvalue:_HKCU@S-1-5-21-4046646743-2370866350-3589897510-1001ENVIRONMENT\windir

Detection Origin: Unknown

Detection Type: Concrete

Detection Source: System

Process Name: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe

Security intelligence Version: AV: 1.343.424.0, AS: 1.343.424.0, NIS: 1.343.424.0

Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4

 

Date: 2021-07-04 23:18:44

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-03 03:07:41

Description: 

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

 

Date: 2021-07-06 23:26:36

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 

Previous security intelligence Version: 1.343.424.0

Update Source: Microsoft Update Server

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version: 

Previous Engine Version: 1.1.18300.4

Error code: 0x80245006

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

 

Date: 2021-06-29 18:55:20

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.25.0

Previous security intelligence Version: 1.341.1603.0

Update Source: User

Security intelligence Type: AntiSpyware

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-29 18:55:20

Description: 

Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version: 1.343.25.0

Previous security intelligence Version: 1.341.1603.0

Update Source: User

Security intelligence Type: AntiVirus

Update Type: Delta

Current Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

Date: 2021-06-29 18:55:20

Description: 

Microsoft Defender Antivirus has encountered an error trying to update the engine.

New Engine Version: 1.1.18300.4

Previous Engine Version: 1.1.18200.4

Error Code: 0x80070666

Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 

 

CodeIntegrity:

===============

Date: 2021-07-07 23:38:42

Description: 

Code Integrity determined that a process (DeviceHarddiskVolume3Program FilesMalwarebytesAnti-MalwareMBAMService.exe) attempted to load DeviceHarddiskVolume3Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

BIOS: American Megatrends Inc. A.40 10/29/2020

Motherboard: Micro-Star International Co., Ltd. MAG B550 TOMAHAWK (MS-7C91)

Processor: AMD Ryzen 5 5600X 6-Core Processor 

Percentage of memory in use: 49%

Total physical RAM: 16310.23 MB

Available physical RAM: 8171.81 MB

Total Virtual: 18742.23 MB

Available Virtual: 6161.32 MB

 

==================== Drives ================================

 

Drive a: (Storage space) (Fixed) (Total:929.87 GB) (Free:463.34 GB) NTFS

Drive c: () (Fixed) (Total:476.33 GB) (Free:106.42 GB) NTFS

 

\?Volume{88fc7838-9216-48d4-8493-d63f65832538} () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

\?Volume{d4254ab3-3e05-7338-9ede-92af589098f5} () (Fixed) (Total:42.14 GB) (Free:0 GB) NTFS

\?Volume{809cacdc-fba7-c4a2-aaf1-24f87a59cde9} () (Fixed) (Total:11.2 GB) (Free:0 GB) NTFS

\?Volume{17b9d833-c057-dc2f-8afe-e0747553a43c} () (Fixed) (Total:0 GB) (Free:0 GB) NTFS

\?Volume{9edf256d-2173-9bd6-5e4b-a6f2756c24f3} () (Fixed) (Total:1.64 GB) (Free:0 GB) NTFS

\?Volume{e13a6857-7c48-65d6-5d51-3391bc089caf} () (Fixed) (Total:20.72 GB) (Free:0 GB) NTFS

\?Volume{4c4c3351-e238-e9eb-7c90-ae17745024c5} () (Fixed) (Total:0.55 GB) (Free:0 GB) NTFS

\?Volume{22b95a43-09ae-4da9-a274-67ec19f49315} () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ====================

 

==========================================================

Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==========================================================

Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==========================================================

Disk: 2 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

 

Partition: GPT.

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 3.

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 4.

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 5.

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 6.

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 7.

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 8.

Attempted reading MBR returned 0 bytes.

 Could not read MBR for disk 9.

 

==================== End of Addition.txt =======================

 




Original Source by [author_name]

Leave a Reply

Your email address will not be published. Required fields are marked *

+ sixty four = seventy two