LogMeIn preventing access to online banking – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

meta image ProxyEgg LogMeIn preventing access to online banking - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer
My Windows 10 home network consists of a Ryzen 7 and a 4770K both used for music, movies, TV, internet. Also 4 headless boxes just used for 3D rendering using Cinema 4D. All pcs had Windows Defender and Malwarebytes free and were regularly scanned.
I recently tried to logon to Royal Bank of Scotland on the Ryzen to check my balance and got this message –
=====================
We’re sorry you can’t log into Digital Banking. This is because we’ve detected that you have a program or a piece of software installed on your device that could allow another person to see and control your computer. This could be something called AnyDesk or LogMeIn. 
=====================
I got the same message on the 4770K.
I am aware of the telephone support scam and I have never installed LogMeIn or similar or allowed anyone to control my pcs remotely.
Since this happened I have upgraded to Malwarebytes Premium on all machines including the MBAM Browser Guard Edge extension. I have been through all my HDDs deleting anything at all dodgy eg keygens and unused software. I have scanned many times with MBAM, Defender, Super Antispyware, AdwCleaner plus numerous other AVs (uninstalled after one scan) – all to no avail.
There was definitely some kind of Windows problem because I could log into my bank account using a live Ubuntu flash drive.
This might be a coincidence – I remembered I’d recently installed a 3rd party audio volume control called Volume2 to the Ryzen and 4770K pcs, so I uninstalled it on both using Revo with scan for remnants. I found I could now logon to my bank on the Ryzen, but not on the 4770K. This could just be a fluke, because I’d been doing a lot of tinkering + deleting stuff.
So I still have this LogMeIn problem on the 4770K and I only do financial transactions – banking, Ebay, Amazon, PayPal etc – on the Ryzen but I worry that the virus could get back on the Ryzen via network or USB flash drives and steal passwords etc. 
I’ve checked my bank account and AFAIK there’s been no cash stolen.
Can you help me solve this LogMeIn problem ?
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2021
Ran by jed (administrator) on 4770KDESKTOP (MSI MS-7817) (09-08-2021 14:14:13)
Running from C:\Users\jed\Desktop
Loaded Profiles: jed
Platform: Windows 10 Pro Version 21H1 19043.1151 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\128.4.2870\QtWebEngineProcess.exe <3>
(Focusrite Audio Engineering, Ltd.) [File not signed] C:\Program Files\FocusriteUSB\Focusrite Notifier.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] [File is in use] C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.1.6.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.2101.28.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(PINSTRIPE LIMITED (NextPVR Technologies) -> ) C:\Program Files\NextPVR\DeviceHostWindows.exe
(PINSTRIPE LIMITED (NextPVR Technologies) -> ) C:\Program Files\NextPVR\NextPVRService.exe
(PINSTRIPE LIMITED (NextPVR Technologies) -> ) C:\Program Files\NextPVR\NPVRTray.exe
(PINSTRIPE LIMITED (NextPVR Technologies) -> NextPVRServer) C:\Program Files\NextPVR\NextPVRServer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\…\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-09] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\…\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9270560 2019-05-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\…\Run: [Focusrite Notifier] => C:\Program Files\FocusriteUSB\Focusrite Notifier.exe [3949568 2019-08-02] (Focusrite Audio Engineering, Ltd.) [File not signed]
HKLM\…\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7580488 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\…\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942744 2018-12-17] (Logitech -> Logitech, Inc.)
HKLM-x32\…\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\…\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8089888 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\…\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-12-08] (Adobe Inc. -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-12-08] (Adobe Inc. -> )
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11223920 2021-07-27] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\Policies\Explorer: [HideSCAVolume] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-05] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2018-12-06]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing LLC -> Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2018-12-06]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing LLC -> Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2018-12-06]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing LLC -> WinZip Computing, S.L.)
Startup: C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NextPVR Tray.lnk [2020-07-21]
ShortcutTarget: NextPVR Tray.lnk -> C:\Program Files\NextPVR\NPVRTray.exe (PINSTRIPE LIMITED (NextPVR Technologies) -> )
Startup: C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar152.lnk [2021-08-09]
ShortcutTarget: Sidebar152.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) [File not signed] [File is in use]
GroupPolicy: Restriction – Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02FAB2D5-D197-4FE2-A7C3-F49ECCFC2089} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {03BE603B-6E25-43CA-BD6F-14C386665F39} – System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {33F4E8F2-1D6A-49C6-BB24-9FADDAE79502} – System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-05-20] (Piriform Software Ltd -> Piriform)
Task: {3D16184C-4FA3-478F-B2D4-3840640F6D58} – System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-26] (Google Inc -> Google LLC)
Task: {3DB5656B-4935-4D35-BEEE-500B2A443FD4} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {500264F3-B36F-4C51-96BF-A7F3AD301BA7} – System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-09] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {9AD68BD7-C360-4882-AE8F-E54490F65F25} – System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28158080 2021-05-20] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9BD0CB09-C693-4BB7-A09A-984EF464674E} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9FE7F24-F902-45AE-B50F-38051635A1C1} – System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {AB022FB5-3F7A-4188-B922-DF6B3485B7FC} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BB4ABD84-8F92-4DBB-BB8B-7FB351A24099} – System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-26] (Google Inc -> Google LLC)
Task: {D877C3F0-9A44-47C1-B54B-5F954499272D} – System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F4221B18-78A9-48A7-AF9E-59C3E880B873} – System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {F4DFF589-EC47-4202-9CB4-11EEED603525} – System32\Tasks\AdobeAAMUpdater-1.0-4770KDESKTOP-jed => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{158f593d-bc0e-4ac8-9f2c-2a906a038ef9}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{71183d4f-7949-488d-89ad-2845442ed908}: [DhcpNameServer] 192.168.1.254
DownloadDir: C:\Users\jed\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (PrintFriendly and PDF) -> EdgeExtension_32615PrintFriendlyPDFPrintPDF_mcmatvdanzs2y => C:\Program Files\WindowsApps\32615PrintFriendlyPDF.Print-PDF_2.7.0.0_neutral__mcmatvdanzs2y [2019-11-04]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default [2021-08-09]
Edge DownloadDir: Default -> C:\Users\jed\Downloads
Edge StartupUrls: Default -> “hxxps://duckduckgo.com/”
Edge NewTab: Default -> “active”: false,
            “entry”: “chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html”
          
Edge DefaultSearchURL: Default -> hxxps://en.wikipedia.org/wiki/Special:Search/{searchTerms}
Edge DefaultSearchKeyword: Default -> wikipedia.org
Edge Extension: (Outlook) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2021-05-05]
Edge Extension: (uBlock Origin) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-30]
Edge Extension: (Disable HTML5 Autoplay) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\efdhoaajjjgckpbkoglidkeendpkolai [2021-02-18]
Edge Extension: (I don’t care about cookies) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2021-06-28]
Edge Extension: (Word) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2021-05-05]
Edge Extension: (New Tab Redirect) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2021-02-18]
Edge Extension: (Malwarebytes Browser Guard) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-27]
Edge Extension: (Excel) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2021-05-05]
Edge Extension: (Print Friendly & PDF) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nhiebejbpolmpkikgbijamagibifhjib [2021-02-18]
Edge Extension: (PowerPoint) – C:\Users\jed\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2021-05-05]
Edge HKLM-x32\…\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-09-19] (Foxit Software Incorporated -> Foxit Corporation)
CHR Profile: C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default [2021-08-09]
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR Extension: (Google Drive) – C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-10]
CHR Extension: (YouTube) – C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-17]
CHR Extension: (uBlock Origin) – C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-31]
CHR Extension: (Malwarebytes Browser Guard) – C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-31]
CHR Extension: (Chrome Web Store Payments) – C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-08]
CHR Extension: (Gmail) – C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-10]
CHR Extension: (Chrome Media Router) – C:\Users\jed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-31]
CHR HKLM-x32\…\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-09] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-09] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-08-05] (Dropbox, Inc -> Dropbox, Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8929608 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-16] (Malwarebytes Inc -> Malwarebytes)
R2 NextPVR Service; C:\Program Files\NextPVR\NextPVRService.exe [43024 2021-07-11] (PINSTRIPE LIMITED (NextPVR Technologies) -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-07-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-08-04] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd -> Creative Technology Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-04-06] (Malwarebytes Inc -> Malwarebytes)
S3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [122088 2019-08-02] (WDKTestCert builds,131886954661028733 -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [101512 2019-08-02] (WDKTestCert builds,131886954661028733 -> Focusrite Audio Engineering Ltd.)
S3 FocusriteUSB_AUDIO; C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys [63408 2019-08-02] (WDKTestCert builds,131886954661028733 -> Focusrite Audio Engineering Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-08-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-08-09] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-01] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-08-09] (Malwarebytes Inc -> Malwarebytes)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TBS_TBS6205BDA; C:\WINDOWS\System32\drivers\tbs6205.sys [358072 2017-03-22] (深圳市特博赛科技有限公司 -> TBS)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [127512 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
S3 wacomrouterfilter; C:\WINDOWS\System32\drivers\wacomrouterfilter.sys [28680 2020-09-18] (WDKTestCert dant,132134237881206156 -> Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-08-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-08-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2048-12-31 02:03 – 2021-08-07 16:53 – 000000000 ____D C:\Users\jed\Documents\VST3 Presets
2048-12-31 02:01 – 2048-12-31 02:01 – 000002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2021-08-09 14:14 – 2021-08-09 14:14 – 000025289 _____ C:\Users\jed\Desktop\FRST.txt
2021-08-09 09:18 – 2021-08-09 09:18 – 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-08-09 09:18 – 2021-08-09 09:18 – 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-08-09 09:18 – 2021-08-09 09:18 – 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-08-08 15:12 – 2021-08-08 15:12 – 000405157 _____ C:\Users\jed\Desktop\favourites_08_08_2021.html
2021-08-08 02:23 – 2021-08-08 02:23 – 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-08-07 19:45 – 2021-08-09 14:14 – 000000000 ____D C:\FRST
2021-08-07 19:44 – 2021-08-08 18:51 – 002300416 _____ (Farbar) C:\Users\jed\Desktop\FRST64.exe
2021-08-07 16:51 – 2021-08-07 16:51 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-08-07 16:48 – 2021-08-07 16:48 – 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-08-05 21:33 – 2021-08-05 21:33 – 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-08-05 21:33 – 2021-08-05 21:33 – 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-08-05 21:33 – 2021-08-05 21:33 – 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-08-05 21:33 – 2021-08-05 21:33 – 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-08-05 20:43 – 2021-08-05 22:58 – 2107087240 _____ C:\Users\jed\Desktop\Wanda [1970].mkv
2021-08-04 14:35 – 2021-08-04 15:00 – 000000000 ____D C:\ProgramData\Malwarebytes’ Anti-Malware (portable)
2021-08-04 14:35 – 2021-08-04 14:35 – 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1261BF4E.sys
2021-08-04 14:34 – 2021-08-04 15:00 – 000000000 ____D C:\Users\jed\Documents\mbar
2021-08-04 13:48 – 2021-08-04 13:48 – 000000837 _____ C:\Users\Public\Desktop\Speccy.lnk
2021-08-04 13:48 – 2021-08-04 13:48 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2021-08-04 13:48 – 2021-08-04 13:48 – 000000000 ____D C:\Program Files\Speccy
2021-08-02 11:26 – 2021-08-09 13:37 – 000003724 _____ C:\Users\jed\Desktop\xyz.txt
2021-08-02 09:47 – 2021-08-02 09:47 – 000000000 ____D C:\WINDOWS\Panther
2021-08-01 14:05 – 2021-08-01 14:05 – 000000000 ____D C:\Autoruns
2021-08-01 11:36 – 2021-08-01 11:36 – 000276632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-30 14:33 – 2021-07-30 14:33 – 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-30 14:33 – 2021-07-30 14:33 – 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-30 14:33 – 2021-07-30 14:33 – 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-07-30 14:33 – 2021-07-30 14:33 – 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-07-30 14:33 – 2021-07-30 14:33 – 000011461 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-29 13:29 – 2021-07-29 13:29 – 000002456 _____ C:\Users\jed\Desktop\LMI script.txt
2021-07-29 11:15 – 2021-08-09 01:03 – 077594624 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-07-29 11:12 – 2021-07-29 11:15 – 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-07-28 19:37 – 2021-08-09 13:37 – 000003724 _____ C:\Users\jed\Documents\xyz.txt
2021-07-28 19:37 – 2021-07-24 16:05 – 000000646 _____ C:\Users\jed\Documents\payments.txt
2021-07-27 14:43 – 2021-07-27 14:44 – 000000000 ____D C:\Users\jed\AppData\Local\Sidebar7
2021-07-27 14:43 – 2021-07-27 14:44 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2021-07-27 14:43 – 2021-07-27 14:43 – 000000000 ____D C:\Program Files\Windows Sidebar
2021-07-27 14:43 – 2021-07-27 14:43 – 000000000 ____D C:\Program Files (x86)\Windows Sidebar
2021-07-27 10:17 – 2021-07-27 10:17 – 000000000 ____D C:\Users\jed\AppData\Roaming\SUPERAntiSpyware.com
2021-07-27 10:16 – 2021-07-27 14:40 – 000000000 ____D C:\Program Files\SUPERAntiSpyware
2021-07-27 10:16 – 2021-07-27 10:16 – 000001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2021-07-27 10:16 – 2021-07-27 10:16 – 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2021-07-27 10:16 – 2021-07-27 10:16 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2021-07-24 15:02 – 2021-07-27 10:14 – 000000066 _____ C:\Users\jed\Documents\mbam.txt
2021-07-23 20:55 – 2021-03-12 18:32 – 003220234 _____ C:\Users\jed\Desktop\H410M-HDV.pdf
2021-07-19 18:09 – 2021-07-19 18:15 – 000351451 _____ C:\Users\jed\Desktop\meridian.c4d
2021-07-19 14:25 – 2020-10-23 21:00 – 000000000 ____D C:\Users\jed\Desktop\Gorilla.at.Large.1954.1080p.WEBRip.x265-RARBG
2021-07-16 15:57 – 2021-08-08 02:23 – 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-07-14 12:28 – 2021-07-14 12:28 – 001328376 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2021-07-14 12:28 – 2021-07-14 12:28 – 001324032 _____ C:\WINDOWS\system32\FaceProcessor.dll
2021-07-14 12:28 – 2021-07-14 12:28 – 000512864 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2021-07-14 12:28 – 2021-07-14 12:28 – 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-14 12:28 – 2021-07-14 12:28 – 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-14 12:28 – 2021-07-14 12:28 – 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-14 12:28 – 2021-07-14 12:28 – 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2050-10-02 18:33 – 2019-03-30 23:00 – 000107443 _____ C:\Users\jed\Network_Meter_Data.js
2021-08-09 14:14 – 2019-08-26 20:19 – 000000000 ____D C:\Program Files (x86)\Google
2021-08-09 14:11 – 2018-12-06 18:00 – 000000000 ____D C:\Program Files\CCleaner
2021-08-09 14:10 – 2020-11-19 00:41 – 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-08-09 14:10 – 2019-12-07 10:14 – 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-09 13:08 – 2020-07-21 12:57 – 000000000 ____D C:\Users\Public\NPVR-data
2021-08-09 12:11 – 2019-12-07 10:13 – 000000000 ____D C:\WINDOWS\INF
2021-08-09 09:22 – 2021-05-05 18:08 – 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-08-09 09:18 – 2020-12-20 22:04 – 000000000 ____D C:\Users\jed\AppData\Roaming\WTablet
2021-08-09 09:18 – 2020-11-19 00:41 – 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-08-09 09:18 – 2020-08-20 13:16 – 000008192 ___SH C:\DumpStack.log.tmp
2021-08-09 09:18 – 2020-01-04 16:26 – 000000000 ____D C:\Users\jed\AppData\Local\Dropbox
2021-08-09 09:18 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\ServiceState
2021-08-09 09:18 – 2018-12-06 16:02 – 000000000 __SHD C:\Users\jed\IntelGraphicsProfiles
2021-08-09 09:18 – 2018-12-06 16:00 – 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-08-09 01:03 – 2019-12-07 10:03 – 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-08-08 18:29 – 2019-01-01 18:07 – 000000000 ____D C:\Users\jed\AppData\Local\CrashDumps
2021-08-08 14:34 – 2021-05-05 18:01 – 000000000 ____D C:\Users\jed
2021-08-08 14:25 – 2020-05-17 19:01 – 000000000 ____D C:\Users\jed\Documents\adw
2021-08-08 02:23 – 2020-07-27 11:25 – 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-08-07 16:53 – 2018-12-08 02:38 – 000000000 ____D C:\Users\jed\Documents\VST XMLs
2021-08-07 16:53 – 2018-12-08 02:38 – 000000000 ____D C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nektar
2021-08-07 16:53 – 2018-12-08 02:38 – 000000000 ____D C:\Program Files\Nektar
2021-08-07 16:51 – 2020-01-04 16:26 – 000000000 ____D C:\Program Files (x86)\Dropbox
2021-08-07 11:21 – 2020-11-19 00:44 – 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-08-07 11:21 – 2019-12-07 10:14 – 000000000 ___HD C:\Program Files\WindowsApps
2021-08-07 11:21 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\AppReadiness
2021-08-06 10:18 – 2018-12-06 21:00 – 000000000 ____D C:\Users\jed\AppData\Roaming\vlc
2021-08-05 11:10 – 2019-12-07 10:03 – 000000000 ____D C:\WINDOWS\CbsTemp
2021-08-05 10:15 – 2019-12-17 00:30 – 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-04 20:09 – 2021-05-05 18:04 – 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-08-04 20:09 – 2021-05-05 18:04 – 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-08-04 15:44 – 2019-12-07 10:14 – 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-08-04 14:59 – 2018-12-06 16:06 – 000000000 ____D C:\Users\jed\AppData\Local\D3DSCache
2021-08-04 14:35 – 2018-12-06 20:36 – 000000000 ____D C:\ProgramData\Malwarebytes
2021-08-04 09:20 – 2020-11-19 00:41 – 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-08-03 18:39 – 2021-05-19 11:45 – 000000000 ____D C:\WINDOWS\Minidump
2021-08-02 12:25 – 2020-05-25 18:25 – 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-02 12:24 – 2018-12-06 16:35 – 000000000 ____D C:\Users\jed\AppData\LocalLow\Mozilla
2021-08-01 14:50 – 2021-04-28 14:23 – 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-08-01 14:45 – 2021-05-05 13:46 – 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-08-01 14:02 – 2018-12-25 20:47 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2021-07-30 14:36 – 2019-12-07 15:49 – 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ___SD C:\WINDOWS\system32\UNP
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\SystemResources
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\ShellComponents
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-07-30 14:36 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-30 14:36 – 2019-12-07 10:03 – 000000000 ____D C:\WINDOWS\servicing
2021-07-30 09:34 – 2020-11-19 00:44 – 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-30 09:34 – 2020-11-19 00:44 – 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-29 10:47 – 2018-12-06 16:19 – 000002382 __RSH C:\ProgramData\ntuser.pol
2021-07-28 10:34 – 2018-12-08 02:29 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2021-07-26 23:02 – 2019-03-19 17:55 – 000002250 ____H C:\Users\jed\Documents\Default.rdp
2021-07-26 23:01 – 2019-12-07 15:46 – 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-07-26 15:59 – 2021-05-05 18:04 – 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2016687260-585160081-2310965895-1001
2021-07-26 15:59 – 2021-05-05 18:01 – 000002399 _____ C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-26 15:59 – 2018-12-06 16:04 – 000000000 ___RD C:\Users\jed\OneDrive
2021-07-25 20:12 – 2018-12-06 16:02 – 000000000 ____D C:\Users\jed\AppData\Local\Packages
2021-07-25 18:12 – 2019-03-05 02:44 – 000000000 ____D C:\ProgramData\Mozilla
2021-07-25 18:12 – 2018-12-06 16:35 – 000000000 ____D C:\Users\jed\AppData\Roaming\Mozilla
2021-07-25 18:12 – 2018-12-06 16:35 – 000000000 ____D C:\Users\jed\AppData\Local\Mozilla
2021-07-25 18:11 – 2021-04-21 16:47 – 000000000 ____D C:\ProgramData\Red Giant
2021-07-25 18:10 – 2018-12-18 19:52 – 000000000 ____D C:\Users\jed\AppData\Roaming\Foxit Software
2021-07-25 18:09 – 2019-11-16 17:38 – 000000000 ____D C:\ProgramData\Foxit Software
2021-07-25 18:09 – 2018-12-18 19:52 – 000000000 ____D C:\Program Files (x86)\Foxit Software
2021-07-25 18:09 – 2018-12-06 18:12 – 000000000 ____D C:\ProgramData\Package Cache
2021-07-25 16:06 – 2019-03-30 22:06 – 000108656 _____ C:\Users\jed\IP_Log_Data.js
2021-07-25 16:04 – 2019-03-30 23:13 – 000000030 _____ C:\Users\jed\AppData\Roaming\Network Meter_Usage.ini
2021-07-24 13:42 – 2020-09-07 16:37 – 000000000 ____D C:\Users\jed\Documents\Cairyn pdf
2021-07-24 13:42 – 2020-06-07 12:45 – 000000000 ____D C:\Users\jed\Desktop\to convert
2021-07-15 11:03 – 2019-12-07 10:14 – 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-14 12:29 – 2019-12-07 10:14 – 000000000 ____D C:\Program Files\Common Files\System
2021-07-14 12:24 – 2018-12-06 16:06 – 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-14 12:23 – 2018-12-06 16:06 – 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-12 22:26 – 2021-04-15 11:46 – 000000072 _____ C:\Users\jed\Documents\bbc reg.txt
==================== Files in the root of some directories ========
2019-03-30 22:06 – 2021-07-25 16:06 – 000108656 _____ () C:\Users\jed\IP_Log_Data.js
2019-03-30 23:00 – 2050-10-02 18:33 – 000107443 _____ () C:\Users\jed\Network_Meter_Data.js
2020-09-25 14:37 – 2020-09-25 14:37 – 000000624 _____ () C:\Users\jed\AppData\Roaming\All CPU MeterV3_Settings.ini
2019-03-30 22:05 – 2019-04-28 17:07 – 000000717 _____ () C:\Users\jed\AppData\Roaming\Network Meter_Settings.ini
2019-03-30 23:13 – 2021-07-25 16:04 – 000000030 _____ () C:\Users\jed\AppData\Roaming\Network Meter_Usage.ini
2019-10-03 18:50 – 2019-10-03 18:50 – 000000000 _____ () C:\Users\jed\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2021
Ran by jed (09-08-2021 14:15:17)
Running from C:\Users\jed\Desktop
Windows 10 Pro Version 21H1 19043.1151 (X64) (2021-05-05 17:04:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2016687260-585160081-2310965895-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-2016687260-585160081-2310965895-503 – Limited – Disabled)
Guest (S-1-5-21-2016687260-585160081-2310965895-501 – Limited – Disabled)
jed (S-1-5-21-2016687260-585160081-2310965895-1001 – Administrator – Enabled) => C:\Users\jed
WDAGUtilityAccount (S-1-5-21-2016687260-585160081-2310965895-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
8GadgetPack (HKLM-x32\…\{9B9D3CF8-D10A-4A8D-8630-37ED01E9A37D}) (Version: 28.0.0 – 8GadgetPack.net)
Adobe After Effects CC 2018 (HKLM-x32\…\AEFT_15_0_0) (Version: 15.0.0 – Adobe Systems Incorporated)
Adobe Character Animator CC 2018 (HKLM-x32\…\CHAR_1_1_0) (Version: 1.1.0 – Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\…\Adobe Creative Cloud) (Version: 4.3.0.256 – Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\…\AME_12_0_0) (Version: 12.0.0 – Adobe Systems Incorporated)
Adobe Photoshop 2020 (HKLM-x32\…\PHSP_21_0) (Version: 21.0 – Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\…\PHSP_20_0_2) (Version: 20.0.2 – Adobe Systems Incorporated)
After Effects CC 2018 (HKLM\…\{7FFD7100-E882-4F2F-ABFF-5AE0FDB0638E}) (Version: 1.0.0000 – Adobe Systems Incorporated) Hidden
Audacity 2.3.2 (HKLM-x32\…\Audacity_is1) (Version: 2.3.2 – Audacity Team)
Avidemux VC++ 64bits (HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\{bb3b26d6-ae09-4ff1-941f-ca10fb379e76}) (Version: 2.7.5 – Mean)
Camtasia 2019 (HKLM\…\{281FB404-5E21-49C9-ABA7-278753936D13}) (Version: 19.0.1.4626 – TechSmith Corporation) Hidden
Camtasia 2019 (HKLM-x32\…\{5ce3fc88-78d6-4dd6-b94b-e3522d83a3e5}) (Version: 19.0.1.4626 – TechSmith Corporation)
CCleaner (HKLM\…\CCleaner) (Version: 5.80 – Piriform)
CINEMA 4D 14.034 (HKLM\…\MAXON656170D5) (Version: 14.034 – MAXON Computer GmbH)
CINEMA 4D 16.011 (HKLM\…\MAXON8B6F11F9) (Version: 16.011 – MAXON Computer GmbH)
Cinema 4D 20.059 (HKLM\…\MAXONE3565005) (Version: 20.059 – MAXON Computer GmbH)
Dolby Digital Live Pack (HKLM-x32\…\Dolby Digital Live Pack) (Version: 3.03 – Creative Technology Limited)
Dropbox (HKLM-x32\…\Dropbox) (Version: 128.4.2870 – Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\…\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.485.1 – Dropbox, Inc.) Hidden
DTS Connect Pack (HKLM-x32\…\DTS Connect Pack) (Version: 1.00 – Creative Technology Limited)
Excel (HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 – Excel)
Focusrite USB 4.63.24.564 (HKLM\…\Focusrite USB_is1) (Version: 4.63.24.564 – Focusrite Audio Engineering, Ltd.)
Foxit Reader (HKLM-x32\…\Foxit Reader_is1) (Version: 9.3.0.10826 – Foxit Software Inc.)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 92.0.4515.131 – Google LLC)
Google Earth Pro (HKLM\…\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 – Google)
HandBrake 1.2.2 (HKLM-x32\…\HandBrake) (Version: 1.2.2 – )
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\…\{3E1C36F0-C3A2-4137-9DA4-8580CF6191E1}) (Version: 19.0.324 – Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\…\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 – Intel® Corporation) Hidden
Intel® Graphics Driver Software (HKLM-x32\…\{d9e1af9c-46b1-481f-bd13-dffef7b14da2}) (Version: 3.11.1.0 – Intel) Hidden
Intel® Processor Graphics (HKLM-x32\…\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 – Intel Corporation)
LAV Filters 0.73.1 (HKLM-x32\…\lavfilters_is1) (Version: 0.73.1 – Hendrik Leppkes)
Macrium Reflect Free Edition (HKLM\…\{7F41F593-1C74-4F9D-9E0E-AD819B4A6222}) (Version: 7.3.5365 – Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\…\MacriumReflect) (Version: 7.3 – Paramount Software (UK) Ltd.)
Malwarebytes version 4.4.4.126 (HKLM\…\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.4.126 – Malwarebytes)
Maxon Cinema 4D R21 (HKLM\…\Maxon Cinema 4D R21) (Version: R21 – Maxon)
Microsoft Edge (HKLM-x32\…\Microsoft Edge) (Version: 92.0.902.67 – Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\OneDriveSetup.exe) (Version: 21.129.0627.0002 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\…\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\…\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\…\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729 (HKLM\…\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM\…\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x64 9.0.30729.4148 (HKLM\…\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729 (HKLM-x32\…\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.17 (HKLM-x32\…\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148 (HKLM-x32\…\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 – Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32\…\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32\…\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32\…\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32\…\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32\…\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32\…\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29910 (HKLM-x32\…\{53f1dc9d-ed94-4650-a079-129785ce7905}) (Version: 14.28.29910.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.25.28508 (HKLM-x32\…\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 – Microsoft Corporation)
NextPVR (HKLM\…\NextPVR) (Version: 5.x.x – NextPVR Technologies)
Outlook (HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 – Outlook)
PowerPoint (HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 – PowerPoint)
Realtek High Definition Audio Driver (HKLM-x32\…\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8703.1 – Realtek Semiconductor Corp.)
Revo Uninstaller 2.2.8 (HKLM\…\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.8 – VS Revo Group, Ltd.)
Speccy (HKLM\…\Speccy) (Version: 1.32 – Piriform)
SUPERAntiSpyware (HKLM\…\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1228 – SUPERAntiSpyware.com)
TBS 6205 driver 1.0.0.4  for windows (HKLM\…\TBS 6205 DVBT driver for windows_is1) (Version:  – TBS Technologies)
UltraSearch V3.1.1 (64 bit) (HKLM\…\UltraSearch_is1) (Version: 3.1.1 – JAM Software)
VideoReDo TVSuite Version 4.21.6.674 (HKLM-x32\…\VideoReDo4_is1) (Version:  – DRD Systems, Inc.)
VLC media player (HKLM\…\VLC media player) (Version: 3.0.16 – VideoLAN)
Wacom Tablet (HKLM\…\Wacom Tablet Driver) (Version: 6.3.41-1 – Wacom Technology Corp.)
Windows Driver Package – TBS DTV (TBS_TBS6205BDA) Media  (04/01/2016 1.0.0.4) (HKLM\…\677EDE649FD409121D1C19A756D5FADF21EAB3D4) (Version: 04/01/2016 1.0.0.4 – TBS DTV)
WinRAR 5.61 (64-bit) (HKLM\…\WinRAR archiver) (Version: 5.61.0 – win.rar GmbH)
WinZip 20.0 (HKLM\…\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 – WinZip Computing, S.L. )
Word (HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 – Word)
Bamboo Paper -> C:\Program Files\WindowsApps\D91E29CF.BambooPaper_1.7.15.0_x64__38kynpdw5g1aw [2020-11-01] (Wacom Europe GmbH)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2070.2.0_x86__kgqvnymyfvs32 [2021-07-28] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.9.253.0_x64__rz1tebttyb220 [2021-08-06] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10628.5716.0_x64__8wekyb3d8bbwe [2021-07-30] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-06-22] (Microsoft Corporation)
PrintFriendly and PDF -> C:\Program Files\WindowsApps\32615PrintFriendlyPDF.Print-PDF_2.7.0.0_neutral__mcmatvdanzs2y [2019-11-04] (PrintFriendly and PDF)
TuneIn Radio -> C:\Program Files\WindowsApps\TuneIn.TuneInRadio_4.0.7.0_x64__6bhtb546zcxnj [2019-11-14] (TuneIn) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2016687260-585160081-2310965895-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\jed\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-2016687260-585160081-2310965895-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\jed\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler) [File not signed]
CustomCLSID: HKU\S-1-5-21-2016687260-585160081-2310965895-1001_Classes\CLSID\{930e604a-cc01-4d06-8d7a-5a07914f3afb}\localserver32 -> C:\Program Files\TechSmith\Camtasia 2019\CamtasiaStudio.exe (TechSmith Corporation -> TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-2016687260-585160081-2310965895-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\jed\Dropbox [2020-01-04 16:29]
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-08] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-08] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-08] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-08] (Adobe Inc. -> )
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [iSkysoftVideoConverterFileOpreation] -> [CC]{BB35DE05-89D6-4D8F-95DE-A27DF8156D91} =>  -> No File
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinZip] -> [CC]{E0D79304-84BE-11CE-9641-444553540000} =>  -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2019-09-20] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [WinZip] -> [CC]{E0D79304-84BE-11CE-9641-444553540000} =>  -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-12-08] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Drivers32: [vidc.pDAD] => C:\WINDOWS\system32\prodad-codec.dll [607256 2018-08-30] (proDAD GmbH -> proDAD GmbH)
HKLM\…\Drivers32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\…\Drivers32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
HKLM\…\Drivers32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4c32.dll [413760 2001-01-07] (Microsoft Corporation) [File not signed]
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\jed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=hikhggiobiflkdfdgdajcfklmcibbopi
==================== Loaded Modules (Whitelisted) =============
2020-07-21 12:57 – 2020-12-13 10:23 – 000997888 _____ () [File not signed] [File is in use] C:\Program Files\NextPVR\Unmanaged.dll
2020-07-21 12:57 – 2019-08-15 18:13 – 001265664 _____ () [File not signed] C:\Program Files\NextPVR\e_sqlite3.DLL
2020-07-21 12:57 – 2021-06-27 06:50 – 000189440 _____ () [File not signed] C:\Program Files\NextPVR\NPVRTSMon.ax
2021-07-27 14:43 – 2019-01-27 14:34 – 000638464 _____ (Helmut Buhler) [File not signed] C:\Program Files\Windows Sidebar\dwmapi.dll
2020-07-21 12:57 – 2019-11-01 18:24 – 000006144 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\NextPVR\SQLitePCLRaw.batteries_v2.dll
2020-07-21 12:57 – 2019-11-01 18:23 – 000046080 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\NextPVR\SQLitePCLRaw.core.dll
2020-07-21 12:57 – 2019-11-01 18:23 – 000005632 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\NextPVR\SQLitePCLRaw.nativelibrary.dll
2020-07-21 12:57 – 2019-11-01 18:23 – 000056832 _____ (SourceGear) [File not signed] [File is in use] C:\Program Files\NextPVR\SQLitePCLRaw.provider.dynamic_cdecl.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409 [286]
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47 [902]
AlternateDataStreams: C:\ProgramData\TEMP:66633281 [135]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=”Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-gb/?pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-2016687260-585160081-2310965895-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2016687260-585160081-2310965895-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-07-31 18:45 – 2021-07-31 18:46 – 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 1.1.1.1 – 1.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\…\StartupApproved\StartupFolder: => “FAH.lnk”
HKLM\…\StartupApproved\StartupFolder: => “WinZip Preloader.lnk”
HKLM\…\StartupApproved\StartupFolder: => “Update Notifier.lnk”
HKLM\…\StartupApproved\Run: => “AdobeGCInvoker-1.0”
HKLM\…\StartupApproved\Run: => “AdobeAAMUpdater-1.0”
HKLM\…\StartupApproved\Run32: => “AdobeAAMUpdater-1.0”
HKLM\…\StartupApproved\Run32: => “Adobe Creative Cloud”
HKLM\…\StartupApproved\Run32: => “AdobeGCInvoker-1.0”
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\StartupApproved\Run: => “SUPERAntiSpyware”
HKU\S-1-5-21-2016687260-585160081-2310965895-1001\…\StartupApproved\Run: => “OneDriveSetup”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{E1682FF9-8819-431B-A4CB-EC682953D15C}] => (Allow) LPort=8320
FirewallRules: [{E5CCF408-83A6-4E49-BD74-B577C2C48C77}] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d teamrender client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{023E0665-745E-4FB8-8EE9-829865104AD8}] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d teamrender client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{A733E76A-2531-4C50-9331-769B9B079FB5}] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{31784C00-1CF1-4271-9756-6CD8636CF720}] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{90B412B8-B93D-4461-9EBC-6F2AB7228528}] => (Block) C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B45D0CEC-AFA5-4D08-8762-913B56607E61}] => (Block) C:\Program Files\CCleaner\CCleaner64.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [UDP Query User{884FD09E-FB05-4602-855F-FD529BEF41BD}C:\program files\maxon\cinema 4d r20\cinema 4d teamrender client.exe] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d teamrender client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{B2EEBA7B-8D4A-436C-847E-DA285E42B086}C:\program files\maxon\cinema 4d r20\cinema 4d teamrender client.exe] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d teamrender client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{DA450EDC-5EE1-4970-A93A-21196515F689}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{0D7FF706-4599-43E7-B866-9A5210D59931}C:\program files\maxon\cinema 4d r20\cinema 4d.exe] => (Allow) C:\program files\maxon\cinema 4d r20\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{C97D052A-ED05-4DA3-A429-C7C7C009375D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{0039F7C1-29A1-4904-B9A2-F4A3C195B5FD}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{D88AC083-C4F9-423B-B889-8314EFC7B98A}C:\program files\maxon cinema 4d r21\cinema 4d.exe] => (Allow) C:\program files\maxon cinema 4d r21\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{08F501B7-5FB8-4A9E-9609-289CFDD76FD4}C:\program files\maxon cinema 4d r21\cinema 4d.exe] => (Allow) C:\program files\maxon cinema 4d r21\cinema 4d.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{EF4FEEAF-3919-4029-B973-EF7F3C7DE6F2}C:\program files\maxon cinema 4d r21\cinema 4d team render client.exe] => (Allow) C:\program files\maxon cinema 4d r21\cinema 4d team render client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{FE8E3CCF-0B64-4AC7-9521-565EDC2E4D63}C:\program files\maxon cinema 4d r21\cinema 4d team render client.exe] => (Allow) C:\program files\maxon cinema 4d r21\cinema 4d team render client.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [TCP Query User{B13CF8C3-843C-4D1A-8475-1F2BE91D66E8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3262EBCA-3495-45AF-8A68-7C585405ED33}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{1475AA5F-473F-4E41-8319-5069BE911A49}C:\program files\maxon cinema 4d r21\cinema 4d team render server.exe] => (Allow) C:\program files\maxon cinema 4d r21\cinema 4d team render server.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [UDP Query User{BE6580BB-A4E3-4378-91EA-B99DFA74B6B2}C:\program files\maxon cinema 4d r21\cinema 4d team render server.exe] => (Allow) C:\program files\maxon cinema 4d r21\cinema 4d team render server.exe (MAXON Computer GmbH -> MAXON Computer GmbH)
FirewallRules: [{C79CBCEA-AB04-4A85-AB5B-221E87D9736A}] => (Allow) C:\Program Files\NextPVR\NextPVRServer.exe (PINSTRIPE LIMITED (NextPVR Technologies) -> NextPVRServer)
FirewallRules: [{C5EAE292-B008-4FF7-B4AF-6689AF955277}] => (Allow) C:\Program Files\NextPVR\DeviceHostWindows.exe (PINSTRIPE LIMITED (NextPVR Technologies) -> )
FirewallRules: [{BA580B17-9BC6-48DF-A4DC-85F6939723A1}] => (Allow) C:\Program Files\NextPVR\Client\NextPVR.exe (PINSTRIPE LIMITED (NextPVR Technologies) -> )
FirewallRules: [{D886DB5D-7BFD-46D7-8C7E-48228F486CCA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{80BF6D24-0E9A-41D1-B10E-705FC1002D3E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F49FE21F-6437-4D91-A4D3-D5F58BA07F18}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6117BC54-59AF-4732-82FD-813A2DD8D337}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{253DFFB8-E482-40B1-8BB3-426CD3C8559F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{50D4927C-4D30-47E2-85D5-4C142BF45EA8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:445.97 GB) (Free:255.42 GB) (57%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (08/09/2021 02:11:55 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, “iehistory://{S-1-5-21-2016687260-585160081-2310965895-1001}/”>.
Error: (08/09/2021 02:11:55 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, “iehistory://{S-1-5-21-2016687260-585160081-2310965895-1001}/”>.
Error: (08/09/2021 01:26:55 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, “iehistory://{S-1-5-21-2016687260-585160081-2310965895-1001}/”>.
Error: (08/09/2021 01:26:55 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, “iehistory://{S-1-5-21-2016687260-585160081-2310965895-1001}/”>.
Error: (08/09/2021 12:11:05 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, “iehistory://{S-1-5-21-2016687260-585160081-2310965895-1001}/”>.
Error: (08/09/2021 12:08:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for “C:\Program Files\FocusriteUSB\Focusrite Notifier.exe”.Error in manifest or policy file “” on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984.manifest.
Error: (08/09/2021 01:02:48 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, “iehistory://{S-1-5-21-2016687260-585160081-2310965895-1001}/”>.
Error: (08/09/2021 01:02:47 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, “iehistory://{S-1-5-21-2016687260-585160081-2310965895-1001}/”>.
System errors:
=============
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NextPVR Service service terminated unexpectedly. It has done this 1 time(s).
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s).
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Macrium Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wacom Professional Service service terminated unexpectedly. It has done this 1 time(s).
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sound Blaster Audio Service service terminated unexpectedly. It has done this 1 time(s).
Error: (08/08/2021 02:25:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Windows Defender:
================
Date: 2021-08-08 16:55:37
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-08-08 16:36:09
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Vigorf.A
Severity: Severe
Category: Trojan
Path: file:_E:\software various\WinRAR_5.61.zip
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.345.171.0, AS: 1.345.171.0, NIS: 1.345.171.0
Engine Version: AM: 1.1.18400.4, NIS: 1.1.18400.4
CodeIntegrity:
===============
Date: 2021-08-04 15:44:34
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
Date: 2021-08-04 15:44:34
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info =========================== 
BIOS: American Megatrends Inc. V10.3 12/17/2013
Motherboard: MSI B85M-E45 (MS-7817)
Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 63%
Total physical RAM: 8053.97 MB
Available physical RAM: 2970.95 MB
Total Virtual: 9333.97 MB
Available Virtual: 4375.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:445.97 GB) (Free:255.42 GB) NTFS
Drive d: (Media) (Fixed) (Total:3726.01 GB) (Free:1760.96 GB) NTFS
Drive e: (Data) (Fixed) (Total:3726.01 GB) (Free:3079.84 GB) NTFS
\\?\Volume{77d58893-3199-11eb-99c0-448a5b61bdea}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{77d58896-3199-11eb-99c0-448a5b61bdea}\ () (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{77d58895-3199-11eb-99c0-448a5b61bdea}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 447.1 GB) (Disk ID: A512F242)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================

Source of this news: https://www.bleepingcomputer.com/forums/t/756421/logmein-preventing-access-to-online-banking/

Related posts:

Is Your Mobile Provider Tracking Your Location? This New Technology Could Stop It. - USC Viterbi | S...
To receive service, our phones reveal personal identifiers to cell towers owned by major network operators. This has led to vast and largely unregulated data-harvesting industries. Now, researchers h...
Download Advanced IP Scanner 2.5.3850 for Windows - Filehippo.com - FileHippo News
Free and reliable network scannerAdvanced IP Scanner is a network scanner available for download on devices running Windows OS. It is easy-to-use and can locate all computers on your local area netwo...
Censorship in the Age of Large Cloud Providers - Lawfare
Internet censors have a new strategy in their bid to block applications and websites: pressuring the large cloud providers that host them. These providers have concerns that are much broader than the...
Open Text : What's new in OpenText Exceed TurboX 12.0.4 - Marketscreener.com
As remote work has become the new normal, remote access to business-critical software has become the norm and needs to be supported on any platform and any device. With OpenText™ Exceed TurboX (ET...
Surfshark adds new cutting-edge technology to its VPN service - TechRadar
Audio player loading… Surfshark has announced it is adding new Nexus software defined network (SDN) technology to its consumer-faced VPN product.SDN is prevalent in enterprises and businesses whe...
FamousSparrow: A suspicious hotel guest - We Live Security
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021 ESET researchers have uncovered a new cyberespionage group targeting hotels, governments, and private companies world...
Cloudflare: Life on the Bleeding Beginning - InvestorPlace
Owning Cloudflare (NYSE: NET ) stock is life on your bleeding edge of method, security and fast ingredients delivery. It’s exciting. It is actually wildly profitable, but other also an ar...
Analyst says iPhone 13 will make calls even without a cellular signal - Lodi Valley News.com
With the expected launch of the next generation iPhone appears to be coming to an end (Will it be in September?), rumors and speculation are spreading around the world, seeking to anticipate news of...
Trend Electronics : Annual Report 2019-20 - Marketscreener.com
30th 2019 - 2020 TREND ELECTRONICS LIMITED (A COMPANY UNDER CORPORATE INSOLVENCY RESOLUTION PROCESS) RESOLUTION PROFESSIONAL REGISTERED OFFICE Mr Divyesh Desai 20 KM...
Virtual Private Network (VPN) Market Growth Factors, Applications, Regional Analysis, Key Players An...
Virtual Private Network (VPN) Market extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were ...
The german language student app caught out operating in data breach - Dedalera Journal
File media-photo respect © Microsoft Scoolio’s API flaw has exposed such information of 400, 000 A language like german students. According to Bleeping Computer , Lilith Wittmann, a securi...
Apache HTTP Server Path Traversal & Remote Code Execution (CVE-2021-41773 & CVE-2021-42013) ...
On October 4, 2021, Apache HTTP Server Project released Security advisory on a Path traversal and File disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and...
Fix 'The Proxy Server Refusing Connections Error' Message - BollyInside
This tutorial is about the Fix ‘The Proxy Server Refusing Connections Error’ Message. We will try our best so that you understand this guide. I hope you like this blog Fix ‘The Proxy Server Refusing ...
Which one is better for gaming? Residential Proxies or Datacentre Proxies? - FULLSYNC
How frustrating is it that we can’t play a game because we don’t live in a specific zip code, state, or country? Why should that matter when all we want to do is enjoy the game? Or, what if you unkno...
Tips Unblock YouTube Without using Youtube proxy server - BollyInside
This tutorial is about finally the How To Unblock YouTube Without resorting to Proxy. We will try our best so that you can understand this guide. I hope appeals to you this blog How To Unblock ...
Gopher, The Competing Standard To WWW In The '90s Is Still Worth Checking Out - Hackaday
The 30th anniversary of the World Wide Web passed earlier this year. Naturally, this milestone was met with truckloads of nerdy fanfare and pining for those simpler times. In three decades, the Web h...
How to Hide Your IP Address - Lee Stanton - Alphr
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way. Websites keep track of your IP address for various reasons, and in most cases, it’s n...
Istio 1 . 12 learns which keeps things local, gets some sort of grip on TCP probes • DEVCLASS - DevC...
Istio security Service mesh Istio has grown to be available in version 1 . 12, providing users with innovations meant to make the project other extensible and secure. Istio 1 . 12 offers ...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30