Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think my computer might be infected [Solved]

Started by adifrank , May 16 2021 10:03 AM

  • This topic is locked This topic is locked

#16
DR M
Posted 17 May 2021 - 10:42 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Thanks.

 

Please move on to the next steps: 

  • Eset Online Scan
  • Fresh FRST logs

  • 0

Advertisements

#17
adifrank
Posted 17 May 2021 - 10:43 AM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

The only thing I did differently in the 2nd scan is I quit Google Chrome in the taskbar before hitting continue


  • 0

#18
adifrank
Posted 17 May 2021 - 10:44 AM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

 

Thanks.

 

Please move on to the next steps: 

  • Eset Online Scan
  • Fresh FRST logs

 

 

Will do. Thanks!


  • 0

#19
DR M
Posted 17 May 2021 - 10:45 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

The only thing I did differently in the 2nd scan is I quit Google Chrome in the taskbar before hitting continue

 

Thanks for letting me know.  :thumbsup:


  • 0

#20
adifrank
Posted 17 May 2021 - 10:55 AM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Sanity check:

 

You wrote:

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.

but the file that downloaded to my desktop is named esetonlinescanner.exe without the "_enu". Is that okay?


  • 0

#21
DR M
Posted 17 May 2021 - 10:57 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Sanity check:

 

You wrote:

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.

but the file that downloaded to my desktop is named esetonlinescanner.exe without the "_enu". Is that okay?

 

 

Yes, it's OK. It's the same executable file. 


  • 0

#22
adifrank
Posted 17 May 2021 - 11:19 AM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
  • ESET will now begin scanning your computer. This may take some time, perhaps a couple of hours or more, so you can have your coffee or do something else in the mean time.

 

Can I use my computer while this is running? For work I remote to my office using a VPN Cisco AnyConnect which disables internet access on my local computer, except for the direct connection to my company's network. Will I be able to continue working remotely this way while ESET is scanning, or should I wait with proceeding the next steps until after work?


  • 0

#23
DR M
Posted 17 May 2021 - 11:21 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Since there is the remote/VPN usage, I would prefer you to do the scan when there is nothing like that to interfere with the process. 


  • 0

#24
adifrank
Posted 18 May 2021 - 07:49 AM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Okay, ESET scan was still going when I went to bed. Looks like it took over 4 hours, but I have results!

So going back to the 3 steps you requested from post #10:

 

1. AdwCleaner logs already posted in post #15

 

2. ESET log:

 

18-May-21 9:28:37 AM
Files scanned: 896672
Detected files: 3
Cleaned files: 3
Total scan time 04:35:32
Scan status: Finished
 
 
C:\Program Files (x86)\Auslogics\Duplicate File Finder\GoogleAnalyticsHelper.dll a variant of Win32/Auslogics.AA potentially unwanted application cleaned by deleting
C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\2.18.4_0\content\background.js JS/Chromex.Agent.BE trojan cleaned by deleting
C:\Users\adi\AppData\Local\NordVPN\Updates\channel-23\6.31.5.0\j5wnhfh0.exe a variant of Win32/NSSM.D potentially unsafe application cleaned by deleting
 
3. Fresh FRST logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-05-2021
Ran by adi (administrator) on ADI-SAGER-NP815 (Notebook P65xRP) (18-05-2021 09:33:04)
Running from C:\Users\adi\Desktop
Loaded Profiles: adi
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Software -> Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Red Giant   LLC -> Red Giant LLC) C:\Program Files\Red Giant\Services\Red Giant Service.exe
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(Steven Mayall) [File not signed] C:\Users\adi\OneDrive\MusicBee\MusicBee.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18378208 2017-06-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2016-10-11] (GoPro, Inc. -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\FocusriteUSB\Focusrite Notifier.exe [5029376 2020-06-02] (Focusrite Audio Engineering, Ltd.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [MOTUMSeries.exe] => C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe [239736 2021-03-26] (Mark of the Unicorn, Inc -> MOTU)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-06-15] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8172264 2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-12] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [272200 2017-04-01] (SecureW2 -> SecureW2 B.V.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5237432 2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-11-19] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11219376 2020-12-25] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680728 2021-05-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [electron.app.FontBase] => C:\Users\adi\AppData\Local\Programs\FontBase\FontBase.exe [131458184 2021-04-22] (Dominik Levitsky Studio, LLC -> Dominik Levitsky Studio, LLC)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [109961080 2021-04-23] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [277688 2021-03-31] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5536440 2021-04-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [GoogleChromeAutoLaunch_07E978E6F2BBB4AB0BC801F515EC9ED3] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\...\Windows x64\Print Processors\Canon TS6300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFQ.DLL [509952 2019-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65496 2021-02-02] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6300 series: C:\Windows\system32\CNMLMFQ.DLL [940032 2019-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 7212 Status Monitor: C:\Windows\system32\hpinksts7212LM.dll [336904 2014-07-15] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\MONVNC: C:\Windows\system32\VNCpm.dll [37704 2017-05-19] (RealVNC Ltd -> RealVNC Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
Startup: C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\REAPER (x64).lnk [2016-10-17]
ShortcutTarget: REAPER (x64).lnk -> C:\Program Files\REAPER (x64)\reaper.exe (Cockos Incorporated -> Cockos Incorporated)
Startup: C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2021-03-17] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2021-05-08]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NotificationTool.lnk [2020-03-17]
ShortcutTarget: NotificationTool.lnk -> C:\Program Files (x86)\Canon\hdAlbum EZ\NotificationTool.exe (Canon Inc. -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-05-08]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BCC5260-9A56-44FE-93DD-2C695686C3CC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0ED6B4DC-1B10-4021-9EF7-D211C17B15E7} - System32\Tasks\update-S-1-5-21-884149921-2065793029-3257327610-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {22F2CFAF-54BE-4118-B7A3-7472D78BEA03} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2A79E818-FBC7-4F42-A9D9-367DC66CEA93} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C8BF2A6-2805-4280-9E31-ED611AEBA9D8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3EB9C998-FE96-460C-AC28-F3FFB6E0624B} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [8906097 2017-10-01] () [File not signed]
Task: {4651E58D-A552-47BD-B28F-79A728C8E251} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5174C6D2-5698-4A7A-87DB-7102203AE592} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {5C15533D-EADC-4C58-94D4-D80AEB769C16} - System32\Tasks\Core Temp Autostart adi => C:\Program Files\Core Temp\Core Temp.exe [1031512 2021-04-01] (ALCPU -> ALCPU)
Task: {5E9DC04A-2971-4D85-AA35-BBC137944873} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {612D0098-5821-4ADE-B1DE-6FBE759FEC0C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\adi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007456 2021-05-17] (ESET, spol. s r.o. -> ESET)
Task: {69C8F1A7-A15F-44C8-A1EE-6DBCC06E327B} - System32\Tasks\G2MUpdateTask-S-1-5-21-884149921-2065793029-3257327610-1001 => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6E46AFF3-57C2-428A-8146-B1A0C00A6A1A} - System32\Tasks\G2MUploadTask-S-1-5-21-884149921-2065793029-3257327610-1001 => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {729D9C1F-1CA6-4523-B7F3-CCB4555FF5AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {72E6BDBA-196D-4481-A45A-B7EEB13DD79E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7C7FACA0-0372-4957-B99A-08EE3752F2F8} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe [775624 2017-05-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {7FEE5859-8A4A-47FD-A47D-966619876F44} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel® Software -> Intel Corporation)
Task: {821924CF-3EA7-400C-BB3C-DF875FA62BDD} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\adi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007456 2021-05-17] (ESET, spol. s r.o. -> ESET)
Task: {86C6CB61-A780-4705-9AB7-0263EB845757} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A4671DD-76B1-492C-A260-03FD318CCF7E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {91CB1EDC-9453-4EC7-A81F-BB0445F5A865} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {97319470-700A-48EE-8B24-C4E39FAD6F3B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9E9804BC-E9C4-486B-BF3A-FD1BA5C55216} - System32\Tasks\AdobeAAMUpdater-1.0-ADI-SAGER-NP815-adi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A41481F8-DC44-4DC8-BB45-5193ABE80B4B} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [272200 2017-04-01] (SecureW2 -> SecureW2 B.V.)
Task: {A44BB0C9-12EA-4457-897B-59A93DD7214F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A8A6EC50-3DCA-4546-BA48-528CCB70A456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-06] (Google Inc -> Google Inc.)
Task: {AB1707CA-B9D6-4CC2-80DC-D4BAC12A99F6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {AE101B01-06C0-4235-90BE-86350A263F31} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {B06D27E3-7D2A-4C93-A42D-D9AEA49BD238} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B29E7BF2-F784-461E-8E51-E9B932CAEFD7} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B592B25B-2A7D-412D-81A6-CF1028E4BC72} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BFDE5ABC-FD46-4294-9FF0-4B1CB065A3EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF6E6289-558A-4089-9E69-7531A3D5CB18} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8F36848-463F-4556-BED9-86C69020E71B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-06-14] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {E0DEE545-20F7-40DE-9A97-44CCDD7D1400} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E9DE3553-B392-4D41-A0FA-CA3AF67B0E60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-06] (Google Inc -> Google Inc.)
Task: {EE639C2E-FAE1-4640-8F4B-543D2292F390} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F55CDAA6-4823-4BC8-A21F-D4946602CA32} - System32\Tasks\Shutdown Timer => C:\Windows\System32\shutdown.exe [28160 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-884149921-2065793029-3257327610-1001.job => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-884149921-2065793029-3257327610-1001.job => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupload.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-884149921-2065793029-3257327610-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3fe6f436-7650-4b16-a0aa-f6030e351046}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{64cd7018-885b-42af-8866-a4e533a6a5b1}: [NameServer] 10.2.51.103,10.2.51.104
Tcpip\..\Interfaces\{713192c5-b3fd-453b-bc0e-3fcebd0d6786}: [NameServer] 10.2.51.103,10.2.51.104
Tcpip\..\Interfaces\{dcc70bb8-6a97-4d78-adf8-9fc27e189e96}: [DhcpNameServer] 192.168.0.1
 
Edge: 
=======
Edge Profile: C:\Users\adi\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-17]
 
FireFox:
========
FF DefaultProfile: kijmnzo9.default
FF ProfilePath: C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release [2021-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release\Extensions\[email protected] [2021-05-06]
FF Extension: (LastPass: Free Password Manager) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release\Extensions\[email protected] [2021-05-06]
FF Extension: (uBlock Origin) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release\Extensions\[email protected] [2021-05-06]
FF ProfilePath: C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\kijmnzo9.default [2021-05-16]
FF Session Restore: Mozilla\Firefox\Profiles\kijmnzo9.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\kijmnzo9.default -> hxxps://exodusmovement.slack.com; hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://voice.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\kijmnzo9.default\Extensions\[email protected] [2020-01-10]
FF Extension: (LastPass: Free Password Manager) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\kijmnzo9.default\Extensions\[email protected] [2020-03-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-01-05] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-12] (Adobe Inc. -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-01-05] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-12] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default [2021-05-18]
CHR Notifications: Default -> hxxps://helpx.adobe.com; hxxps://voice.google.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Translate) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-19]
CHR Extension: (Slides) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-05]
CHR Extension: (YouTube) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-06]
CHR Extension: (Honey) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-05-13]
CHR Extension: (Advanced Font Settings) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2016-10-14]
CHR Extension: (Google News) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2019-11-12]
CHR Extension: (Google Keep) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilembjdkfgodjkcjnpgpaenohkicgjd [2021-02-21]
CHR Extension: (Google Calendar) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-03-20]
CHR Extension: (Sheets) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-05-02]
CHR Extension: (Google Photos) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-10-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-05-06]
CHR Extension: (feedly) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2017-08-15]
CHR Extension: (Window Resizer) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2020-03-29]
CHR Extension: (Google Maps) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-10-14]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-05-14]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2020-07-04]
CHR Extension: (Google Hangouts) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR Extension: (Password Checkup extension) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncabnpcffmalkkjpajodfhijclecjno [2020-09-13]
CHR Profile: C:\Users\adi\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-16]
CHR Profile: C:\Users\adi\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-12] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel® Software Development Products -> )
S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Incorporated -> Foxit Software Inc.)
S2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-10-11] (GoPro, Inc. -> )
S2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [256480 2015-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> )
S2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] (Shrew Soft Inc -> )
S2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] (Shrew Soft Inc -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
R2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [18832256 2021-02-18] (Native Instruments GmbH -> Native Instruments GmbH)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-03-31] (TEFINCOM S.A. -> TEFINCOM S.A.)
S4 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [30208 2016-08-09] (CLEVO CO.) [File not signed]
R2 Red Giant Service; C:\Program Files\Red Giant\Services\Red Giant Service.exe [5976136 2020-02-06] (Red Giant   LLC -> Red Giant LLC)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel® Software Development Products -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12054872 2019-10-10] (TeamViewer GmbH -> TeamViewer GmbH)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel® Software Development Products -> )
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5848656 2017-05-19] (RealVNC Ltd -> RealVNC Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys [33496 2015-07-17] (Insyde Software Corp. -> Insyde Corporation)
R3 ALSysIO; C:\Users\adi\AppData\Local\Temp\ALSysIO64.sys [47240 2021-05-17] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 Focusriteusb; C:\WINDOWS\System32\drivers\Focusriteusb.sys [123456 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R3 FocusriteusbSwRoot; C:\WINDOWS\System32\drivers\FocusriteusbSwRoot.sys [92568 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
S3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [87912 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R0 FPWinIo; C:\WINDOWS\System32\drivers\FPWinIo.sys [23536 2014-10-07] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
R3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [51400 2015-11-26] (Insyde Software Corp. -> Insyde Software Corp.)
R3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [48344 2015-11-26] (Insyde Software Corp. -> Insyde Software Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-27] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
R3 MOTUCoreUAC; C:\WINDOWS\System32\Drivers\MOTUCoreUAC.sys [131096 2021-03-26] (Mark of the Unicorn, Inc -> MOTU, Inc)
R3 MpKslfeb3bb70; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0588F8FF-D211-421B-A366-F73C65AF7548}\MpKslDrv.sys [107744 2021-05-18] (Microsoft Windows -> Microsoft Corporation)
S3 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-02-01] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-10-24] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Savitech Corp. -> Windows ® Win 7 DDK provider)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-05-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45048 2017-04-25] (ExprsVPN LLC -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-06-13] (TEFINCOM S.A. -> The OpenVPN Project)
R1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Shrew Soft Inc)
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Shrew Soft Inc)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-11-19] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-18 09:32 - 2021-05-18 09:32 - 000000000 ____D C:\Users\adi\Desktop\FRST-OlderVersion
2021-05-18 09:29 - 2021-05-18 09:29 - 000003850 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-05-18 09:29 - 2021-05-18 09:29 - 000003408 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-05-18 09:29 - 2021-05-18 09:29 - 000001276 _____ C:\Users\adi\Desktop\eset.txt
2021-05-17 15:43 - 2021-05-17 15:43 - 000000418 _____ C:\Users\adi\Desktop\sgf-newyork.txt
2021-05-17 14:51 - 2021-05-17 14:51 - 000000000 ____D C:\Users\adi\Desktop\2 files from SDi_05-17-2021 12.35.50 pm
2021-05-17 14:04 - 2021-05-17 14:05 - 000000000 ____D C:\Users\adi\AppData\Roaming\RingCentralMeetings
2021-05-17 14:04 - 2021-05-17 14:04 - 000002240 _____ C:\Users\adi\Desktop\RingCentral Meetings.lnk
2021-05-17 14:04 - 2021-05-17 14:04 - 000000000 ____D C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RingCentral Meetings
2021-05-17 13:14 - 2021-05-17 20:41 - 000001429 _____ C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-05-17 13:14 - 2021-05-17 20:41 - 000001323 _____ C:\Users\adi\Desktop\ESET Online Scanner.lnk
2021-05-17 13:14 - 2021-05-17 13:14 - 000000000 ____D C:\Users\adi\AppData\Local\ESET
2021-05-17 12:53 - 2021-05-17 12:53 - 011697056 _____ (ESET) C:\Users\adi\Desktop\esetonlinescanner.exe
2021-05-17 11:21 - 2021-05-17 12:02 - 000000000 ____D C:\AdwCleaner
2021-05-17 11:20 - 2021-05-17 11:20 - 008534696 _____ (Malwarebytes) C:\Users\adi\Desktop\AdwCleaner.exe
2021-05-16 15:20 - 2021-05-16 16:06 - 000013146 _____ C:\Users\adi\Desktop\Fixlog.txt
2021-05-16 11:25 - 2021-05-18 09:34 - 000040586 _____ C:\Users\adi\Desktop\FRST.txt
2021-05-16 11:24 - 2021-05-18 09:33 - 000000000 ____D C:\FRST
2021-05-16 11:16 - 2021-05-18 09:32 - 002299392 _____ (Farbar) C:\Users\adi\Desktop\FRST64.exe
2021-05-16 09:45 - 2021-05-16 09:45 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-15 21:43 - 2021-05-15 21:43 - 000001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2021-05-15 21:43 - 2021-05-15 21:43 - 000000000 ____D C:\Users\adi\AppData\Roaming\MusicBrainz
2021-05-15 21:43 - 2021-05-15 21:43 - 000000000 ____D C:\Users\adi\AppData\Local\MusicBrainz
2021-05-15 21:43 - 2021-05-15 21:43 - 000000000 ____D C:\Program Files\MusicBrainz Picard
2021-05-15 19:09 - 2021-05-15 19:09 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-05-13 19:53 - 2021-05-13 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-05-13 13:31 - 2021-05-13 13:31 - 000000341 _____ C:\Users\adi\Desktop\FORMEETING.txt
2021-05-13 10:01 - 2021-05-13 10:01 - 001445813 _____ C:\Users\adi\Desktop\f4868 Adar p1.pdf
2021-05-12 17:46 - 2021-05-12 17:46 - 001453372 _____ C:\Users\adi\Desktop\f4868 2020 p1.pdf
2021-05-12 09:12 - 2021-05-12 09:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 09:12 - 2021-05-12 09:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 09:12 - 2021-05-12 09:12 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 09:12 - 2021-05-12 09:12 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 09:12 - 2021-05-12 09:12 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 09:12 - 2021-05-12 09:12 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 09:12 - 2021-05-12 09:12 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 09:12 - 2021-05-12 09:12 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 09:12 - 2021-05-12 09:12 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 09:12 - 2021-05-12 09:12 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 09:12 - 2021-05-12 09:12 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-12 09:12 - 2021-05-12 09:12 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-12 09:04 - 2021-05-12 09:04 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2021.lnk
2021-05-12 09:01 - 2021-05-12 09:01 - 000001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 2021.lnk
2021-05-12 08:59 - 2021-05-12 08:59 - 000001257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2021.lnk
2021-05-12 08:55 - 2021-05-12 08:55 - 000001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2021.lnk
2021-05-11 17:25 - 2021-05-11 17:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-05-11 17:25 - 2021-05-11 17:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-05-11 17:25 - 2021-05-11 17:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-05-11 17:25 - 2021-05-11 17:25 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-05-08 23:01 - 2021-05-08 23:01 - 001276184 _____ C:\Users\adi\Desktop\screencapture-myaccount-uscis-gov-users-questions-2021-05-08-23_01_06.pdf
2021-05-08 16:02 - 2021-05-08 16:02 - 000001070 _____ C:\Users\Public\Desktop\Kontakt.lnk
2021-05-08 16:02 - 2021-05-08 16:02 - 000001070 _____ C:\ProgramData\Desktop\Kontakt.lnk
2021-05-08 16:02 - 2021-05-08 16:02 - 000000000 __HDC C:\ProgramData\{A71EF853-314A-46F6-BBED-73149F3D8B43}
2021-05-08 15:56 - 2021-05-08 15:56 - 000001164 _____ C:\Users\Public\Desktop\Komplete Kontrol.lnk
2021-05-08 15:56 - 2021-05-08 15:56 - 000001164 _____ C:\ProgramData\Desktop\Komplete Kontrol.lnk
2021-05-08 15:56 - 2021-05-08 15:56 - 000000000 __HDC C:\ProgramData\{411E17DB-5B57-4F1D-A50B-C624FDD55C04}
2021-05-08 15:55 - 2021-05-08 15:55 - 000000000 __HDC C:\ProgramData\{8BA2904A-CDA7-4C5D-930F-08C47D4AE2E1}
2021-05-08 15:55 - 2021-05-08 15:55 - 000000000 __HDC C:\ProgramData\{6945C421-BC7D-4621-AED5-084E11AE3726}
2021-05-08 15:55 - 2021-05-08 15:55 - 000000000 ____D C:\Program Files\Common Files\Steinberg
2021-05-08 15:54 - 2021-05-08 15:54 - 000001174 _____ C:\Users\Public\Desktop\Controller Editor.lnk
2021-05-08 15:54 - 2021-05-08 15:54 - 000001174 _____ C:\ProgramData\Desktop\Controller Editor.lnk
2021-05-08 15:54 - 2021-05-08 15:54 - 000000000 __HDC C:\ProgramData\{4938857D-54DB-4BDA-8E99-5E6238E20FC7}
2021-05-08 15:47 - 2021-05-08 15:47 - 000000000 __HDC C:\ProgramData\{8C4FEDD5-1BF9-48A8-82A5-765D1975BF67}
2021-05-08 15:46 - 2021-05-08 15:46 - 000000000 ____D C:\Users\Public\Documents\Expansions Selection
2021-05-08 15:46 - 2021-05-08 15:46 - 000000000 ____D C:\ProgramData\Documents\Expansions Selection
2021-05-08 15:44 - 2021-05-08 15:44 - 000000000 __HDC C:\ProgramData\{99B72EA3-D9F9-4199-AC97-D3EACEFBB031}
2021-05-08 15:44 - 2021-05-08 15:44 - 000000000 ____D C:\Users\Public\Documents\Blocks Base
2021-05-08 15:44 - 2021-05-08 15:44 - 000000000 ____D C:\ProgramData\Documents\Blocks Base
2021-05-08 15:24 - 2021-05-08 16:47 - 000000000 ____D C:\Users\adi\AppData\Roaming\com.spitfireaudio
2021-05-08 15:04 - 2021-05-08 15:04 - 000001134 _____ C:\Users\Public\Desktop\Native Access.lnk
2021-05-08 15:04 - 2021-05-08 15:04 - 000001134 _____ C:\ProgramData\Desktop\Native Access.lnk
2021-05-08 15:04 - 2021-05-08 15:04 - 000000000 __HDC C:\ProgramData\{D651086F-B9C2-4015-B429-A08BA3A77606}
2021-05-08 14:57 - 2021-05-08 14:57 - 000000000 ____D C:\Users\adi\Desktop\Ivy_Audio-Carpenter_Trombone
2021-05-08 14:06 - 2021-05-08 14:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-05-07 22:01 - 2021-05-07 22:01 - 000000000 ____D C:\Users\adi\AppData\Roaming\Spitfire Audio
2021-05-07 22:01 - 2021-05-07 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spitfire Audio
2021-05-07 22:01 - 2021-05-07 22:01 - 000000000 ____D C:\Program Files (x86)\Spitfire Audio
2021-05-07 22:00 - 2021-05-07 22:00 - 004396664 _____ (Spitfire Audio Holdings Ltd ) C:\Users\adi\Desktop\SpitfireAudioWinSetup-3.2.20.exe
2021-05-07 21:33 - 2021-05-16 19:51 - 000000000 ____D C:\Users\adi\AppData\Roaming\vital
2021-05-07 21:29 - 2021-05-07 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vital
2021-05-07 21:28 - 2021-05-07 21:29 - 000000000 ____D C:\Program Files\Vital
2021-05-07 21:27 - 2021-05-07 21:27 - 028132768 _____ ( ) C:\Users\adi\Desktop\VitalInstaller.exe
2021-05-07 10:05 - 2021-05-08 16:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-05 16:27 - 2021-05-05 16:27 - 000187980 _____ C:\Users\adi\Desktop\REFNUM_C1011791d21ef067137b54b2de.pdf
2021-05-02 22:26 - 2021-05-02 22:26 - 000000000 ____D C:\Users\adi\AppData\Local\BandLab_Singapore_Pte_Ltd
2021-04-30 22:23 - 2021-04-30 22:23 - 000000000 ____D C:\Users\adi\Documents\Reaper-Actions
2021-04-30 19:56 - 2021-04-30 19:56 - 000000000 ____D C:\Users\adi\Downloads\Cakewalk
2021-04-30 08:41 - 2021-04-30 08:41 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk
2021-04-27 23:40 - 2021-05-08 00:07 - 000000809 _____ C:\Users\adi\Desktop\vst-plugins-good.txt
2021-04-27 09:14 - 2021-04-27 09:14 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-26 09:28 - 2021-04-26 09:28 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71adf2fb9e6ed
2021-04-22 19:00 - 2021-04-22 19:00 - 000000000 ____D C:\Users\adi\Downloads\Toni Erdmann 2016 720p [FOXM.TO]
2021-04-22 18:57 - 2021-04-22 18:57 - 000000000 ____D C:\Users\adi\Downloads\Distant.Voices.Still.Lives.1988.1080p.BluRay.H264.AAC-RARBG
2021-04-22 18:46 - 2021-04-22 18:46 - 000000000 ____D C:\Users\adi\Downloads\Eternity and a Day (Theo Angelopoulos 1998)
2021-04-21 19:23 - 2021-04-21 19:23 - 008799800 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw06.sys
2021-04-21 19:23 - 2021-04-21 19:23 - 001418808 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter06.dll
2021-04-21 18:52 - 2021-04-21 18:52 - 002632800 _____ C:\WINDOWS\system32\Drivers\Netwfw06.dat
2021-04-19 11:43 - 2021-04-19 11:43 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2021.lnk
2021-04-19 09:53 - 2021-05-12 08:49 - 000001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-18 09:34 - 2016-09-29 14:45 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-18 09:28 - 2021-03-16 23:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-18 09:28 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-18 08:43 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-18 05:32 - 2019-10-02 00:39 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-18 05:32 - 2019-10-02 00:39 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-05-18 00:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-17 20:10 - 2017-01-11 15:54 - 000002260 ____H C:\Users\adi\Documents\Default.rdp
2021-05-17 20:04 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-05-17 14:50 - 2021-03-16 23:43 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-17 14:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-17 12:25 - 2016-10-15 16:21 - 000000000 ____D C:\Users\adi\Documents\ShareX
2021-05-17 12:02 - 2021-03-30 12:23 - 000000000 ____D C:\Users\adi\AppData\Roaming\FontBase
2021-05-17 09:36 - 2016-10-14 21:35 - 000000000 ___RD C:\Users\adi\Creative Cloud Files
2021-05-17 09:35 - 2016-10-06 23:02 - 000000000 ___RD C:\Users\adi\OneDrive
2021-05-17 09:34 - 2021-03-16 23:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-17 09:34 - 2021-03-16 23:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-17 09:34 - 2017-08-20 10:27 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-17 09:34 - 2016-10-17 13:00 - 000000000 __SHD C:\Users\adi\IntelGraphicsProfiles
2021-05-16 16:13 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-16 15:36 - 2016-10-14 21:53 - 000000000 ____D C:\Users\adi\AppData\LocalLow\Temp
2021-05-16 15:21 - 2017-04-19 20:38 - 000277264 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-05-16 10:53 - 2017-03-17 23:59 - 000000000 ____D C:\Users\adi\AppData\Roaming\FreeFileSync
2021-05-16 10:06 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-15 23:03 - 2021-03-16 23:34 - 000000000 ____D C:\Users\adi
2021-05-15 21:43 - 2019-11-21 03:24 - 000000000 ____D C:\Users\adi\AppData\Local\cache
2021-05-15 19:07 - 2020-05-04 00:57 - 000000000 ____D C:\Users\adi\AppData\Roaming\vlc
2021-05-15 19:03 - 2021-03-31 18:17 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-15 19:02 - 2016-09-29 14:36 - 002433223 ____N C:\WINDOWS\Minidump\051521-12296-01.dmp
2021-05-14 14:11 - 2017-05-16 20:19 - 000000000 ____D C:\Users\adi\Desktop\_TDC
2021-05-14 08:51 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-14 08:41 - 2018-02-17 16:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-14 00:40 - 2021-03-16 23:30 - 005196264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-14 00:39 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-13 19:53 - 2016-10-13 23:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-05-13 19:34 - 2020-06-20 17:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-13 15:56 - 2020-03-17 15:49 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-05-13 10:01 - 2021-03-05 16:16 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-05-13 10:01 - 2021-03-05 16:16 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-05-12 19:01 - 2021-02-08 21:43 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-12 09:16 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 09:16 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 09:04 - 2016-10-15 15:36 - 000000000 ____D C:\Program Files\Adobe
2021-05-12 09:02 - 2016-10-07 00:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 08:59 - 2016-10-17 22:35 - 000000000 ____D C:\Users\Public\Documents\Adobe
2021-05-12 08:59 - 2016-10-17 22:35 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-05-12 08:49 - 2016-10-15 15:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-05-12 08:49 - 2016-10-14 21:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-05-12 08:49 - 2016-10-07 00:00 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-10 19:02 - 2016-09-29 14:36 - 002292437 ____N C:\WINDOWS\Minidump\051021-8625-01.dmp
2021-05-09 20:16 - 2019-02-04 22:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-09 16:24 - 2018-12-12 22:56 - 000000000 ____D C:\_Portable Software
2021-05-09 16:22 - 2017-04-06 00:12 - 000000000 ____D C:\Users\adi\AppData\LocalLow\Mozilla
2021-05-08 16:52 - 2016-10-13 23:21 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-05-08 16:52 - 2016-10-13 23:21 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-05-08 16:52 - 2016-10-13 23:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-08 16:44 - 2016-10-14 21:35 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-05-08 15:59 - 2020-08-03 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2021-05-08 15:59 - 2020-08-03 22:17 - 000000000 ____D C:\Program Files\Native Instruments
2021-05-08 15:56 - 2020-08-03 22:18 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2021-05-08 15:03 - 2020-08-03 22:18 - 000000000 ____D C:\Users\adi\AppData\Roaming\Native Instruments
2021-05-08 15:03 - 2020-08-03 22:18 - 000000000 ____D C:\Users\adi\AppData\Local\Native Instruments
2021-05-08 14:06 - 2020-04-01 18:21 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-07 22:43 - 2018-01-21 22:26 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-05-07 08:05 - 2021-03-16 23:46 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-884149921-2065793029-3257327610-1001
2021-05-07 08:05 - 2021-03-16 23:34 - 000002410 _____ C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-06 20:20 - 2016-10-17 23:30 - 000000000 ____D C:\Users\adi\Desktop\_Output
2021-05-06 17:19 - 2016-10-06 23:00 - 000000000 ____D C:\Users\adi\AppData\Roaming\Adobe
2021-05-04 22:46 - 2021-03-16 23:46 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-05-04 22:46 - 2021-03-16 23:46 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-05-04 14:14 - 2020-02-06 22:56 - 000000081 _____ C:\Users\adi\AppData\Local\FILM_AE_LogFile.txt
2021-05-03 20:49 - 2018-01-21 22:34 - 000000000 ____D C:\Users\adi\AppData\Roaming\helm
2021-05-03 20:49 - 2016-10-17 23:22 - 000000000 ____D C:\Users\adi\AppData\Roaming\REAPER
2021-05-03 20:45 - 2016-10-17 23:22 - 000000876 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2021-05-03 20:45 - 2016-10-17 23:22 - 000000876 _____ C:\ProgramData\Desktop\REAPER (x64).lnk
2021-05-03 20:45 - 2016-10-17 23:22 - 000000000 ____D C:\Program Files\REAPER (x64)
2021-05-03 00:27 - 2021-03-17 09:20 - 000000000 ____D C:\Users\adi\AppData\Roaming\bandlab-assistant
2021-05-02 22:27 - 2021-03-17 09:20 - 000002480 _____ C:\Users\adi\Desktop\BandLab Assistant.lnk
2021-05-02 22:27 - 2021-03-17 09:20 - 000000000 ____D C:\Users\adi\Documents\BandLab
2021-05-02 22:26 - 2021-03-17 09:20 - 000000000 ____D C:\Users\adi\AppData\Local\bandlab-assistant-updater
2021-05-01 15:38 - 2020-09-23 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-05-01 15:38 - 2020-07-14 21:28 - 000001805 _____ C:\Users\adi\Desktop\NordVPN.lnk
2021-05-01 15:38 - 2020-07-14 21:28 - 000000000 ____D C:\ProgramData\NordVPN
2021-05-01 15:38 - 2020-07-14 21:28 - 000000000 ____D C:\Program Files\NordVPN
2021-05-01 15:38 - 2020-02-04 20:46 - 000000000 ____D C:\Users\adi\AppData\Local\NordVPN
2021-05-01 15:33 - 2016-12-30 22:32 - 000001176 _____ C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2021-04-30 20:49 - 2018-01-17 00:00 - 000000633 _____ C:\Users\adi\Documents\mtpdk.mid
2021-04-30 19:57 - 2021-03-17 20:46 - 000001924 _____ C:\Users\Public\Desktop\Cakewalk by BandLab.lnk
2021-04-30 19:57 - 2021-03-17 20:46 - 000001924 _____ C:\ProgramData\Desktop\Cakewalk by BandLab.lnk
2021-04-30 16:59 - 2020-04-22 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-04-29 23:46 - 2017-01-20 13:58 - 000000000 ____D C:\Users\adi\AppData\Roaming\tixati
2021-04-29 19:51 - 2020-05-05 18:34 - 000000000 ____D C:\Users\adi\Downloads\_tixati-download-in-progress-folder
2021-04-26 20:18 - 2016-10-14 22:05 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-04-26 10:25 - 2018-01-05 19:25 - 000000000 ____D C:\Users\adi\AppData\LocalLow\LastPass
2021-04-26 09:28 - 2021-03-16 23:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-21 21:55 - 2016-10-19 15:14 - 000001456 _____ C:\Users\adi\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-04-20 15:52 - 2021-03-16 23:46 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 15:52 - 2021-03-16 23:46 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-18 16:12 - 2020-07-05 15:12 - 000001157 _____ C:\Users\adi\Desktop\MusicBee.exe - Shortcut.lnk
2021-04-18 10:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories ========
 
2016-10-15 14:26 - 2019-03-09 16:02 - 000000033 _____ () C:\Users\adi\AppData\Roaming\AdobeWLCMCache.dat
2019-08-07 20:45 - 2019-08-11 22:51 - 000000028 _____ () C:\Users\adi\AppData\Roaming\kulerdata.json
2020-12-24 23:24 - 2020-12-24 23:24 - 000001315 _____ () C:\Users\adi\AppData\Roaming\Roaming - Shortcut.lnk
2018-11-13 15:47 - 2020-04-28 10:10 - 000000600 _____ () C:\Users\adi\AppData\Roaming\winscp.rnd
2016-10-19 15:14 - 2021-04-21 21:55 - 000001456 _____ () C:\Users\adi\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-04-12 20:52 - 2017-05-25 23:08 - 000000058 _____ () C:\Users\adi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-09-08 20:53 - 2017-09-08 20:53 - 000000063 _____ () C:\Users\adi\AppData\Local\emaildefaults
2020-02-06 22:56 - 2021-05-04 14:14 - 000000081 _____ () C:\Users\adi\AppData\Local\FILM_AE_LogFile.txt
2017-09-13 20:35 - 2017-09-13 20:35 - 000000039 _____ () C:\Users\adi\AppData\Local\kritadisplayrc
2017-09-08 20:53 - 2017-09-13 20:35 - 000015739 _____ () C:\Users\adi\AppData\Local\kritarc
2018-09-26 09:19 - 2018-09-26 09:19 - 000000000 _____ () C:\Users\adi\AppData\Local\oobelibMkey.log
2016-11-10 15:57 - 2020-09-29 13:10 - 000000600 _____ () C:\Users\adi\AppData\Local\PUTTY.RND
2017-01-15 13:05 - 2020-07-07 21:10 - 000007610 _____ () C:\Users\adi\AppData\Local\Resmon.ResmonCfg
2016-10-15 16:35 - 2016-10-15 16:35 - 000000003 _____ () C:\Users\adi\AppData\Local\updater.log
2016-10-15 16:35 - 2016-10-15 16:39 - 000000059 _____ () C:\Users\adi\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by adi (18-05-2021 09:35:37)
Running from C:\Users\adi\Desktop
Windows 10 Home Version 20H2 19042.985 (X64) (2021-03-17 03:46:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
adi (S-1-5-21-884149921-2065793029-3257327610-1001 - Administrator - Enabled) => C:\Users\adi
Administrator (S-1-5-21-884149921-2065793029-3257327610-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-884149921-2065793029-3257327610-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-884149921-2065793029-3257327610-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-884149921-2065793029-3257327610-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-884149921-2065793029-3257327610-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
4K Video Downloader 4.12 (HKLM-x32\...\{36DCC913-017B-43A0-85C2-9805270E38BB}) (Version: 4.12.1.3580 - Open Media LLC)
4K YouTube to MP3 (HKLM\...\{0937BD02-434D-49A9-B469-E1DD08337A07}) (Version: 4.0.0.4230 - Open Media LLC)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ActivePresenter (HKLM\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 8.0.6 - Atomi Systems, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_7) (Version: 17.7 - Adobe Inc.)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_2) (Version: 18.2 - Adobe Inc.)
Adobe Animate 2020 (HKLM-x32\...\FLPR_20_5) (Version: 20.5 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_13) (Version: 13.0.13 - Adobe Inc.)
Adobe Audition 2021 (HKLM-x32\...\AUDT_14_2) (Version: 14.2 - Adobe Inc.)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0_2) (Version: 11.0.2 - Adobe Inc.)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_2_3) (Version: 25.2.3 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_1) (Version: 16.1 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_2) (Version: 10.2 - Adobe Inc.)
Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_2) (Version: 15.2 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4) (Version: 22.4.0.195 - Adobe Inc.)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_5) (Version: 13.1.5 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_9) (Version: 14.9 - Adobe Inc.)
Adobe Premiere Pro 2021 (HKLM-x32\...\PPRO_15_2) (Version: 15.2 - Adobe Inc.)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_1_2) (Version: 12.1.2 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Ample Guitar LP version 3.1.0 (HKLM-x32\...\{057CB0CA-C238-4488-87F9-8F9EFC8B8CF9}_is1) (Version: 3.1.0 - Ample Sound Technology Co., Ltd.)
Ample Guitar M Lite II version 2.0.2 (HKLM-x32\...\{548F88E8-79D2-441F-B87B-E71754257651}_is1) (Version: 2.0.2 - Ample Sound Technology Co., Ltd.)
Apowersoft Online Launcher version 1.8.0 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.0 - APOWERSOFT LIMITED)
Atom (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\atom) (Version: 1.54.0 - GitHub Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 7.0.17.0 - Auslogics Labs Pty Ltd)
BandLab Assistant 7.0.0 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 7.0.0 - BandLab Technologies)
Blender (HKLM\...\{6B32721F-EA02-40BB-B781-92404BA3485C}) (Version: 2.79.1 - Blender Foundation)
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version:  - Bome Software GmbH & Co. KG)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 27.01.0.098 - BandLab Singapore Pte Ltd.)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.2.0 - Canon Inc.)
Canon TS6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6300_series) (Version: 1.01 - Canon Inc.)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{BC32F933-5365-43A8-8174-D469249D5A90}) (Version: 4.9.04053 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.04053 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{39CCD15F-6D82-4D13-8495-69B7C501B6B5}) (Version: 4.9.04053 - Cisco Systems, Inc.) Hidden
Control Center 5.0001.0.81 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.0.81 - )
Core Temp 1.17 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17 - ALCPU)
Data Lifeguard Diagnostic version 1.36 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dexed version 0.9.4 (HKLM\...\Dexed_is1) (Version: 0.9.4 - Digital Suburban)
Dropbox (HKLM-x32\...\Dropbox) (Version: 122.4.4867 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.)
Exodus (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\exodus) (Version: 21.4.12 - Exodus Movement Inc)
Fidelity Active Trader Pro® (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\a36ba76f6187edff) (Version: 10.7.123.0 - Fidelity Investments)
FileZilla Client 3.45.1 (HKLM-x32\...\FileZilla Client) (Version: 3.45.1 - Tim Kosse)
Fingerprint Driver (HKLM-x32\...\{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.) Hidden
Focusrite Usb 4.65.5.658 (HKLM\...\Focusrite Usb_is1) (Version: 4.65.5.658 - Focusrite Audio Engineering, Ltd.)
FontBase 2.15.3 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\ffc1e284-e25b-515d-b453-93eb9fe955eb) (Version: 2.15.3 - Dominik Levitsky Studio, LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
FreeFileSync 11.6 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.6 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
GoPro Studio (HKLM-x32\...\{7BDB9575-D4C8-42B0-84EA-1CD654F63637}) (Version: 5.10.4320 - GoPro, Inc.) Hidden
GoTo Opener (HKLM-x32\...\{2C183CF0-3077-43D0-B001-F93AC5E68942}) (Version: 1.0.487 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
Grace 64bit 1.0.4.9 (HKLM\...\Grace_is1) (Version:  - One Small Clue)
Grace Factory Content 1.0 (HKLM-x32\...\Grace Factory Content_is1) (Version:  - One Small Clue)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
hdAlbum EZ (HKLM-x32\...\{014BBF3C-D9C4-4FD0-857D-E7DDC95263C0}) (Version: 1.7.1.6 - Canon Inc.)
Helm (HKLM\...\{971514BD-7CC3-414F-9258-B79E6D53EC46}) (Version: 0.9.0.0 - Matt Tytel)
HP Universal Fax Driver (HKLM\...\{C2B45120-48BB-41FC-A1A7-4FF24DA5CDA3}) (Version: 2.0.100.0 - HP Inc.)
InqScribe 2.2.4.262 (HKLM-x32\...\InqScribe_is1) (Version:  - Inquirium, LLC)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
iZotope RX 7 Audio Editor (HKLM\...\RX 7 Audio Editor_is1) (Version: 7.0.1 - iZotope)
Krita (x64) 3.2.1.0 (HKLM\...\Krita_x64) (Version: 3.2.1.0 - Krita Foundation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LibreOffice 6.3.4.2 (HKLM\...\{191F4D69-B671-4163-BB01-901B89A20D04}) (Version: 6.3.4.2 - The Document Foundation)
Magic Bullet Suite (HKLM\...\Magic Bullet Suite v13.0.15) (Version:  - Red Giant LLC)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon)
Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon)
MediaInfo 21.03 (HKLM\...\MediaInfo) (Version: 21.03 - MediaArea.net)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1109.411 - Microsoft Corporation)
MOTU M Series (HKLM\...\com_motu_installer_core_uac_is1) (Version: 4.0.8.8030 - MOTU, Inc.)
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
Mullvad (HKLM-x32\...\Product) (Version:  - )
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 2.6.2 - MusicBrainz)
Native Instruments Blocks Base (HKLM-x32\...\Native Instruments Blocks Base) (Version: 1.0.1.1 - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.2.547 - Native Instruments)
Native Instruments Expansions Selection (HKLM-x32\...\Native Instruments Expansions Selection) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Kinetic Treats (HKLM-x32\...\Native Instruments Kinetic Treats) (Version: 1.1.0.4 - Native Instruments)
Native Instruments Komplete Kontrol (HKLM-x32\...\Native Instruments Komplete Kontrol) (Version: 2.6.0.198 - Native Instruments)
Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version:  - Native Instruments)
Native Instruments Komplete Kontrol MK2 Driver (HKLM-x32\...\Native Instruments Komplete Kontrol MK2 Driver) (Version:  - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.5.3.125 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.2.1 - Native Instruments)
Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: 1.1.0.14 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.3.136 - Native Instruments)
Native Instruments NIHostIntegrationAgent (HKLM-x32\...\Native Instruments NIHostIntegrationAgent) (Version: 1.10.2.5 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.1.0.96 - Native Instruments)
Native Instruments Play Series Selection (HKLM-x32\...\Native Instruments Play Series Selection) (Version: 1.0.0.6 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.4.0.2 - Native Instruments)
Native Instruments Reaktor Factory Selection R2 (HKLM-x32\...\Native Instruments Reaktor Factory Selection R2) (Version: 1.0.1.7 - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.3.1.45 - Native Instruments)
Native Instruments Traktor DJ 2 (HKLM-x32\...\Native Instruments Traktor DJ 2) (Version: 2.4.1.478 - Native Instruments)
Native Instruments TRK-01 Bass (HKLM-x32\...\Native Instruments TRK-01 Bass) (Version: 1.0.0.10 - Native Instruments)
Neat Video v5.1.9 Home plug-in (Second Revision) for Premiere (HKLM\...\Neat Video v5 (SR) for Premiere_is1) (Version:  - Neat Video team, ABSoft)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.36.6.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.6.0 - Canon Inc.)
PyScripter 3.6.4 (x64) (HKLM\...\PyScripter_is1) (Version: 3.6.4 - PyScripter)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
Quik (HKLM\...\{6249867C-ACE2-4400-AD50-4D6945A8EA8A}) (Version: 0.1.4320 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{0d91b40f-e179-491c-a726-cd71dc297e8a}) (Version: 2.0.0.4320 - GoPro, Inc.)
RE:Flex v5 for After Effects (HKLM\...\RE:Flex v5 for After Effects 5.3.1) (Version: 5.3.1 - RE:Vision Effects)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21291 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8172 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.6.0.0 - den4b Team)
RingCentral Meetings (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\RingCentralMeetings) (Version: 21.1 - Zoom Video Communications, Inc. and RingCentral Inc.)
Samsung Portable SSD Software (HKLM-x32\...\SamsungPortableSSD_is1) (Version: 1.5.0.13 - Samsung Electronics)
SecureW2 Enterprise Client 3.5.17 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.4.0 - ShareX Team)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Signal 1.40.0 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.40.0 - Open Whisper Systems)
Sinnah 1.1.0 (HKLM-x32\...\NUSofting Sinnah VST Synthesizer_is1) (Version: 1.1.0 - NUSofting)
Skype version 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
SoulseekQt version 2019.7.22 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2019.7.22 - Soulseek LLC)
Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.18 - Creative Technology Limited)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.2.20 - Spitfire Audio Holdings Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.121 - Synaptics Incorporated)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.7.1965 - TeamViewer)
Thonny 3.2.7 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Thonny_is1) (Version: 3.2.7 - Aivar Annamaa)
Tixati (HKLM-x32\...\tixati) (Version:  - )
TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)
Twixtor v7 for After Effects and Premiere Pro (HKLM\...\Twixtor v7 for After Effects and Premiere Pro 7.1.1) (Version: 7.1.1 - RE:Vision Effects)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VFW_Codec32 (HKLM-x32\...\{FCA86F94-8BCA-491D-AFF9-90921796FCD8}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{341735D3-32CF-41BC-8C9B-FDE3975452DB}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Virtual Creations Ultra Phazer version 1.4 (HKLM-x32\...\{3E0D82E0-94B1-47C7-ABEC-D3B5252A45DA}_is1) (Version: 1.4 - Virtual Creations)
Visual Studio Community 2017 (HKLM-x32\...\2fd452a2) (Version: 15.9.28307.1216 - Microsoft Corporation)
Vital version 1.0.8 (HKLM\...\Vital_is1) (Version: 1.0.8 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd)
VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd)
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8  - Winamp SA)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
WinSCP 5.13.4 (HKLM-x32\...\winscp3_is1) (Version: 5.13.4 - Martin Prikryl)
Zoom (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)
 
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_34.1.12.9_x64__adky2gkssdxte [2020-10-26] (Adobe Systems Incorporated)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.193.200.0_x86__kgqvnymyfvs32 [2021-05-13] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-08] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-10] (Microsoft Studios) [MS Ad]
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-20] (Pandora Media Inc) [Startup Task]
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.1520.0_x64__qbz5n2kfra8p0 [2021-05-05] (Python Software Foundation)
Stop Motion Studio Pro -> C:\Program Files\WindowsApps\Cateater.StopMotionStudioPro_3.1.8743.0_x64__eyzsqz3m42c14 [2021-04-10] (Cateater)
ToastWallet -> C:\Program Files\WindowsApps\ToastWallet_2.2.16.0_x64__v6a5p17k08cr4 [2018-02-17] (StarStone Limited)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BF47F8059B62} -> [Creative Cloud Files] => C:\Users\adi\Creative Cloud Files [2016-10-14 21:35]
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\adi\Dropbox [2016-10-17 20:49]
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-02] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\system32\CFHD.dll [1334784 2016-10-11] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2016-10-11] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd
 
==================== Loaded Modules (Whitelisted) =============
 
2020-07-04 11:04 - 2018-06-06 05:59 - 000034392 _____ ((: JOBnik! :) [Arthur Aminov, ISRAEL]) [File not signed] C:\Users\adi\OneDrive\MusicBee\bass_fx.dll
2020-07-04 11:04 - 2018-08-30 15:24 - 000101376 _____ () [File not signed] C:\Users\adi\OneDrive\MusicBee\MusicBeeBass.dll
2021-02-02 01:49 - 2021-02-02 01:49 - 000021504 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\en_il\Acrobat Elements\ContextMenuShim64.meh
2021-04-11 10:51 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-07-04 11:04 - 2015-07-17 10:41 - 000021257 _____ (MaresWEB) [File not signed] C:\Users\adi\OneDrive\MusicBee\bass_mpc.dll
2020-02-06 21:24 - 2020-02-06 21:24 - 002080256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Red Giant\Services\LIBEAY32.dll
2020-07-04 11:04 - 2019-01-16 11:34 - 000127669 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bass.dll
2020-07-04 11:04 - 2019-08-07 09:58 - 000018456 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bassasio.dll
2020-07-04 11:04 - 2014-06-11 11:18 - 000019478 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\basscd.dll
2020-07-04 11:04 - 2018-01-16 09:08 - 000020700 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bassmix.dll
2020-07-04 11:04 - 2017-11-15 11:54 - 000013754 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\basswasapi.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2021-05-17 09:34 - 000002082 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
2017-05-10 10:12 - 2017-05-10 10:12 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-884149921-2065793029-3257327610-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: Shrew Soft Lightweight Filter -> vflt (enabled) 
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
PIA: NordVPN LightWeight Firewall -> NordLwf (enabled) 
PIA: Shrew Soft Lightweight Filter -> vflt (enabled) 
Ethernet: Shrew Soft Lightweight Filter -> vflt (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 2: Shrew Soft Lightweight Filter -> vflt (enabled) 
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 3: Shrew Soft Lightweight Filter -> vflt (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\StartupFolder: => "REAPER (x64).lnk"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_07E978E6F2BBB4AB0BC801F515EC9ED3"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "Skype for Desktop"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AA2CCEA0-2320-448C-8C39-FAAE6A679473}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC824881-4C23-40CD-BE20-C2AB7653D99D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{E74ACF85-BF75-440C-8249-422CFA806AEB}C:\python39\python.exe] => (Allow) C:\python39\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{A541091E-F391-4E7E-B43E-C12BA8C6051F}C:\python39\python.exe] => (Allow) C:\python39\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [{8A610377-AE73-448B-AE24-313BE5A7FB04}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\rlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{2AAB44ED-261C-481E-9ADA-99B4E6CD67B1}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\ActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{04223425-BBC0-4C9C-A409-30CBE9AAAC8A}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{34040D0C-9C4C-4E57-998D-D21A2645CCBA}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{4F4EF93B-A237-4CA6-A145-F82C655AC087}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{68E47032-0795-4B5A-A65B-A36E5CE9EEB8}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{FAF22CCC-8092-4EF1-AE06-1F134A5AE496}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{744A382B-B391-467F-8A85-7FDA9B131F0F}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{E643F134-A549-4A19-98E2-8DC46816EA32}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{EC17F8C3-D303-41D2-A682-E8A003CF3DEB}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{CBAD69B3-194D-4BF5-877C-1EF46ACCA92B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4FC87FC6-57F4-44C8-8935-DF767A918AA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CB455A41-F1B1-4C7E-9454-B34C1F172C46}] => (Allow) C:\Users\adi\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BD973EFC-1885-4DEC-A158-9F229D97A43E}] => (Allow) C:\Users\adi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A0FCDF2B-EC00-440B-AAC9-39784ACC03DE}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [{7DE68EE7-C2F9-4AD1-B310-A5BA1BAAD941}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [UDP Query User{95604A7B-903A-41A4-95C0-AE2E4A11A405}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [TCP Query User{8DAD314A-71E5-4D37-BAF7-B9F112775C70}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [{BA264A83-A5D4-4458-A6E8-34940B6BA556}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{02E535C6-069C-4630-B9D6-1850FA9D8C7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9330C993-0F69-4AF9-8E48-422C4BF5B788}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7C7F6AA9-FFCE-457C-89C7-AA1CD27816F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{166609B7-1B93-4C2C-9BB6-69336EFA2225}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [UDP Query User{4C3E8E1D-302C-4F77-A59F-C63CC193B8DF}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{EADD2A65-A3A2-4EB8-940C-5968391B691D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [{D9014FDF-5E61-4714-96D8-C66E42921DE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{78A06FEB-FFFB-4B70-A53C-077E9A2D3D7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{320D9E24-4DE8-4B04-8CA5-6FA3536BBA69}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{BF3FA4F7-EAEA-4780-924E-A6310DF19A99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4843FDCB-AEAF-4DCD-826F-067487FF8516}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{35D99ECD-3442-4389-B552-9C0228FADD9F}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{E93E041E-A06B-4944-B236-54B8E3119687}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{E1D5BD5A-3A11-45E4-8A38-27EE1041E2AB}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{64A51DCB-552A-4AD9-818F-05FEDDD45C09}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\Quik.exe (GoPro, Inc. -> )
FirewallRules: [TCP Query User{D22D4B15-80CC-414D-BE6B-3A4430AB834D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{01473F1D-C871-4C84-8D84-E19C3C7AD890}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A1715051-4C4C-4DEE-8DD5-AB3BB9E039D8}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{7C3F7C17-C1BA-449E-A327-7092658D5A51}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{3DBE9525-1E5C-4E40-9690-783574E13058}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{BEE36E6A-4568-4C6A-B76D-B1301C7B5127}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{1F34130F-65FE-4656-951D-91E9ED6C09A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DD067EF5-C721-459C-A678-C37408DF1F8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4BC61077-8C55-4946-9D15-7763037FACDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{603373A2-C107-4798-9291-CEC423813844}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3C46315C-B5B0-4A11-9055-A41F7573B5EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A9FBFB13-8F38-46A8-BC5A-48CFE88F5413}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{D3118CCB-ABD2-4A5C-BF3E-F96C22788A1E}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B23484F4-DCB7-465B-9DA8-F5B6FCE82A15}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{40906640-AEB4-4604-A3A4-ED7A7EA5DAAC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C8D135A7-A85E-454B-9999-6151C9FA1E2D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{331ACD54-4BD7-4E01-BFF4-77D818812BBA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{17147A35-4D68-484C-A12E-12B072ECA05F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{680FA605-0A91-4699-8C1C-9518B2981B36}] => (Allow) C:\Program Files\HP\HP Universal Fax Driver\bin\SendAFax.exe (HP Inc -> HP Development Company, L.P.)
FirewallRules: [{0099C546-9805-476D-BAC4-4F52D252309F}] => (Allow) C:\Program Files\HP\HP Universal Fax Driver\bin\FaxPrinterUtility64.exe (HP Inc -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{6D30DDD5-912D-4124-92D1-2EDE0668DC39}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9D5E1683-4B95-461D-9B21-67F461D6738C}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{07A327AC-9546-4390-BFE2-6C8EBDABD24A}C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [UDP Query User{74F4DAEB-3F16-4441-9A45-36637FD81180}C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [{AF4319ED-176F-431F-AB25-18014CBF9AF9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D851E5C0-62FA-45B3-AAD1-2BE53729E1C6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{40ED6EF7-C8F8-41DC-AE97-E11E35A21C60}] => (Allow) D:\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{B563B94E-C1B8-4B24-9A37-5CE8454AFA66}] => (Allow) D:\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{5EC3AAA1-165C-4496-B4D4-E6593A224EA1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{59F76768-0D76-482A-86EC-F00D4F4632BA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{1DAE1806-A839-4FF6-BBF4-49E283A8506A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{114700DB-DD0A-4BB9-AC40-5AE6692B42A6}] => (Allow) C:\Users\adi\AppData\Roaming\RingCentralMeetings\bin\RingCentralMeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{DBCC2261-8A97-42AB-808F-36382DD623B3}] => (Allow) C:\Users\adi\AppData\Roaming\RingCentralMeetings\bin\airhost.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{0DBD74DA-83DB-4244-9081-0DB3AE75FE69}] => (Allow) C:\Users\adi\AppData\Roaming\RingCentralMeetings\bin\airhost.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
 
==================== Restore Points =========================
 
08-05-2021 10:16:54 Scheduled Checkpoint
12-05-2021 09:02:22 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/18/2021 12:20:03 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Hollie (M:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (05/17/2021 02:51:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:51:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:33:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:33:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:04:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:04:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:03:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
 
System errors:
=============
Error: (05/17/2021 08:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/17/2021 08:46:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adi\AppData\Local\Temp\ehdrv.sys
 
Error: (05/17/2021 08:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/17/2021 08:46:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adi\AppData\Local\Temp\ehdrv.sys
 
Error: (05/17/2021 08:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/17/2021 08:46:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adi\AppData\Local\Temp\ehdrv.sys
 
Error: (05/17/2021 08:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/17/2021 08:46:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adi\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
================
Date: 2021-05-13 09:28:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-12 10:19:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-11 09:52:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-11 09:46:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-10 09:11:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-14 09:05:12
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2021-05-12 18:09:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.514.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2021-05-10 19:15:31
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.360.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-05-05 19:08:07
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.631.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-05-05 19:08:07
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.631.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.05.03LS2 08/25/2016
Motherboard: Notebook P65xRP
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 36%
Total physical RAM: 32651.86 MB
Available physical RAM: 20829.81 MB
Total Virtual: 34699.86 MB
Available Virtual: 21724.5 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:464.54 GB) (Free:152.85 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:227.99 GB) NTFS
Drive m: (Hollie) (Fixed) (Total:465.76 GB) (Free:236.67 GB) NTFS
 
\\?\Volume{ed5df3df-5ad8-46db-857b-8fcd7d7d50b0}\ (Windows RE tools) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{3e848c4c-dc00-40e4-aa5f-9ad8203f65b5}\ () (Fixed) (Total:0.55 GB) (Free:0.07 GB) NTFS
\\?\Volume{b5e248b8-09dc-48bd-aa83-b5f047c3f60e}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FF3265EB)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: FF32659C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
 

  • 0

#25
DR M
Posted 18 May 2021 - 09:28 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi, adifrank.
 
Your logs are clean now. 
 
However:
 
I missed that you had SoulseekQt version 2019.7.22 installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

 

If you don't uninstall it, your computer will probably get infected, as soon as you use it again. But it is your computer and of course your decision.

 
====================================
 
You said the following earlier:
 

  • It seems about three or four years ago I tried out this VPN service. It didn't help me with what I needed so I canceled the subscription but it's possible there are leftover files. I don't need this program and I'm find with removing anything related to it from my computer

 
I see that you have these VPN programs installed in the computer:
 
NordVPN 
NordVPN network TAP 
NordVPN network TUN
Shrew Soft VPN Client 
TAP-NordVPN 9.21.2

 

Although we were talking about another stuff (Private Internet Access Startup), I have to ask you if you intentionally have the above programs installed. If not, please uninstall them.

 

=======================================

 

 

In your next reply please post:

  1. Any program you uninstalled
  2. Feedback: How is the computer running now? 

  • 0

Advertisements

#26
adifrank
Posted 18 May 2021 - 10:28 AM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hi

 

Re: Soulseek

Okay, I'll uninstall it. Thanks!

 

Re: VPN

  1. NordVPN — I purchased NordVPN and I use it from time to time. I don't know what the different variants you listed are (NordVPN network TAP, NordVPN network TAN, TAP-NordVPN 9.21.2). If these are part of the standard installation then they are probably safe. But I honestly don't know what these different components do or whether I need them or not, assuming they're legit.
  2. ShrewSoft VPN Client — not sure what this is. I don't have any record of this in my emails and the IT guy at work doesn't recognize it, so I believe it's safe to say I don't need it.

I'm not sure if you intentionally didn't mention Cisco AnyConnect VPN Client — did that VPN also come up in my logs? I just thought to mention that I DO need this for working remotely with my office.

 

Thanks!


  • 0

#27
DR M
Posted 18 May 2021 - 10:36 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

I'm not sure if you intentionally didn't mention Cisco AnyConnect VPN Client — did that VPN also come up in my logs? I just thought to mention that I DO need this for working remotely with my office.

 
You have other Cisco products installed and shown in the logs. Probably they do the job for you.
 
 

NordVPN — I purchased NordVPN and I use it from time to time. I don't know what the different variants you listed are (NordVPN network TAP, NordVPN network TAN, TAP-NordVPN 9.21.2). If these are part of the standard installation then they are probably safe. But I honestly don't know what these different components do or whether I need them or not, assuming they're legit.

 

Yes, if you need NordVPN, then do not uninstall anything related to the product.

 

 

==============================

 
Uninstall the programs you decide to uninstall and let me know about it.
 
After that, I would like to see fresn FRST logs (FRST and Addition).

 

Can I also have feedback about how is the computer running now, please?

 

Thanks. :)


  • 0

#28
adifrank
Posted 18 May 2021 - 02:47 PM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hi.

 

Uninstalled: Soulseek and ShrewSoft VPN Client

 

Regarding "Private Internet Access" — I wasn't able to find anything related to this, or to "PIA" in the Windows add/remove application window.

 

 

So here are the latest FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-05-2021
Ran by adi (administrator) on ADI-SAGER-NP815 (Notebook P65xRP) (18-05-2021 17:09:56)
Running from C:\Users\adi\Desktop
Loaded Profiles: adi
Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <39>
(GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Software -> Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Red Giant   LLC -> Red Giant LLC) C:\Program Files\Red Giant\Services\Red Giant Service.exe
(ShareX Team) [File not signed] C:\Program Files\ShareX\ShareX.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <6>
(Steven Mayall) [File not signed] C:\Users\adi\OneDrive\MusicBee\MusicBee.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18378208 2017-06-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-01] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [41088 2014-02-21] (Creative Technology Ltd -> Creative Technology Ltd.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2016-10-11] (GoPro, Inc. -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Focusrite Notifier] => C:\Program Files\FocusriteUSB\Focusrite Notifier.exe [5029376 2020-06-02] (Focusrite Audio Engineering, Ltd.) [File not signed]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [MOTUMSeries.exe] => C:\Program Files (x86)\MOTU\CoreUAC\MOTUMSeries.exe [239736 2021-03-26] (Mark of the Unicorn, Inc -> MOTU)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB5] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe [871936 2016-06-15] (Creative Technology Ltd) [File not signed]
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) [File not signed]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8172264 2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-12] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [272200 2017-04-01] (SecureW2 -> SecureW2 B.V.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [271496 2017-11-02] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5237432 2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-11-19] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11219376 2020-12-25] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [680728 2021-05-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [electron.app.FontBase] => C:\Users\adi\AppData\Local\Programs\FontBase\FontBase.exe [131458184 2021-04-22] (Dominik Levitsky Studio, LLC -> Dominik Levitsky Studio, LLC)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [109961080 2021-04-23] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [277688 2021-03-31] (TEFINCOM S.A. -> TEFINCOM S.A.)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5536440 2021-04-27] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Run: [GoogleChromeAutoLaunch_07E978E6F2BBB4AB0BC801F515EC9ED3] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\...\Windows x64\Print Processors\Canon TS6300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFQ.DLL [509952 2019-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65496 2021-02-02] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6300 series: C:\Windows\system32\CNMLMFQ.DLL [940032 2019-07-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 7212 Status Monitor: C:\Windows\system32\hpinksts7212LM.dll [336904 2014-07-15] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\MONVNC: C:\Windows\system32\VNCpm.dll [37704 2017-05-19] (RealVNC Ltd -> RealVNC Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
Startup: C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\REAPER (x64).lnk [2016-10-17]
ShortcutTarget: REAPER (x64).lnk -> C:\Program Files\REAPER (x64)\reaper.exe (Cockos Incorporated -> Cockos Incorporated)
Startup: C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2018-06-26]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2021-03-17] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2021-05-08]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NotificationTool.lnk [2020-03-17]
ShortcutTarget: NotificationTool.lnk -> C:\Program Files (x86)\Canon\hdAlbum EZ\NotificationTool.exe (Canon Inc. -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-05-08]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BCC5260-9A56-44FE-93DD-2C695686C3CC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0ED6B4DC-1B10-4021-9EF7-D211C17B15E7} - System32\Tasks\update-S-1-5-21-884149921-2065793029-3257327610-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {22F2CFAF-54BE-4118-B7A3-7472D78BEA03} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2A79E818-FBC7-4F42-A9D9-367DC66CEA93} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C8BF2A6-2805-4280-9E31-ED611AEBA9D8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3EB9C998-FE96-460C-AC28-F3FFB6E0624B} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [8906097 2017-10-01] () [File not signed]
Task: {4651E58D-A552-47BD-B28F-79A728C8E251} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5174C6D2-5698-4A7A-87DB-7102203AE592} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {5C15533D-EADC-4C58-94D4-D80AEB769C16} - System32\Tasks\Core Temp Autostart adi => C:\Program Files\Core Temp\Core Temp.exe [1031512 2021-04-01] (ALCPU -> ALCPU)
Task: {5E9DC04A-2971-4D85-AA35-BBC137944873} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {612D0098-5821-4ADE-B1DE-6FBE759FEC0C} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\adi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007456 2021-05-17] (ESET, spol. s r.o. -> ESET)
Task: {69C8F1A7-A15F-44C8-A1EE-6DBCC06E327B} - System32\Tasks\G2MUpdateTask-S-1-5-21-884149921-2065793029-3257327610-1001 => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6E46AFF3-57C2-428A-8146-B1A0C00A6A1A} - System32\Tasks\G2MUploadTask-S-1-5-21-884149921-2065793029-3257327610-1001 => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {729D9C1F-1CA6-4523-B7F3-CCB4555FF5AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {72E6BDBA-196D-4481-A45A-B7EEB13DD79E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7C7FACA0-0372-4957-B99A-08EE3752F2F8} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\SamsungPortableSSDMon.exe [775624 2017-05-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics)
Task: {7FEE5859-8A4A-47FD-A47D-966619876F44} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1741576 2016-03-17] (Intel® Software -> Intel Corporation)
Task: {821924CF-3EA7-400C-BB3C-DF875FA62BDD} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\adi\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007456 2021-05-17] (ESET, spol. s r.o. -> ESET)
Task: {86C6CB61-A780-4705-9AB7-0263EB845757} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A4671DD-76B1-492C-A260-03FD318CCF7E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {91CB1EDC-9453-4EC7-A81F-BB0445F5A865} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {97319470-700A-48EE-8B24-C4E39FAD6F3B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9E9804BC-E9C4-486B-BF3A-FD1BA5C55216} - System32\Tasks\AdobeAAMUpdater-1.0-ADI-SAGER-NP815-adi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A41481F8-DC44-4DC8-BB45-5193ABE80B4B} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [272200 2017-04-01] (SecureW2 -> SecureW2 B.V.)
Task: {A44BB0C9-12EA-4457-897B-59A93DD7214F} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A8A6EC50-3DCA-4546-BA48-528CCB70A456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-06] (Google Inc -> Google Inc.)
Task: {AB1707CA-B9D6-4CC2-80DC-D4BAC12A99F6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {AE101B01-06C0-4235-90BE-86350A263F31} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {B06D27E3-7D2A-4C93-A42D-D9AEA49BD238} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B29E7BF2-F784-461E-8E51-E9B932CAEFD7} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B592B25B-2A7D-412D-81A6-CF1028E4BC72} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BFDE5ABC-FD46-4294-9FF0-4B1CB065A3EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF6E6289-558A-4089-9E69-7531A3D5CB18} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D8F36848-463F-4556-BED9-86C69020E71B} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-06-14] (Intel® Trusted Connect Service -> Intel® Corporation)
Task: {E0DEE545-20F7-40DE-9A97-44CCDD7D1400} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {E9DE3553-B392-4D41-A0FA-CA3AF67B0E60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-06] (Google Inc -> Google Inc.)
Task: {EE639C2E-FAE1-4640-8F4B-543D2292F390} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F55CDAA6-4823-4BC8-A21F-D4946602CA32} - System32\Tasks\Shutdown Timer => C:\Windows\System32\shutdown.exe [28160 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-884149921-2065793029-3257327610-1001.job => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-884149921-2065793029-3257327610-1001.job => C:\Users\adi\AppData\Local\GoToMeeting\19598\g2mupload.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-884149921-2065793029-3257327610-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3fe6f436-7650-4b16-a0aa-f6030e351046}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{dcc70bb8-6a97-4d78-adf8-9fc27e189e96}: [DhcpNameServer] 192.168.0.1
 
Edge: 
=======
Edge Profile: C:\Users\adi\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-18]
 
FireFox:
========
FF DefaultProfile: kijmnzo9.default
FF ProfilePath: C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release [2021-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release\Extensions\[email protected] [2021-05-06]
FF Extension: (LastPass: Free Password Manager) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release\Extensions\[email protected] [2021-05-06]
FF Extension: (uBlock Origin) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\28zhrulg.default-release\Extensions\[email protected] [2021-05-06]
FF ProfilePath: C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\kijmnzo9.default [2021-05-16]
FF Session Restore: Mozilla\Firefox\Profiles\kijmnzo9.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\kijmnzo9.default -> hxxps://exodusmovement.slack.com; hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://voice.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\kijmnzo9.default\Extensions\[email protected] [2020-01-10]
FF Extension: (LastPass: Free Password Manager) - C:\Users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\kijmnzo9.default\Extensions\[email protected] [2020-03-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-01-05] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-12] (Adobe Inc. -> Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-12-08] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2018-01-05] (LastPass (Marvasol Inc) -> LastPass)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-12] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) [File not signed]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default [2021-05-18]
CHR Notifications: Default -> hxxps://helpx.adobe.com; hxxps://voice.google.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Extension: (Google Translate) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-19]
CHR Extension: (Slides) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-05]
CHR Extension: (YouTube) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-06]
CHR Extension: (Honey) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-05-13]
CHR Extension: (Advanced Font Settings) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2016-10-14]
CHR Extension: (Google News) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2019-11-12]
CHR Extension: (Google Keep) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eilembjdkfgodjkcjnpgpaenohkicgjd [2021-02-21]
CHR Extension: (Google Calendar) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-06]
CHR Extension: (GoFullPage - Full Page Screen Capture) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2021-03-20]
CHR Extension: (Sheets) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-16]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-05-02]
CHR Extension: (Google Photos) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-10-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-05-06]
CHR Extension: (feedly) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2017-08-15]
CHR Extension: (Window Resizer) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2020-03-29]
CHR Extension: (Google Maps) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-10-14]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-05-14]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2020-07-04]
CHR Extension: (Google Hangouts) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2020-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR Extension: (Password Checkup extension) - C:\Users\adi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pncabnpcffmalkkjpajodfhijclecjno [2020-09-13]
CHR Profile: C:\Users\adi\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-05-16]
CHR Profile: C:\Users\adi\AppData\Local\Google\Chrome\User Data\System Profile [2021-05-16]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-12] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-13] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44272 2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel® Software Development Products -> )
S2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-11-15] (Foxit Software Incorporated -> Foxit Software Inc.)
S2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-10-11] (GoPro, Inc. -> )
S2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [256480 2015-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [399296 2019-11-28] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
R2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [18832256 2021-02-18] (Native Instruments GmbH -> Native Instruments GmbH)
S2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [277688 2021-03-31] (TEFINCOM S.A. -> TEFINCOM S.A.)
S4 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [30208 2016-08-09] (CLEVO CO.) [File not signed]
R2 Red Giant Service; C:\Program Files\Red Giant\Services\Red Giant Service.exe [5976136 2020-02-06] (Red Giant   LLC -> Red Giant LLC)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] (Intel® Software Development Products -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12054872 2019-10-10] (TeamViewer GmbH -> TeamViewer GmbH)
S2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] (Intel® Software Development Products -> )
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [5848656 2017-05-19] (RealVNC Ltd -> RealVNC Ltd)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys [33496 2015-07-17] (Insyde Software Corp. -> Insyde Corporation)
R3 ALSysIO; C:\Users\adi\AppData\Local\Temp\ALSysIO64.sys [47240 2021-05-17] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 Focusriteusb; C:\WINDOWS\System32\drivers\Focusriteusb.sys [123456 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R3 FocusriteusbSwRoot; C:\WINDOWS\System32\drivers\FocusriteusbSwRoot.sys [92568 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
S3 Focusriteusb_AUDIO; C:\WINDOWS\system32\drivers\FocusriteusbAudio.sys [87912 2020-06-02] (WDKTestCert builds,132265248139626354 -> Focusrite Audio Engineering Ltd.)
R0 FPWinIo; C:\WINDOWS\System32\drivers\FPWinIo.sys [23536 2014-10-07] (EGIS TECHNOLOGY INC. -> Egis Technology Inc.)
R3 HKKbdFltr; C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys [51400 2015-11-26] (Insyde Software Corp. -> Insyde Software Corp.)
R3 HKMouFltr; C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys [48344 2015-11-26] (Insyde Software Corp. -> Insyde Software Corp.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-04-27] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-16] (Malwarebytes Inc -> Malwarebytes)
R3 MOTUCoreUAC; C:\WINDOWS\System32\Drivers\MOTUCoreUAC.sys [131096 2021-03-26] (Mark of the Unicorn, Inc -> MOTU, Inc)
R3 MpKsl6b252a32; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA3501F6-B8CE-4DFE-9D9F-DFE6AAAD2F99}\MpKslDrv.sys [107744 2021-05-18] (Microsoft Windows -> Microsoft Corporation)
S3 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-02-01] (TEFINCOM S.A. -> )
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-10-24] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-07-10] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Savitech Corp. -> Windows ® Win 7 DDK provider)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2017-05-13] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45048 2017-04-25] (ExprsVPN LLC -> The OpenVPN Project)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-06-13] (TEFINCOM S.A. -> The OpenVPN Project)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-06-30] (Shrew Soft Inc) [File not signed]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-11-19] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation)
S4 vnet; \SystemRoot\System32\drivers\virtualnet.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-18 12:36 - 2021-05-18 12:35 - 000976013 _____ C:\Users\adi\Desktop\tdcisony-ABBYYFineReader-180521-1135-76.pdf
2021-05-18 09:32 - 2021-05-18 09:32 - 000000000 ____D C:\Users\adi\Desktop\FRST-OlderVersion
2021-05-18 09:29 - 2021-05-18 09:29 - 000003850 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2021-05-18 09:29 - 2021-05-18 09:29 - 000003408 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2021-05-18 09:29 - 2021-05-18 09:29 - 000001276 _____ C:\Users\adi\Desktop\eset.txt
2021-05-17 15:43 - 2021-05-17 15:43 - 000000418 _____ C:\Users\adi\Desktop\sgf-newyork.txt
2021-05-17 14:51 - 2021-05-17 14:51 - 000000000 ____D C:\Users\adi\Desktop\2 files from SDi_05-17-2021 12.35.50 pm
2021-05-17 14:04 - 2021-05-17 14:05 - 000000000 ____D C:\Users\adi\AppData\Roaming\RingCentralMeetings
2021-05-17 14:04 - 2021-05-17 14:04 - 000002240 _____ C:\Users\adi\Desktop\RingCentral Meetings.lnk
2021-05-17 14:04 - 2021-05-17 14:04 - 000000000 ____D C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RingCentral Meetings
2021-05-17 13:14 - 2021-05-17 20:41 - 000001429 _____ C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-05-17 13:14 - 2021-05-17 20:41 - 000001323 _____ C:\Users\adi\Desktop\ESET Online Scanner.lnk
2021-05-17 13:14 - 2021-05-17 13:14 - 000000000 ____D C:\Users\adi\AppData\Local\ESET
2021-05-17 12:53 - 2021-05-17 12:53 - 011697056 _____ (ESET) C:\Users\adi\Desktop\esetonlinescanner.exe
2021-05-17 11:21 - 2021-05-17 12:02 - 000000000 ____D C:\AdwCleaner
2021-05-17 11:20 - 2021-05-17 11:20 - 008534696 _____ (Malwarebytes) C:\Users\adi\Desktop\AdwCleaner.exe
2021-05-16 15:20 - 2021-05-16 16:06 - 000013146 _____ C:\Users\adi\Desktop\Fixlog.txt
2021-05-16 11:25 - 2021-05-18 17:11 - 000040375 _____ C:\Users\adi\Desktop\FRST.txt
2021-05-16 11:24 - 2021-05-18 17:10 - 000000000 ____D C:\FRST
2021-05-16 11:16 - 2021-05-18 09:32 - 002299392 _____ (Farbar) C:\Users\adi\Desktop\FRST64.exe
2021-05-16 09:45 - 2021-05-16 09:45 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-15 21:43 - 2021-05-15 21:43 - 000001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2021-05-15 21:43 - 2021-05-15 21:43 - 000000000 ____D C:\Users\adi\AppData\Roaming\MusicBrainz
2021-05-15 21:43 - 2021-05-15 21:43 - 000000000 ____D C:\Users\adi\AppData\Local\MusicBrainz
2021-05-15 21:43 - 2021-05-15 21:43 - 000000000 ____D C:\Program Files\MusicBrainz Picard
2021-05-15 19:09 - 2021-05-15 19:09 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2021.lnk
2021-05-13 19:53 - 2021-05-13 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-05-13 13:31 - 2021-05-13 13:31 - 000000341 _____ C:\Users\adi\Desktop\FORMEETING.txt
2021-05-13 10:01 - 2021-05-13 10:01 - 001445813 _____ C:\Users\adi\Desktop\f4868 Adar p1.pdf
2021-05-12 17:46 - 2021-05-12 17:46 - 001453372 _____ C:\Users\adi\Desktop\f4868 2020 p1.pdf
2021-05-12 09:12 - 2021-05-12 09:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-12 09:12 - 2021-05-12 09:12 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-12 09:12 - 2021-05-12 09:12 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-12 09:12 - 2021-05-12 09:12 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-12 09:12 - 2021-05-12 09:12 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-12 09:12 - 2021-05-12 09:12 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-12 09:12 - 2021-05-12 09:12 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-12 09:12 - 2021-05-12 09:12 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-12 09:12 - 2021-05-12 09:12 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-12 09:12 - 2021-05-12 09:12 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-12 09:12 - 2021-05-12 09:12 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-12 09:12 - 2021-05-12 09:12 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-12 09:04 - 2021-05-12 09:04 - 000001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2021.lnk
2021-05-12 09:01 - 2021-05-12 09:01 - 000001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 2021.lnk
2021-05-12 08:59 - 2021-05-12 08:59 - 000001257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects 2021.lnk
2021-05-12 08:55 - 2021-05-12 08:55 - 000001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2021.lnk
2021-05-11 17:25 - 2021-05-11 17:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-05-11 17:25 - 2021-05-11 17:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-05-11 17:25 - 2021-05-11 17:25 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-05-11 17:25 - 2021-05-11 17:25 - 000044272 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-05-08 23:01 - 2021-05-08 23:01 - 001276184 _____ C:\Users\adi\Desktop\screencapture-myaccount-uscis-gov-users-questions-2021-05-08-23_01_06.pdf
2021-05-08 16:02 - 2021-05-08 16:02 - 000001070 _____ C:\Users\Public\Desktop\Kontakt.lnk
2021-05-08 16:02 - 2021-05-08 16:02 - 000001070 _____ C:\ProgramData\Desktop\Kontakt.lnk
2021-05-08 16:02 - 2021-05-08 16:02 - 000000000 __HDC C:\ProgramData\{A71EF853-314A-46F6-BBED-73149F3D8B43}
2021-05-08 15:56 - 2021-05-08 15:56 - 000001164 _____ C:\Users\Public\Desktop\Komplete Kontrol.lnk
2021-05-08 15:56 - 2021-05-08 15:56 - 000001164 _____ C:\ProgramData\Desktop\Komplete Kontrol.lnk
2021-05-08 15:56 - 2021-05-08 15:56 - 000000000 __HDC C:\ProgramData\{411E17DB-5B57-4F1D-A50B-C624FDD55C04}
2021-05-08 15:55 - 2021-05-08 15:55 - 000000000 __HDC C:\ProgramData\{8BA2904A-CDA7-4C5D-930F-08C47D4AE2E1}
2021-05-08 15:55 - 2021-05-08 15:55 - 000000000 __HDC C:\ProgramData\{6945C421-BC7D-4621-AED5-084E11AE3726}
2021-05-08 15:55 - 2021-05-08 15:55 - 000000000 ____D C:\Program Files\Common Files\Steinberg
2021-05-08 15:54 - 2021-05-08 15:54 - 000001174 _____ C:\Users\Public\Desktop\Controller Editor.lnk
2021-05-08 15:54 - 2021-05-08 15:54 - 000001174 _____ C:\ProgramData\Desktop\Controller Editor.lnk
2021-05-08 15:54 - 2021-05-08 15:54 - 000000000 __HDC C:\ProgramData\{4938857D-54DB-4BDA-8E99-5E6238E20FC7}
2021-05-08 15:47 - 2021-05-08 15:47 - 000000000 __HDC C:\ProgramData\{8C4FEDD5-1BF9-48A8-82A5-765D1975BF67}
2021-05-08 15:46 - 2021-05-08 15:46 - 000000000 ____D C:\Users\Public\Documents\Expansions Selection
2021-05-08 15:46 - 2021-05-08 15:46 - 000000000 ____D C:\ProgramData\Documents\Expansions Selection
2021-05-08 15:44 - 2021-05-08 15:44 - 000000000 __HDC C:\ProgramData\{99B72EA3-D9F9-4199-AC97-D3EACEFBB031}
2021-05-08 15:44 - 2021-05-08 15:44 - 000000000 ____D C:\Users\Public\Documents\Blocks Base
2021-05-08 15:44 - 2021-05-08 15:44 - 000000000 ____D C:\ProgramData\Documents\Blocks Base
2021-05-08 15:24 - 2021-05-08 16:47 - 000000000 ____D C:\Users\adi\AppData\Roaming\com.spitfireaudio
2021-05-08 15:04 - 2021-05-08 15:04 - 000001134 _____ C:\Users\Public\Desktop\Native Access.lnk
2021-05-08 15:04 - 2021-05-08 15:04 - 000001134 _____ C:\ProgramData\Desktop\Native Access.lnk
2021-05-08 15:04 - 2021-05-08 15:04 - 000000000 __HDC C:\ProgramData\{D651086F-B9C2-4015-B429-A08BA3A77606}
2021-05-08 14:57 - 2021-05-08 14:57 - 000000000 ____D C:\Users\adi\Desktop\Ivy_Audio-Carpenter_Trombone
2021-05-08 14:06 - 2021-05-08 14:06 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-05-07 22:01 - 2021-05-07 22:01 - 000000000 ____D C:\Users\adi\AppData\Roaming\Spitfire Audio
2021-05-07 22:01 - 2021-05-07 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spitfire Audio
2021-05-07 22:01 - 2021-05-07 22:01 - 000000000 ____D C:\Program Files (x86)\Spitfire Audio
2021-05-07 22:00 - 2021-05-07 22:00 - 004396664 _____ (Spitfire Audio Holdings Ltd ) C:\Users\adi\Desktop\SpitfireAudioWinSetup-3.2.20.exe
2021-05-07 21:33 - 2021-05-16 19:51 - 000000000 ____D C:\Users\adi\AppData\Roaming\vital
2021-05-07 21:29 - 2021-05-07 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vital
2021-05-07 21:28 - 2021-05-07 21:29 - 000000000 ____D C:\Program Files\Vital
2021-05-07 21:27 - 2021-05-07 21:27 - 028132768 _____ ( ) C:\Users\adi\Desktop\VitalInstaller.exe
2021-05-07 10:05 - 2021-05-08 16:52 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-05 16:27 - 2021-05-05 16:27 - 000187980 _____ C:\Users\adi\Desktop\REFNUM_C1011791d21ef067137b54b2de.pdf
2021-05-02 22:26 - 2021-05-02 22:26 - 000000000 ____D C:\Users\adi\AppData\Local\BandLab_Singapore_Pte_Ltd
2021-04-30 22:23 - 2021-04-30 22:23 - 000000000 ____D C:\Users\adi\Documents\Reaper-Actions
2021-04-30 19:56 - 2021-04-30 19:56 - 000000000 ____D C:\Users\adi\Downloads\Cakewalk
2021-04-30 08:41 - 2021-04-30 08:41 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk
2021-04-27 23:40 - 2021-05-08 00:07 - 000000809 _____ C:\Users\adi\Desktop\vst-plugins-good.txt
2021-04-27 09:14 - 2021-04-27 09:14 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-04-26 09:28 - 2021-04-26 09:28 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71adf2fb9e6ed
2021-04-22 19:00 - 2021-04-22 19:00 - 000000000 ____D C:\Users\adi\Downloads\Toni Erdmann 2016 720p [FOXM.TO]
2021-04-22 18:57 - 2021-04-22 18:57 - 000000000 ____D C:\Users\adi\Downloads\Distant.Voices.Still.Lives.1988.1080p.BluRay.H264.AAC-RARBG
2021-04-22 18:46 - 2021-04-22 18:46 - 000000000 ____D C:\Users\adi\Downloads\Eternity and a Day (Theo Angelopoulos 1998)
2021-04-21 19:23 - 2021-04-21 19:23 - 008799800 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw06.sys
2021-04-21 19:23 - 2021-04-21 19:23 - 001418808 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter06.dll
2021-04-21 18:52 - 2021-04-21 18:52 - 002632800 _____ C:\WINDOWS\system32\Drivers\Netwfw06.dat
2021-04-19 11:43 - 2021-04-19 11:43 - 000001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge 2021.lnk
2021-04-19 09:53 - 2021-05-12 08:49 - 000001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-18 16:52 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-18 16:42 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-18 16:42 - 2017-01-11 15:51 - 000000000 ____D C:\Program Files\ShrewSoft
2021-05-18 16:39 - 2017-01-11 15:54 - 000002260 ____H C:\Users\adi\Documents\Default.rdp
2021-05-18 14:11 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-05-18 12:43 - 2019-10-02 00:39 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-05-18 12:43 - 2019-10-02 00:39 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-05-18 12:25 - 2020-05-04 00:57 - 000000000 ____D C:\Users\adi\AppData\Roaming\vlc
2021-05-18 12:25 - 2016-09-29 14:45 - 000000000 ____D C:\ProgramData\NVIDIA
2021-05-18 09:28 - 2021-03-16 23:30 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-18 00:09 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-17 14:50 - 2021-03-16 23:43 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-17 14:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-17 12:25 - 2016-10-15 16:21 - 000000000 ____D C:\Users\adi\Documents\ShareX
2021-05-17 12:02 - 2021-03-30 12:23 - 000000000 ____D C:\Users\adi\AppData\Roaming\FontBase
2021-05-17 09:36 - 2016-10-14 21:35 - 000000000 ___RD C:\Users\adi\Creative Cloud Files
2021-05-17 09:35 - 2016-10-06 23:02 - 000000000 ___RD C:\Users\adi\OneDrive
2021-05-17 09:34 - 2021-03-16 23:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-17 09:34 - 2021-03-16 23:30 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-17 09:34 - 2017-08-20 10:27 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-05-17 09:34 - 2016-10-17 13:00 - 000000000 __SHD C:\Users\adi\IntelGraphicsProfiles
2021-05-16 16:13 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-16 15:36 - 2016-10-14 21:53 - 000000000 ____D C:\Users\adi\AppData\LocalLow\Temp
2021-05-16 15:21 - 2017-04-19 20:38 - 000277264 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2021-05-16 10:53 - 2017-03-17 23:59 - 000000000 ____D C:\Users\adi\AppData\Roaming\FreeFileSync
2021-05-16 10:06 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-15 23:03 - 2021-03-16 23:34 - 000000000 ____D C:\Users\adi
2021-05-15 21:43 - 2019-11-21 03:24 - 000000000 ____D C:\Users\adi\AppData\Local\cache
2021-05-15 19:03 - 2021-03-31 18:17 - 000000000 ____D C:\WINDOWS\Minidump
2021-05-15 19:02 - 2016-09-29 14:36 - 002433223 ____N C:\WINDOWS\Minidump\051521-12296-01.dmp
2021-05-14 14:11 - 2017-05-16 20:19 - 000000000 ____D C:\Users\adi\Desktop\_TDC
2021-05-14 08:51 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-14 08:41 - 2018-02-17 16:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-05-14 00:40 - 2021-03-16 23:30 - 005196264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-14 00:39 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-14 00:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-13 19:53 - 2016-10-13 23:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-05-13 19:34 - 2020-06-20 17:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-13 15:56 - 2020-03-17 15:49 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-05-13 10:01 - 2021-03-05 16:16 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-05-13 10:01 - 2021-03-05 16:16 - 000002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-05-12 19:01 - 2021-02-08 21:43 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-12 09:16 - 2019-12-07 05:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-12 09:16 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-12 09:04 - 2016-10-15 15:36 - 000000000 ____D C:\Program Files\Adobe
2021-05-12 09:02 - 2016-10-07 00:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 08:59 - 2016-10-17 22:35 - 000000000 ____D C:\Users\Public\Documents\Adobe
2021-05-12 08:59 - 2016-10-17 22:35 - 000000000 ____D C:\ProgramData\Documents\Adobe
2021-05-12 08:49 - 2016-10-15 15:36 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-05-12 08:49 - 2016-10-14 21:25 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-05-12 08:49 - 2016-10-07 00:00 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-10 19:02 - 2016-09-29 14:36 - 002292437 ____N C:\WINDOWS\Minidump\051021-8625-01.dmp
2021-05-09 20:16 - 2019-02-04 22:32 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-09 16:24 - 2018-12-12 22:56 - 000000000 ____D C:\_Portable Software
2021-05-09 16:22 - 2017-04-06 00:12 - 000000000 ____D C:\Users\adi\AppData\LocalLow\Mozilla
2021-05-08 16:52 - 2016-10-13 23:21 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-05-08 16:52 - 2016-10-13 23:21 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-05-08 16:52 - 2016-10-13 23:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-08 16:44 - 2016-10-14 21:35 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-05-08 15:59 - 2020-08-03 22:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2021-05-08 15:59 - 2020-08-03 22:17 - 000000000 ____D C:\Program Files\Native Instruments
2021-05-08 15:56 - 2020-08-03 22:18 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2021-05-08 15:03 - 2020-08-03 22:18 - 000000000 ____D C:\Users\adi\AppData\Roaming\Native Instruments
2021-05-08 15:03 - 2020-08-03 22:18 - 000000000 ____D C:\Users\adi\AppData\Local\Native Instruments
2021-05-08 14:06 - 2020-04-01 18:21 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-07 22:43 - 2018-01-21 22:26 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-05-07 08:05 - 2021-03-16 23:46 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-884149921-2065793029-3257327610-1001
2021-05-07 08:05 - 2021-03-16 23:34 - 000002410 _____ C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-06 20:20 - 2016-10-17 23:30 - 000000000 ____D C:\Users\adi\Desktop\_Output
2021-05-06 17:19 - 2016-10-06 23:00 - 000000000 ____D C:\Users\adi\AppData\Roaming\Adobe
2021-05-04 22:46 - 2021-03-16 23:46 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-05-04 22:46 - 2021-03-16 23:46 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-05-04 14:14 - 2020-02-06 22:56 - 000000081 _____ C:\Users\adi\AppData\Local\FILM_AE_LogFile.txt
2021-05-03 20:49 - 2018-01-21 22:34 - 000000000 ____D C:\Users\adi\AppData\Roaming\helm
2021-05-03 20:49 - 2016-10-17 23:22 - 000000000 ____D C:\Users\adi\AppData\Roaming\REAPER
2021-05-03 20:45 - 2016-10-17 23:22 - 000000876 _____ C:\Users\Public\Desktop\REAPER (x64).lnk
2021-05-03 20:45 - 2016-10-17 23:22 - 000000876 _____ C:\ProgramData\Desktop\REAPER (x64).lnk
2021-05-03 20:45 - 2016-10-17 23:22 - 000000000 ____D C:\Program Files\REAPER (x64)
2021-05-03 00:27 - 2021-03-17 09:20 - 000000000 ____D C:\Users\adi\AppData\Roaming\bandlab-assistant
2021-05-02 22:27 - 2021-03-17 09:20 - 000002480 _____ C:\Users\adi\Desktop\BandLab Assistant.lnk
2021-05-02 22:27 - 2021-03-17 09:20 - 000000000 ____D C:\Users\adi\Documents\BandLab
2021-05-02 22:26 - 2021-03-17 09:20 - 000000000 ____D C:\Users\adi\AppData\Local\bandlab-assistant-updater
2021-05-01 15:38 - 2020-09-23 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordSec
2021-05-01 15:38 - 2020-07-14 21:28 - 000001805 _____ C:\Users\adi\Desktop\NordVPN.lnk
2021-05-01 15:38 - 2020-07-14 21:28 - 000000000 ____D C:\ProgramData\NordVPN
2021-05-01 15:38 - 2020-07-14 21:28 - 000000000 ____D C:\Program Files\NordVPN
2021-05-01 15:38 - 2020-02-04 20:46 - 000000000 ____D C:\Users\adi\AppData\Local\NordVPN
2021-05-01 15:33 - 2016-12-30 22:32 - 000001176 _____ C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2021-04-30 20:49 - 2018-01-17 00:00 - 000000633 _____ C:\Users\adi\Documents\mtpdk.mid
2021-04-30 19:57 - 2021-03-17 20:46 - 000001924 _____ C:\Users\Public\Desktop\Cakewalk by BandLab.lnk
2021-04-30 19:57 - 2021-03-17 20:46 - 000001924 _____ C:\ProgramData\Desktop\Cakewalk by BandLab.lnk
2021-04-30 16:59 - 2020-04-22 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-04-29 23:46 - 2017-01-20 13:58 - 000000000 ____D C:\Users\adi\AppData\Roaming\tixati
2021-04-29 19:51 - 2020-05-05 18:34 - 000000000 ____D C:\Users\adi\Downloads\_tixati-download-in-progress-folder
2021-04-26 20:18 - 2016-10-14 22:05 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-04-26 10:25 - 2018-01-05 19:25 - 000000000 ____D C:\Users\adi\AppData\LocalLow\LastPass
2021-04-26 09:28 - 2021-03-16 23:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-21 21:55 - 2016-10-19 15:14 - 000001456 _____ C:\Users\adi\AppData\Local\Adobe Save for Web 13.0 Prefs
2021-04-20 15:52 - 2021-03-16 23:46 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 15:52 - 2021-03-16 23:46 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-18 16:12 - 2020-07-05 15:12 - 000001157 _____ C:\Users\adi\Desktop\MusicBee.exe - Shortcut.lnk
2021-04-18 10:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories ========
 
2016-10-15 14:26 - 2019-03-09 16:02 - 000000033 _____ () C:\Users\adi\AppData\Roaming\AdobeWLCMCache.dat
2019-08-07 20:45 - 2019-08-11 22:51 - 000000028 _____ () C:\Users\adi\AppData\Roaming\kulerdata.json
2020-12-24 23:24 - 2020-12-24 23:24 - 000001315 _____ () C:\Users\adi\AppData\Roaming\Roaming - Shortcut.lnk
2018-11-13 15:47 - 2020-04-28 10:10 - 000000600 _____ () C:\Users\adi\AppData\Roaming\winscp.rnd
2016-10-19 15:14 - 2021-04-21 21:55 - 000001456 _____ () C:\Users\adi\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-04-12 20:52 - 2017-05-25 23:08 - 000000058 _____ () C:\Users\adi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-09-08 20:53 - 2017-09-08 20:53 - 000000063 _____ () C:\Users\adi\AppData\Local\emaildefaults
2020-02-06 22:56 - 2021-05-04 14:14 - 000000081 _____ () C:\Users\adi\AppData\Local\FILM_AE_LogFile.txt
2017-09-13 20:35 - 2017-09-13 20:35 - 000000039 _____ () C:\Users\adi\AppData\Local\kritadisplayrc
2017-09-08 20:53 - 2017-09-13 20:35 - 000015739 _____ () C:\Users\adi\AppData\Local\kritarc
2018-09-26 09:19 - 2018-09-26 09:19 - 000000000 _____ () C:\Users\adi\AppData\Local\oobelibMkey.log
2016-11-10 15:57 - 2020-09-29 13:10 - 000000600 _____ () C:\Users\adi\AppData\Local\PUTTY.RND
2017-01-15 13:05 - 2020-07-07 21:10 - 000007610 _____ () C:\Users\adi\AppData\Local\Resmon.ResmonCfg
2016-10-15 16:35 - 2016-10-15 16:35 - 000000003 _____ () C:\Users\adi\AppData\Local\updater.log
2016-10-15 16:35 - 2016-10-15 16:39 - 000000059 _____ () C:\Users\adi\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2021
Ran by adi (18-05-2021 17:12:31)
Running from C:\Users\adi\Desktop
Windows 10 Home Version 20H2 19042.985 (X64) (2021-03-17 03:46:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
adi (S-1-5-21-884149921-2065793029-3257327610-1001 - Administrator - Enabled) => C:\Users\adi
Administrator (S-1-5-21-884149921-2065793029-3257327610-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-884149921-2065793029-3257327610-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-884149921-2065793029-3257327610-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-884149921-2065793029-3257327610-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-884149921-2065793029-3257327610-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
4K Video Downloader 4.12 (HKLM-x32\...\{36DCC913-017B-43A0-85C2-9805270E38BB}) (Version: 4.12.1.3580 - Open Media LLC)
4K YouTube to MP3 (HKLM\...\{0937BD02-434D-49A9-B469-E1DD08337A07}) (Version: 4.0.0.4230 - Open Media LLC)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ActivePresenter (HKLM\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 8.0.6 - Atomi Systems, Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_7) (Version: 17.7 - Adobe Inc.)
Adobe After Effects 2021 (HKLM-x32\...\AEFT_18_2) (Version: 18.2 - Adobe Inc.)
Adobe Animate 2020 (HKLM-x32\...\FLPR_20_5) (Version: 20.5 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_13) (Version: 13.0.13 - Adobe Inc.)
Adobe Audition 2021 (HKLM-x32\...\AUDT_14_2) (Version: 14.2 - Adobe Inc.)
Adobe Bridge 2021 (HKLM-x32\...\KBRG_11_0_2) (Version: 11.0.2 - Adobe Inc.)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_6) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.10 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_2_3) (Version: 25.2.3 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_1) (Version: 16.1 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_10_2) (Version: 10.2 - Adobe Inc.)
Adobe Media Encoder 2021 (HKLM-x32\...\AME_15_2) (Version: 15.2 - Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_4) (Version: 22.4.0.195 - Adobe Inc.)
Adobe Premiere Pro 2019 (HKLM-x32\...\PPRO_13_1_5) (Version: 13.1.5 - Adobe Systems Incorporated)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_9) (Version: 14.9 - Adobe Inc.)
Adobe Premiere Pro 2021 (HKLM-x32\...\PPRO_15_2) (Version: 15.2 - Adobe Inc.)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_1_2) (Version: 12.1.2 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Ample Guitar LP version 3.1.0 (HKLM-x32\...\{057CB0CA-C238-4488-87F9-8F9EFC8B8CF9}_is1) (Version: 3.1.0 - Ample Sound Technology Co., Ltd.)
Ample Guitar M Lite II version 2.0.2 (HKLM-x32\...\{548F88E8-79D2-441F-B87B-E71754257651}_is1) (Version: 2.0.2 - Ample Sound Technology Co., Ltd.)
Apowersoft Online Launcher version 1.8.0 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.0 - APOWERSOFT LIMITED)
Atom (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\atom) (Version: 1.54.0 - GitHub Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 7.0.17.0 - Auslogics Labs Pty Ltd)
BandLab Assistant 7.0.0 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 7.0.0 - BandLab Technologies)
Blender (HKLM\...\{6B32721F-EA02-40BB-B781-92404BA3485C}) (Version: 2.79.1 - Blender Foundation)
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version:  - Bome Software GmbH & Co. KG)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 27.01.0.098 - BandLab Singapore Pte Ltd.)
Cakewalk Drum Replacer (HKLM\...\Cakewalk Drum Replacer_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Cakewalk Theme Editor (HKLM\...\Cakewalk Theme Editor_is1) (Version: 1.2.0.14 - BandLab Singapore Pte Ltd.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.10.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.2.0 - Canon Inc.)
Canon TS6300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6300_series) (Version: 1.01 - Canon Inc.)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{BC32F933-5365-43A8-8174-D469249D5A90}) (Version: 4.9.04053 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.04053 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{39CCD15F-6D82-4D13-8495-69B7C501B6B5}) (Version: 4.9.04053 - Cisco Systems, Inc.) Hidden
Control Center 5.0001.0.81 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0001.0.81 - )
Core Temp 1.17 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17 - ALCPU)
Data Lifeguard Diagnostic version 1.36 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dexed version 0.9.4 (HKLM\...\Dexed_is1) (Version: 0.9.4 - Digital Suburban)
Dropbox (HKLM-x32\...\Dropbox) (Version: 122.4.4867 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.)
Exodus (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\exodus) (Version: 21.4.12 - Exodus Movement Inc)
Fidelity Active Trader Pro® (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\a36ba76f6187edff) (Version: 10.7.123.0 - Fidelity Investments)
FileZilla Client 3.45.1 (HKLM-x32\...\FileZilla Client) (Version: 3.45.1 - Tim Kosse)
Fingerprint Driver (HKLM-x32\...\{E8C889B8-0A8B-46BA-B433-F7D6968A6543}) (Version: 3.5.1.0 - Egis Technology Inc.) Hidden
Focusrite Usb 4.65.5.658 (HKLM\...\Focusrite Usb_is1) (Version: 4.65.5.658 - Focusrite Audio Engineering, Ltd.)
FontBase 2.15.3 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\ffc1e284-e25b-515d-b453-93eb9fe955eb) (Version: 2.15.3 - Dominik Levitsky Studio, LLC)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.4.1208 - Foxit Software Inc.)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
FreeFileSync 11.6 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.6 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
GoPro Studio (HKLM-x32\...\{7BDB9575-D4C8-42B0-84EA-1CD654F63637}) (Version: 5.10.4320 - GoPro, Inc.) Hidden
GoTo Opener (HKLM-x32\...\{2C183CF0-3077-43D0-B001-F93AC5E68942}) (Version: 1.0.487 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
Grace 64bit 1.0.4.9 (HKLM\...\Grace_is1) (Version:  - One Small Clue)
Grace Factory Content 1.0 (HKLM-x32\...\Grace Factory Content_is1) (Version:  - One Small Clue)
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
hdAlbum EZ (HKLM-x32\...\{014BBF3C-D9C4-4FD0-857D-E7DDC95263C0}) (Version: 1.7.1.6 - Canon Inc.)
Helm (HKLM\...\{971514BD-7CC3-414F-9258-B79E6D53EC46}) (Version: 0.9.0.0 - Matt Tytel)
HP Universal Fax Driver (HKLM\...\{C2B45120-48BB-41FC-A1A7-4FF24DA5CDA3}) (Version: 2.0.100.0 - HP Inc.)
InqScribe 2.2.4.262 (HKLM-x32\...\InqScribe_is1) (Version:  - Inquirium, LLC)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.3 - Insyde Corporation)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6373 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
iZotope RX 7 Audio Editor (HKLM\...\RX 7 Audio Editor_is1) (Version: 7.0.1 - iZotope)
Krita (x64) 3.2.1.0 (HKLM\...\Krita_x64) (Version: 3.2.1.0 - Krita Foundation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LibreOffice 6.3.4.2 (HKLM\...\{191F4D69-B671-4163-BB01-901B89A20D04}) (Version: 6.3.4.2 - The Document Foundation)
Magic Bullet Suite (HKLM\...\Magic Bullet Suite v13.0.15) (Version:  - Red Giant LLC)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Maxon Cinema 4D 22 (HKLM\...\Maxon Cinema 4D S22) (Version: S22 - Maxon)
Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon)
MediaInfo 21.03 (HKLM\...\MediaInfo) (Version: 21.03 - MediaArea.net)
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.01.0111 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.62 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\OneDriveSetup.exe) (Version: 21.073.0411.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1109.411 - Microsoft Corporation)
MOTU M Series (HKLM\...\com_motu_installer_core_uac_is1) (Version: 4.0.8.8030 - MOTU, Inc.)
Mozilla Firefox 88.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0.1 (x64 en-US)) (Version: 88.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla)
Mullvad (HKLM-x32\...\Product) (Version:  - )
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 2.6.2 - MusicBrainz)
Native Instruments Blocks Base (HKLM-x32\...\Native Instruments Blocks Base) (Version: 1.0.1.1 - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.2.547 - Native Instruments)
Native Instruments Expansions Selection (HKLM-x32\...\Native Instruments Expansions Selection) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Kinetic Treats (HKLM-x32\...\Native Instruments Kinetic Treats) (Version: 1.1.0.4 - Native Instruments)
Native Instruments Komplete Kontrol (HKLM-x32\...\Native Instruments Komplete Kontrol) (Version: 2.6.0.198 - Native Instruments)
Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version:  - Native Instruments)
Native Instruments Komplete Kontrol MK2 Driver (HKLM-x32\...\Native Instruments Komplete Kontrol MK2 Driver) (Version:  - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.5.3.125 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.2.1 - Native Instruments)
Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: 1.1.0.14 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.3.136 - Native Instruments)
Native Instruments NIHostIntegrationAgent (HKLM-x32\...\Native Instruments NIHostIntegrationAgent) (Version: 1.10.2.5 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.1.0.96 - Native Instruments)
Native Instruments Play Series Selection (HKLM-x32\...\Native Instruments Play Series Selection) (Version: 1.0.0.6 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.4.0.2 - Native Instruments)
Native Instruments Reaktor Factory Selection R2 (HKLM-x32\...\Native Instruments Reaktor Factory Selection R2) (Version: 1.0.1.7 - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.3.1.45 - Native Instruments)
Native Instruments Traktor DJ 2 (HKLM-x32\...\Native Instruments Traktor DJ 2) (Version: 2.4.1.478 - Native Instruments)
Native Instruments TRK-01 Bass (HKLM-x32\...\Native Instruments TRK-01 Bass) (Version: 1.0.0.10 - Native Instruments)
Neat Video v5.1.9 Home plug-in (Second Revision) for Premiere (HKLM\...\Neat Video v5 (SR) for Premiere_is1) (Version:  - Neat Video team, ABSoft)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.36.6.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{BD0E4F38-D3F6-452D-A32E-B14D721839AC}) (Version: 1.0.1 - NordVPN)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.9.1 - Notepad++ Team)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Printer Registration (HKLM-x32\...\Canon EISRegistration) (Version: 1.6.0 - Canon Inc.)
PyScripter 3.6.4 (x64) (HKLM\...\PyScripter_is1) (Version: 3.6.4 - PyScripter)
Python 3.9.1 (64-bit) (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\{b2be55ad-3177-42aa-a6c2-53004684e4ea}) (Version: 3.9.1150.0 - Python Software Foundation)
Python 3.9.1 Add to Path (64-bit) (HKLM\...\{5AD5ED9C-14D1-4CFA-B4B1-A02CE8916D9F}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Core Interpreter (64-bit) (HKLM\...\{1C00F581-D5BF-491E-B1BB-72AA3A2250E5}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Development Libraries (64-bit) (HKLM\...\{27AD952D-DD9D-4AAC-B486-8AA601BFA064}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Documentation (64-bit) (HKLM\...\{5CB3AEED-BB03-47E2-BFF1-0CA58C236895}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Executables (64-bit) (HKLM\...\{71A9F41D-A865-46D4-A650-B210150DEF2A}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 pip Bootstrap (64-bit) (HKLM\...\{EF2B9385-6453-4702-9584-21BA8288D157}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Standard Library (64-bit) (HKLM\...\{5DD5C023-790B-4F1B-9B1B-8D1BC48F3057}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Tcl/Tk Support (64-bit) (HKLM\...\{414B5372-24FD-4302-8090-B9CE5564A6DD}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Test Suite (64-bit) (HKLM\...\{A7EC4DEB-8ABD-471D-BB5B-E579EBC9B043}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python 3.9.1 Utility Scripts (64-bit) (HKLM\...\{47A9647A-A576-4751-9C37-D32EB70285A3}) (Version: 3.9.1150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{FFC95928-6A14-4FB3-8D73-7A62382F66AC}) (Version: 3.9.7280.0 - Python Software Foundation)
Quik (HKLM\...\{6249867C-ACE2-4400-AD50-4D6945A8EA8A}) (Version: 0.1.4320 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{0d91b40f-e179-491c-a726-cd71dc297e8a}) (Version: 2.0.0.4320 - GoPro, Inc.)
RE:Flex v5 for After Effects (HKLM\...\RE:Flex v5 for After Effects 5.3.1) (Version: 5.3.1 - RE:Vision Effects)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21291 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8172 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 6.6.0.0 - den4b Team)
RingCentral Meetings (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\RingCentralMeetings) (Version: 21.1 - Zoom Video Communications, Inc. and RingCentral Inc.)
Samsung Portable SSD Software (HKLM-x32\...\SamsungPortableSSD_is1) (Version: 1.5.0.13 - Samsung Electronics)
SecureW2 Enterprise Client 3.5.17 (HKLM-x32\...\SecureW2 Enterprise Client) (Version:  - )
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.4.0 - ShareX Team)
Signal 1.40.0 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.40.0 - Open Whisper Systems)
Sinnah 1.1.0 (HKLM-x32\...\NUSofting Sinnah VST Synthesizer_is1) (Version: 1.1.0 - NUSofting)
Skype version 8.71 (HKLM-x32\...\Skype_is1) (Version: 8.71 - Skype Technologies S.A.)
Sound Blaster X-Fi MB5 (HKLM-x32\...\{918A4598-866C-4B8F-8901-13F8593EBED6}) (Version: 1.00.18 - Creative Technology Limited)
Spitfire Audio (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.2.20 - Spitfire Audio Holdings Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.121 - Synaptics Incorporated)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.7.1965 - TeamViewer)
Thonny 3.2.7 (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\Thonny_is1) (Version: 3.2.7 - Aivar Annamaa)
Tixati (HKLM-x32\...\tixati) (Version:  - )
TreeSize Free V4.4.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.4.1 - JAM Software)
Twixtor v7 for After Effects and Premiere Pro (HKLM\...\Twixtor v7 for After Effects and Premiere Pro 7.1.1) (Version: 7.1.1 - RE:Vision Effects)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VFW_Codec32 (HKLM-x32\...\{FCA86F94-8BCA-491D-AFF9-90921796FCD8}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{341735D3-32CF-41BC-8C9B-FDE3975452DB}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Virtual Creations Ultra Phazer version 1.4 (HKLM-x32\...\{3E0D82E0-94B1-47C7-ABEC-D3B5252A45DA}_is1) (Version: 1.4 - Virtual Creations)
Visual Studio Community 2017 (HKLM-x32\...\2fd452a2) (Version: 15.9.28307.1216 - Microsoft Corporation)
Vital version 1.0.8 (HKLM\...\Vital_is1) (Version: 1.0.8 - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VNC Server 6.1.1 (HKLM\...\{BF68FC97-1CBA-49D5-88EB-3E0CDC3D379D}) (Version: 6.1.1.28093 - RealVNC Ltd)
VNC Viewer 6.1.1 (HKLM\...\{1B14F26D-AAC9-4781-A468-5DFD5DF5FF91}) (Version: 6.1.1.28093 - RealVNC Ltd)
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.8  - Winamp SA)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
WinSCP 5.13.4 (HKLM-x32\...\winscp3_is1) (Version: 5.13.4 - Martin Prikryl)
Zoom (HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)
 
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated)
Adobe XD -> C:\Program Files\WindowsApps\Adobe.CC.XD_34.1.12.9_x64__adky2gkssdxte [2020-10-26] (Adobe Systems Incorporated)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.193.200.0_x86__kgqvnymyfvs32 [2021-05-13] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-08] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5060.0_x64__8wekyb3d8bbwe [2021-05-10] (Microsoft Studios) [MS Ad]
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-20] (Pandora Media Inc) [Startup Task]
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.1520.0_x64__qbz5n2kfra8p0 [2021-05-05] (Python Software Foundation)
Stop Motion Studio Pro -> C:\Program Files\WindowsApps\Cateater.StopMotionStudioPro_3.1.8743.0_x64__eyzsqz3m42c14 [2021-04-10] (Cateater)
ToastWallet -> C:\Program Files\WindowsApps\ToastWallet_2.2.16.0_x64__v6a5p17k08cr4 [2018-02-17] (StarStone Limited)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-BF47F8059B62} -> [Creative Cloud Files] => C:\Users\adi\Creative Cloud Files [2016-10-14 21:35]
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\adi\Dropbox [2016-10-17 20:49]
CustomCLSID: HKU\S-1-5-21-884149921-2065793029-3257327610-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-11-02] (Notepad++ -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-04-26] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-11-14] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\system32\CFHD.dll [1334784 2016-10-11] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2016-10-11] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\adi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd
 
==================== Loaded Modules (Whitelisted) =============
 
2020-04-22 13:01 - 2021-04-23 17:58 - 002552320 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2020-04-22 13:01 - 2021-04-23 17:58 - 000367104 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2020-04-22 13:01 - 2021-04-23 17:58 - 006631936 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2020-07-04 11:04 - 2017-04-23 05:01 - 000361472 _____ () [File not signed] C:\Users\adi\OneDrive\MusicBee\libFLAC.dll
2020-07-04 11:04 - 2018-08-30 15:24 - 000101376 _____ () [File not signed] C:\Users\adi\OneDrive\MusicBee\MusicBeeBass.dll
2021-02-02 01:49 - 2021-02-02 01:49 - 000021504 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\en_il\Acrobat Elements\ContextMenuShim64.meh
2021-04-11 10:51 - 2019-02-21 12:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-02-06 21:24 - 2020-02-06 21:24 - 002080256 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Red Giant\Services\LIBEAY32.dll
2020-07-04 11:04 - 2019-01-16 11:34 - 000127669 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bass.dll
2020-07-04 11:04 - 2019-08-07 09:58 - 000018456 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bassasio.dll
2020-07-04 11:04 - 2014-06-11 11:18 - 000019478 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\basscd.dll
2020-07-04 11:04 - 2019-08-15 12:50 - 000025356 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bassflac.dll
2020-07-04 11:04 - 2018-01-16 09:08 - 000020700 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bassmix.dll
2020-07-04 11:04 - 2019-08-15 12:49 - 000068876 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\bassopus.dll
2020-07-04 11:04 - 2017-11-15 11:54 - 000013754 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\basswasapi.dll
2020-07-04 11:04 - 2019-08-09 09:23 - 000016652 _____ (Un4seen Developments) [File not signed] C:\Users\adi\OneDrive\MusicBee\basswebm.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-02-02] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 07:47 - 2021-05-17 09:34 - 000002082 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
2017-05-10 10:12 - 2017-05-10 10:12 - 000000443 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-884149921-2065793029-3257327610-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
Network Binding:
=============
Wi-Fi: NordVPN LightWeight Firewall -> NordLwf (enabled) 
PIA: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\StartupFolder: => "REAPER (x64).lnk"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_07E978E6F2BBB4AB0BC801F515EC9ED3"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-884149921-2065793029-3257327610-1001\...\StartupApproved\Run: => "Skype for Desktop"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AA2CCEA0-2320-448C-8C39-FAAE6A679473}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CC824881-4C23-40CD-BE20-C2AB7653D99D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{E74ACF85-BF75-440C-8249-422CFA806AEB}C:\python39\python.exe] => (Allow) C:\python39\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [TCP Query User{A541091E-F391-4E7E-B43E-C12BA8C6051F}C:\python39\python.exe] => (Allow) C:\python39\python.exe (Python Software Foundation -> Python Software Foundation)
FirewallRules: [{8A610377-AE73-448B-AE24-313BE5A7FB04}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\rlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{2AAB44ED-261C-481E-9ADA-99B4E6CD67B1}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\ActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{04223425-BBC0-4C9C-A409-30CBE9AAAC8A}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{34040D0C-9C4C-4E57-998D-D21A2645CCBA}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{4F4EF93B-A237-4CA6-A145-F82C655AC087}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{68E47032-0795-4B5A-A65B-A36E5CE9EEB8}] => (Allow) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{FAF22CCC-8092-4EF1-AE06-1F134A5AE496}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{744A382B-B391-467F-8A85-7FDA9B131F0F}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{E643F134-A549-4A19-98E2-8DC46816EA32}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{EC17F8C3-D303-41D2-A682-E8A003CF3DEB}] => (Allow) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{CBAD69B3-194D-4BF5-877C-1EF46ACCA92B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4FC87FC6-57F4-44C8-8935-DF767A918AA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CB455A41-F1B1-4C7E-9454-B34C1F172C46}] => (Allow) C:\Users\adi\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{BD973EFC-1885-4DEC-A158-9F229D97A43E}] => (Allow) C:\Users\adi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A0FCDF2B-EC00-440B-AAC9-39784ACC03DE}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [{7DE68EE7-C2F9-4AD1-B310-A5BA1BAAD941}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [UDP Query User{95604A7B-903A-41A4-95C0-AE2E4A11A405}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [TCP Query User{8DAD314A-71E5-4D37-BAF7-B9F112775C70}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [{BA264A83-A5D4-4458-A6E8-34940B6BA556}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{02E535C6-069C-4630-B9D6-1850FA9D8C7C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{9330C993-0F69-4AF9-8E48-422C4BF5B788}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7C7F6AA9-FFCE-457C-89C7-AA1CD27816F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{166609B7-1B93-4C2C-9BB6-69336EFA2225}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [UDP Query User{4C3E8E1D-302C-4F77-A59F-C63CC193B8DF}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [TCP Query User{EADD2A65-A3A2-4EB8-940C-5968391B691D}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe (Tixati Software Inc. -> Tixati Software Inc.)
FirewallRules: [{D9014FDF-5E61-4714-96D8-C66E42921DE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{78A06FEB-FFFB-4B70-A53C-077E9A2D3D7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{320D9E24-4DE8-4B04-8CA5-6FA3536BBA69}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{BF3FA4F7-EAEA-4780-924E-A6310DF19A99}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4843FDCB-AEAF-4DCD-826F-067487FF8516}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{35D99ECD-3442-4389-B552-9C0228FADD9F}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{E93E041E-A06B-4944-B236-54B8E3119687}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{E1D5BD5A-3A11-45E4-8A38-27EE1041E2AB}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{64A51DCB-552A-4AD9-818F-05FEDDD45C09}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\Quik.exe (GoPro, Inc. -> )
FirewallRules: [TCP Query User{D22D4B15-80CC-414D-BE6B-3A4430AB834D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{01473F1D-C871-4C84-8D84-E19C3C7AD890}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{A1715051-4C4C-4DEE-8DD5-AB3BB9E039D8}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{7C3F7C17-C1BA-449E-A327-7092658D5A51}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{3DBE9525-1E5C-4E40-9690-783574E13058}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{BEE36E6A-4568-4C6A-B76D-B1301C7B5127}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{1F34130F-65FE-4656-951D-91E9ED6C09A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DD067EF5-C721-459C-A678-C37408DF1F8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4BC61077-8C55-4946-9D15-7763037FACDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{603373A2-C107-4798-9291-CEC423813844}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3C46315C-B5B0-4A11-9055-A41F7573B5EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A9FBFB13-8F38-46A8-BC5A-48CFE88F5413}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{D3118CCB-ABD2-4A5C-BF3E-F96C22788A1E}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B23484F4-DCB7-465B-9DA8-F5B6FCE82A15}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{40906640-AEB4-4604-A3A4-ED7A7EA5DAAC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C8D135A7-A85E-454B-9999-6151C9FA1E2D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{331ACD54-4BD7-4E01-BFF4-77D818812BBA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{17147A35-4D68-484C-A12E-12B072ECA05F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{680FA605-0A91-4699-8C1C-9518B2981B36}] => (Allow) C:\Program Files\HP\HP Universal Fax Driver\bin\SendAFax.exe (HP Inc -> HP Development Company, L.P.)
FirewallRules: [{0099C546-9805-476D-BAC4-4F52D252309F}] => (Allow) C:\Program Files\HP\HP Universal Fax Driver\bin\FaxPrinterUtility64.exe (HP Inc -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{6D30DDD5-912D-4124-92D1-2EDE0668DC39}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{9D5E1683-4B95-461D-9B21-67F461D6738C}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{07A327AC-9546-4390-BFE2-6C8EBDABD24A}C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [UDP Query User{74F4DAEB-3F16-4441-9A45-36637FD81180}C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe] => (Allow) C:\users\adi\appdata\local\programs\bandlab-assistant\bandlab assistant.exe (BandLab Singapore Pte Ltd. -> BandLab Technologies)
FirewallRules: [{AF4319ED-176F-431F-AB25-18014CBF9AF9}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D851E5C0-62FA-45B3-AAD1-2BE53729E1C6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{40ED6EF7-C8F8-41DC-AE97-E11E35A21C60}] => (Allow) D:\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{B563B94E-C1B8-4B24-9A37-5CE8454AFA66}] => (Allow) D:\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{5EC3AAA1-165C-4496-B4D4-E6593A224EA1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{59F76768-0D76-482A-86EC-F00D4F4632BA}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{1DAE1806-A839-4FF6-BBF4-49E283A8506A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{114700DB-DD0A-4BB9-AC40-5AE6692B42A6}] => (Allow) C:\Users\adi\AppData\Roaming\RingCentralMeetings\bin\RingCentralMeetings.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{DBCC2261-8A97-42AB-808F-36382DD623B3}] => (Allow) C:\Users\adi\AppData\Roaming\RingCentralMeetings\bin\airhost.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{0DBD74DA-83DB-4244-9081-0DB3AE75FE69}] => (Allow) C:\Users\adi\AppData\Roaming\RingCentralMeetings\bin\airhost.exe (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
 
==================== Restore Points =========================
 
08-05-2021 10:16:54 Scheduled Checkpoint
12-05-2021 09:02:22 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/18/2021 10:08:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/18/2021 10:08:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/18/2021 12:20:03 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Hollie (M:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
 
Error: (05/17/2021 02:51:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:51:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:33:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:33:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
Error: (05/17/2021 02:04:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_ca00b6081b84eb1d.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.844_none_11adecdf30011423.manifest.
 
 
System errors:
=============
Error: (05/18/2021 04:42:22 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv6 TCP/IP interface with index 2 failed to bind to its provider.
 
Error: (05/18/2021 04:42:22 PM) (Source: Tcpip) (EventID: 4207) (User: )
Description: The IPv4 TCP/IP interface with index 2 failed to bind to its provider.
 
Error: (05/17/2021 08:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/17/2021 08:46:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adi\AppData\Local\Temp\ehdrv.sys
 
Error: (05/17/2021 08:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/17/2021 08:46:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adi\AppData\Local\Temp\ehdrv.sys
 
Error: (05/17/2021 08:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/17/2021 08:46:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adi\AppData\Local\Temp\ehdrv.sys
 
 
Windows Defender:
================
Date: 2021-05-13 09:28:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-12 10:19:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-11 09:52:24
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-11 09:46:59
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-10 09:11:50
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-14 09:05:12
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2021-05-12 18:09:41
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.514.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2021-05-10 19:15:31
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.339.360.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18100.6
Error code: 0x80072ee2
Error description: The operation timed out 
 
Date: 2021-05-05 19:08:07
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.631.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-05-05 19:08:07
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.339.21.0
Previous security intelligence Version: 1.337.631.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.6
Previous Engine Version: 1.1.18100.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 1.05.03LS2 08/25/2016
Motherboard: Notebook P65xRP
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 32651.86 MB
Available physical RAM: 19221.53 MB
Total Virtual: 34699.86 MB
Available Virtual: 19529.57 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:464.54 GB) (Free:151.97 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:227.99 GB) NTFS
Drive m: (Hollie) (Fixed) (Total:465.76 GB) (Free:236.67 GB) NTFS
 
\\?\Volume{ed5df3df-5ad8-46db-857b-8fcd7d7d50b0}\ (Windows RE tools) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{3e848c4c-dc00-40e4-aa5f-9ad8203f65b5}\ () (Fixed) (Total:0.55 GB) (Free:0.07 GB) NTFS
\\?\Volume{b5e248b8-09dc-48bd-aa83-b5f047c3f60e}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FF3265EB)
 
Partition: GPT.
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: FF32659C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

Edited by adifrank, 18 May 2021 - 03:25 PM.

  • 0

#29
DR M
Posted 19 May 2021 - 02:47 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,422 posts

Hi, adifrank.
 
Let's finish it. :)
 
 
FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
Task: {3EB9C998-FE96-460C-AC28-F3FFB6E0624B} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [8906097 2017-10-01] () [File not signed]
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-06-30] (Shrew Soft Inc) [File not signed]
S4 vnet; \SystemRoot\System32\drivers\virtualnet.sys [X]
FirewallRules: [{A0FCDF2B-EC00-440B-AAC9-39784ACC03DE}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [{7DE68EE7-C2F9-4AD1-B310-A5BA1BAAD941}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [UDP Query User{95604A7B-903A-41A4-95C0-AE2E4A11A405}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [TCP Query User{8DAD314A-71E5-4D37-BAF7-B9F112775C70}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
C:\WINDOWS\system32\DRIVERS\vfilter.sys
C:\Program Files\ShrewSoft
C:\Program Files\pia_manager
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

In your next reply please post:

  • The fixlog.txt
  • Feedback: How is the computer running now? Any remaining issues/questions/concerns?

  • 0

#30
adifrank
Posted 19 May 2021 - 09:37 AM

adifrank

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
1.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by adi (19-05-2021 11:27:43) Run:2
Running from C:\Users\adi\Desktop
Loaded Profiles: defaultuser0 & adi
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {3EB9C998-FE96-460C-AC28-F3FFB6E0624B} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [8906097 2017-10-01] () [File not signed]
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-06-30] (Shrew Soft Inc) [File not signed]
S4 vnet; \SystemRoot\System32\drivers\virtualnet.sys [X]
FirewallRules: [{A0FCDF2B-EC00-440B-AAC9-39784ACC03DE}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [{7DE68EE7-C2F9-4AD1-B310-A5BA1BAAD941}] => (Block) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [UDP Query User{95604A7B-903A-41A4-95C0-AE2E4A11A405}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
FirewallRules: [TCP Query User{8DAD314A-71E5-4D37-BAF7-B9F112775C70}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe => No File
C:\WINDOWS\system32\DRIVERS\vfilter.sys
C:\Program Files\ShrewSoft
C:\Program Files\pia_manager
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB9C998-FE96-460C-AC28-F3FFB6E0624B}" => not found
"C:\WINDOWS\System32\Tasks\Private Internet Access Startup" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Private Internet Access Startup" => not found
HKLM\System\CurrentControlSet\Services\vflt => removed successfully
vflt => service removed successfully
HKLM\System\CurrentControlSet\Services\vnet => removed successfully
vnet => service removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A0FCDF2B-EC00-440B-AAC9-39784ACC03DE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DE68EE7-C2F9-4AD1-B310-A5BA1BAAD941}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{95604A7B-903A-41A4-95C0-AE2E4A11A405}C:\program files (x86)\soulseekqt\soulseekqt.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8DAD314A-71E5-4D37-BAF7-B9F112775C70}C:\program files (x86)\soulseekqt\soulseekqt.exe" => removed successfully
C:\WINDOWS\system32\DRIVERS\vfilter.sys => moved successfully
C:\Program Files\ShrewSoft => moved successfully
C:\Program Files\pia_manager => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40441994 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 200876 B
Edge => 0 B
Chrome => 990548474 B
Firefox => 70498682 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 1083 B
LocalService => 1083 B
NetworkService => 8521 B
defaultuser0 => 8521 B
adi => 55723416 B
 
RecycleBin => 288321 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:29:31 ====
 
 
2. Computer is running fine. Just to avoid any misunderstanding, my computer wasn't having any noticeable performance issues previously. Just strange popups from time to time. And that popup request asking permission to run Windows Command Processor after I turned on my computer that morning, which freaked me out. If I get any of those again, I'll be sure to get a screenshot and post back
 
Thanks!!

Edited by adifrank, 19 May 2021 - 09:37 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP