Proxy Virus time: http=localhost:8000;https=localhost:8000 – Virus, Trojan, Spyware, and Malware Removal Help – BleepingComputer

meta image ProxyEgg Proxy Virus time: http=localhost:8000;https=localhost:8000 - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

same problem that Phideous was having in this post: 

https://www.bleepingcomputer.com/forums/t/742727/proxy-virus-time-httplocalhost8000;httpslocalhost8000/

I have done the same anti viral measures as phideous

any help would be great thanks 

logs: 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2021
Ran by Pasath (administrator) on DESKTOP-97O75D8 (Micro-Star International Co., Ltd. MS-7C91) (07-07-2021 23:36:02)
Running from C:\Users\Pasath\Downloads
Loaded Profiles: Pasath
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Discord Inc. -> Discord Inc.) C:\Users\Pasath\AppData\Local\Discord\app-1.0.9002\Discord.exe <6>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <33>
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pasath\AppData\Local\Microsoft\OneDrive\21.119.0613.0001\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Pasath\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.5282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.5282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\spaceman.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(Motion Systems Michał Stanek -> MotionSystems) C:\Program Files (x86)\Next Level Racing\Platform Manager\MoSyAppWatcherSvc32.exe
(Motion Systems Michał Stanek -> MotionSystems) C:\Program Files (x86)\Next Level Racing\Platform Manager\MoSyAppWatcherSvc64.exe
(Motion Systems Michał Stanek -> Next Level Racing) C:\Program Files (x86)\Next Level Racing\Platform Manager\PlatformManager.exe
(NetSupport Ltd -> NetSupport Ltd) C:\Users\Pasath\AppData\Roaming\Z4RV3Bpq\ctfmon.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(remotemouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(RemoteMouse.net) [File not signed] C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
(Robert McNeel & Associates (TLM, Inc.) -> Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\…\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\…\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\…\Run: [WindowsDefender] => “%ProgramFiles%\Windows Defender\MSASCuiL.exe”
HKLM-x32\…\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [101284632 2020-09-17] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\…\Run: [Next Level Racing Platform Manager] => C:\Program Files (x86)\Next Level Racing\Platform Manager\PlatformManager.exe [5426792 2020-11-16] (Motion Systems Michał Stanek -> Next Level Racing)
HKLM-x32\…\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2021-01-20] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\…\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-03] (Adobe Inc. -> )
HKLM-x32\…\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5296352 2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\…\Run: [] => [X]
HKLM-x32\…\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [Spotify] => C:\Users\Pasath\AppData\Roaming\Spotify\Spotify.exe [24091264 2021-07-03] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [33249248 2021-06-19] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-05-08] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [com.squirrel.Teams.Teams] => C:\Users\Pasath\AppData\Local\Microsoft\Teams\Update.exe [2453688 2021-01-29] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [Facebook.MessengerDesktop] => C:\Users\Pasath\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5549280 2021-05-28] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [Discord] => C:\Users\Pasath\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [ctfmon_] => C:\Users\Pasath\AppData\Roaming\Z4RV3Bpq\ctfmon.exe [112176 2020-05-06] (NetSupport Ltd -> NetSupport Ltd) <==== ATTENTION
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\Pasath\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\Pasath\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\RunOnce: [Uninstall 21.109.0530.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\Pasath\AppData\Local\Microsoft\OneDrive\21.109.0530.0001”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1005\…\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\Pasath Study\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1005\…\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\Pasath Study\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1006\…\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792288 2021-05-08] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1006\…\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\nadin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1006\…\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q “C:\Users\nadin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1006\…\RunOnce: [Uninstall 21.073.0411.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\nadin\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\amd64”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1006\…\RunOnce: [Uninstall 21.073.0411.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q “C:\Users\nadin\AppData\Local\Microsoft\OneDrive\21.073.0411.0002”
HKLM\…\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-01] (Google LLC -> Google LLC)
Startup: C:\Users\Pasath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2021-03-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1486E449-3679-41CB-95BC-72BB4DED9116} – System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1EC196AD-6DBA-406D-B0FA-6E25D745F49E} – System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
Task: {23CF17EF-1CAE-4F33-8533-13B3782E2175} – System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {28071DAC-8786-474A-84CD-9270F0C2A6F3} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {351A87EF-2437-45A5-8C00-5557CB02D320} – System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {43497D07-B5EE-4F4C-BA3C-0BA526704237} – System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {4C579F99-BDCC-43E4-B2EE-7B231FD239C7} – System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65448 2021-05-31] (Microsoft Corporation -> Microsoft)
Task: {540BBA0F-C553-48DF-B66F-7AC1EFA1D151} – System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {54F1E6D4-DFD4-466B-B613-F8F341B35A30} – System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5275568 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {674DF641-9F75-46E5-86C8-08F3AE3D5065} – System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-17] (Piriform Software Ltd -> Piriform)
Task: {7A0D6C1D-0C40-4C76-A27E-DF08CCAF40DD} – System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {81E0F5A1-5668-49F2-8E21-300D19BDBC0C} – System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {83672F28-105C-41EB-9654-1C3F907E0B48} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {857206ED-A67A-4271-83B2-4E367655A049} – System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-22] (Google LLC -> Google LLC)
Task: {8B68ECA6-18B5-49A5-8E26-2128813B1008} – System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d “C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {91390869-CAAB-4F32-9D5E-08CC6EE7EA9F} – System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {92657352-A613-482C-B399-CD125ED6BA22} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {958BC850-1C58-42CD-A44A-9E7A96E50955} – System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {993EF5AA-FD89-4ED9-9767-A1E226D09FB5} – System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ACCC376B-88A2-470B-8570-DC957048F371} – System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147320 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {AFFEA287-22B4-4FEB-9E62-53367C1BE7DB} – System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412680 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {BB79804F-D81D-43CA-86D0-2D81D68E2639} – System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC925A80-6D15-462A-AC90-C270CA432590} – System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DB32B073-C836-4A1B-A90F-7A65C5905B39} – System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DD9F16EF-69A6-43CE-A006-040AAE780919} – System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DE62B510-C410-4984-A0B9-D019C2FB6233} – System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EBB4CD77-BA86-41AD-A9D6-B05A8D5BBD5F} – System32\Tasks\elevator_b58b0b144169daf1a5b3ae13ea6f5142 => C:\Program Files (x86)\SimHub\SimHubWPF.exe [3001856 2020-12-24] () [File not signed]
Task: {FED81636-50CA-4496-A5EB-4FB65D3716DA} – System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147320 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {FFB2C646-4F03-4FB5-B688-75F950C7EC80} – System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5275568 2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-4046646743-2370866350-3589897510-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-4046646743-2370866350-3589897510-1001] => http=localhost:8000;https=localhost:8000
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5e8e16e8-c3ee-43cf-9637-64732d145236}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{63178dd4-d9d1-49d9-a60d-1cb2f84c42ff}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{e8687bbc-a37f-4f29-86b9-0e78cc7ac2c3}: [DhcpNameServer] 192.168.42.129
ManualProxies: 1http=localhost:8000;https=localhost:8000
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pasath\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-07]
Edge Extension: (Outlook) – C:\Users\Pasath\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-25]
Edge Extension: (Word) – C:\Users\Pasath\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-25]
Edge Extension: (Excel) – C:\Users\Pasath\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-25]
Edge Extension: (PowerPoint) – C:\Users\Pasath\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-25]
FF DefaultProfile: 2p748bdw.default
FF ProfilePath: C:\Users\Pasath\AppData\Roaming\Mozilla\Firefox\Profiles\2p748bdw.default [2021-03-15]
FF ProfilePath: C:\Users\Pasath\AppData\Roaming\Mozilla\Firefox\Profiles\bstjseh7.default-release [2021-07-07]
FF HKLM\…\Firefox\Extensions: [[email protected]] – C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) – C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-12-07]
FF HKLM-x32\…\Firefox\Extensions: [[email protected]] – C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-01-20] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-05] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-01-20] (Adobe Inc. -> Adobe Systems)
CHR Profile: C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default [2021-07-07]
CHR Notifications: Default -> hxxps://fullsend.com; hxxps://www.itonlinelearning.com; hxxps://www.reddit.com
CHR Extension: (Slides) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-22]
CHR Extension: (Docs) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-22]
CHR Extension: (Google Drive) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-22]
CHR Extension: (YouTube) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-22]
CHR Extension: (Weava Highlighter – PDF & Web) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnaodkpfinfiipjblikofhlhlcickei [2021-04-18]
CHR Extension: (Adobe Acrobat) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-11]
CHR Extension: (Sheets) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-22]
CHR Extension: (Google Docs Offline) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (AdBlock — best ad blocker) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-06-24]
CHR Extension: (Grammarly for Chrome) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-07-06]
CHR Extension: (Chrome Web Store Payments) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Bitwarden – Free Password Manager) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2021-07-02]
CHR Extension: (Netflix Party is now Teleparty) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2021-07-06]
CHR Extension: (Gmail) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-22]
CHR Extension: (Chrome Media Router) – C:\Users\Pasath\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-02]
CHR HKLM-x32\…\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2021-01-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3780296 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3548360 2021-02-17] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8444360 2021-01-02] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-12-13] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10605472 2021-05-08] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-07] (Malwarebytes Inc -> Malwarebytes)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [71928 2021-02-23] (Robert McNeel & Associates (TLM, Inc.) -> Robert McNeel & Associates)
R2 MotionSystems AppWatcher32; C:\Program Files (x86)\Next Level Racing\Platform Manager\MoSyAppWatcherSvc32.exe [324712 2020-11-16] (Motion Systems Michał Stanek -> MotionSystems)
R2 MotionSystems AppWatcher64; C:\Program Files (x86)\Next Level Racing\Platform Manager\MoSyAppWatcherSvc64.exe [362088 2020-11-16] (Motion Systems Michał Stanek -> MotionSystems)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)
R2 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [10752 2021-04-30] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2021-07-07] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [199128 2021-07-07] (Malwarebytes Inc -> Malwarebytes)
R2 LGHUBTemperatureService; C:\Program Files\LGHUB\logi_core_temp.sys [22864 2021-05-08] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [37200 2021-05-08] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [25928 2021-05-08] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [66896 2021-05-08] (Logitech Inc -> Logitech)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220752 2021-07-07] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-07-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198888 2021-07-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69016 2021-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-07-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [156880 2021-07-07] (Malwarebytes Inc -> Malwarebytes)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\SimHub\OpenHardwareMonitorLib.sys [14544 2021-01-16] (Noriyuki MIYAZAKI -> OpenLibSys.org)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-07 22:57 – 2021-07-07 23:00 – 000066297 _____ C:\Users\Pasath\Downloads\Addition.txt
2021-07-07 22:56 – 2021-07-07 23:36 – 000036597 _____ C:\Users\Pasath\Downloads\FRST.txt
2021-07-07 22:21 – 2021-07-07 23:36 – 000000000 ____D C:\FRST
2021-07-07 22:19 – 2021-07-07 22:20 – 002301440 _____ (Farbar) C:\Users\Pasath\Downloads\FRST64.exe
2021-07-07 21:40 – 2021-07-07 21:41 – 000000000 ____D C:\Program Files\CCleaner
2021-07-07 21:40 – 2021-07-07 21:40 – 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-07-07 21:40 – 2021-07-07 21:40 – 000002890 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2021-07-07 21:40 – 2021-07-07 21:40 – 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-07-07 21:40 – 2021-07-07 21:40 – 000000863 _____ C:\ProgramData\Desktop\CCleaner.lnk
2021-07-07 21:40 – 2021-07-07 21:40 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-07-07 21:39 – 2021-07-07 21:39 – 035958288 _____ (Piriform Software Ltd) C:\Users\Pasath\Downloads\ccsetup582.exe
2021-07-07 20:45 – 2021-07-07 20:45 – 000198888 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-07-07 20:45 – 2021-07-07 20:45 – 000156880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-07-07 20:45 – 2021-07-07 20:45 – 000069016 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-07-07 20:42 – 2021-07-07 20:42 – 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-07-07 20:42 – 2021-07-07 20:42 – 000220752 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-07-07 20:42 – 2021-07-07 20:42 – 000199128 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-07-07 20:42 – 2021-07-07 20:42 – 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-07-07 20:42 – 2021-07-07 20:42 – 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-07 20:42 – 2021-07-07 20:42 – 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-07-07 20:42 – 2021-07-07 20:42 – 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-07-07 20:42 – 2021-07-07 20:42 – 000000000 ____D C:\Users\Pasath\AppData\Local\mbam
2021-07-07 20:42 – 2021-07-07 20:42 – 000000000 ____D C:\ProgramData\Malwarebytes
2021-07-07 20:38 – 2021-07-07 20:38 – 000000000 ____D C:\Program Files\Malwarebytes
2021-07-07 20:37 – 2021-07-07 20:37 – 002093656 _____ (Malwarebytes) C:\Users\Pasath\Downloads\MBSetup.exe
2021-07-06 23:34 – 2021-07-06 23:34 – 000000000 ____D C:\Users\Pasath\AppData\Local\OneDrive
2021-07-06 22:17 – 2021-07-06 22:17 – 000592732 _____ C:\Users\Pasath\Downloads\PCP_A2_Presentation.pdf
2021-07-06 16:44 – 2021-07-06 16:44 – 000238135 _____ C:\Users\Pasath\Downloads\dia_site_rules_for_contractors_version_3_0_august_2014.pdf
2021-07-05 23:02 – 2021-07-05 23:02 – 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-07-05 22:11 – 2021-07-06 23:16 – 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-05 21:47 – 2021-07-05 21:47 – 008534023 _____ C:\Users\Pasath\Downloads\Business Process Mapping I_Introduction slides.pptx
2021-07-05 21:47 – 2021-07-05 21:47 – 008376466 _____ C:\Users\Pasath\Downloads\Business Process Mapping I_Flowcharts slides.pptx
2021-07-05 21:47 – 2021-07-05 21:47 – 007165318 _____ C:\Users\Pasath\Downloads\Topic 1 BP Analysis Part II.pptx
2021-07-05 21:47 – 2021-07-05 21:47 – 006071152 _____ C:\Users\Pasath\Downloads\Topic 1 Process Synthesis.pptx
2021-07-05 21:47 – 2021-07-05 21:47 – 005482905 _____ C:\Users\Pasath\Downloads\Topic 3 Benchmarking.pptx
2021-07-05 21:47 – 2021-07-05 21:47 – 005421368 _____ C:\Users\Pasath\Downloads\Topic 2 Business Process Analysis.pptx
2021-07-05 21:47 – 2021-07-05 21:47 – 004930544 _____ C:\Users\Pasath\Downloads\Topic 2 Six sigma.pptx
2021-07-05 21:46 – 2021-07-05 21:46 – 007183709 _____ C:\Users\Pasath\Downloads\Relationship Maps Slides.pptm
2021-07-05 21:46 – 2021-07-05 21:46 – 005339715 _____ C:\Users\Pasath\Downloads\Concluding mapping Slides.pptx
2021-07-05 21:46 – 2021-07-05 21:46 – 005339715 _____ C:\Users\Pasath\Downloads\Concluding mapping Slides (1).pptx
2021-07-05 21:45 – 2021-07-05 21:45 – 022837996 _____ C:\Users\Pasath\Downloads\Topic 1A(1).pptx
2021-07-05 21:45 – 2021-07-05 21:45 – 014111344 _____ C:\Users\Pasath\Downloads\Topic 1B(1).pptx
2021-07-05 19:27 – 2021-07-05 19:27 – 000002536 _____ C:\Users\Pasath\AppData\Local\rootCert.pfx
2021-07-05 19:26 – 2021-07-07 20:48 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\nl6Qjtpu
2021-07-05 19:25 – 2021-07-05 19:25 – 000000486 _____ C:\Users\Pasath\AppData\Roaming\s1947.vbs
2021-07-05 19:25 – 2021-07-05 19:25 – 000000436 _____ C:\Users\Pasath\AppData\Roaming\drvsetup.txt
2021-07-03 17:04 – 2021-07-03 17:04 – 000336071 _____ C:\Users\Pasath\Downloads\Ethics_and_Technology_Controversies,_Questions,_an…_—-_(Chapter_2_Ethical_Concepts_and_Ethical_Theories_Frameworks_for_Analyzi…).pdf
2021-07-02 19:52 – 2021-07-02 19:52 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\Z4RV3Bpq
2021-07-02 19:52 – 2021-07-02 19:52 – 000000000 ____D C:\Users\Pasath\AppData\Local\NetSupport
2021-07-02 19:51 – 2021-07-02 19:51 – 000001322 _____ C:\Users\Pasath\Downloads\Chrome.Updated.247b30 (2).zip
2021-07-02 19:51 – 2021-07-02 19:51 – 000001322 _____ C:\Users\Pasath\Downloads\Chrome.Updated.247b30 (1).zip
2021-07-02 19:50 – 2021-07-02 19:50 – 000001322 _____ C:\Users\Pasath\Downloads\Chrome.Updated.247b30.zip
2021-07-02 00:21 – 2021-07-02 00:21 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\npm
2021-07-02 00:21 – 2021-07-02 00:21 – 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2021-07-01 23:19 – 2021-07-01 23:19 – 009834496 _____ C:\Users\Pasath\Downloads\node-v0.12.14-x64.msi
2021-07-01 23:15 – 2021-07-01 23:15 – 009497216 _____ (Joyent, Inc) C:\Users\Pasath\Downloads\node.exe
2021-07-01 19:30 – 2021-07-01 22:29 – 000000000 ____D C:\Users\Pasath\Documents\UTS
2021-07-01 13:56 – 2021-07-01 13:56 – 000000000 ____D C:\Users\Pasath\AppData\Local\node-gyp
2021-07-01 13:48 – 2021-07-01 13:48 – 000000000 ____D C:\Users\Pasath\.config
2021-07-01 13:27 – 2021-07-01 13:46 – 000000052 _____ C:\Users\Pasath\.node_repl_history
2021-07-01 13:02 – 2021-07-01 13:02 – 002617172 _____ C:\Users\Pasath\Downloads\angulartemplatefinal-master.zip
2021-06-30 23:49 – 2021-07-01 13:15 – 000000000 ____D C:\Users\Pasath\AppData\Local\npm-cache
2021-06-30 00:32 – 2021-06-30 00:32 – 000612209 _____ C:\Users\Pasath\Downloads\PCP_A1_Written research report.pdf
2021-06-27 15:48 – 2021-06-27 15:48 – 001824727 _____ C:\Users\Pasath\Downloads\Video recording guide.pdf
2021-06-09 23:43 – 2021-06-09 23:43 – 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-09 23:43 – 2021-06-09 23:43 – 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-06-09 23:43 – 2021-06-09 23:43 – 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-06-09 23:43 – 2021-06-09 23:43 – 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-06-09 23:43 – 2021-06-09 23:43 – 001823792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-06-09 23:43 – 2021-06-09 23:43 – 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-09 23:43 – 2021-06-09 23:43 – 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-09 23:43 – 2021-06-09 23:43 – 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-06-09 23:43 – 2021-06-09 23:43 – 000568832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-06-09 23:43 – 2021-06-09 23:43 – 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-06-09 23:43 – 2021-06-09 23:43 – 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-06-09 23:43 – 2021-06-09 23:43 – 000451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-06-09 23:43 – 2021-06-09 23:43 – 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-06-09 23:43 – 2021-06-09 23:43 – 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-06-09 23:43 – 2021-06-09 23:43 – 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-06-09 23:43 – 2021-06-09 23:43 – 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-06-09 23:43 – 2021-06-09 23:43 – 000097280 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-09 23:43 – 2021-06-09 23:43 – 000011353 _____ C:\Windows\system32\DrtmAuthTxt.wim
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-07-07 23:21 – 2021-02-18 22:21 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\discord
2021-07-07 22:56 – 2020-12-25 15:43 – 000000000 ____D C:\Users\Pasath\AppData\Local\CrashDumps
2021-07-07 22:50 – 2020-11-19 09:41 – 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-07 22:40 – 2021-02-18 22:20 – 000000000 ____D C:\Users\Pasath\AppData\Local\Discord
2021-07-07 22:37 – 2019-12-07 19:14 – 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-07 21:22 – 2020-12-29 22:04 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\Messenger
2021-07-07 21:22 – 2020-12-29 22:04 – 000000000 ____D C:\Users\Pasath\AppData\Local\Messenger
2021-07-07 20:54 – 2019-12-07 19:03 – 000032768 _____ C:\Windows\system32\config\ELAM
2021-07-07 20:52 – 2021-01-20 10:54 – 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-07-07 20:52 – 2021-01-20 10:54 – 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-07-07 20:47 – 2020-12-23 04:09 – 000795742 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-07 20:47 – 2019-12-07 19:13 – 000000000 ____D C:\Windows\INF
2021-07-07 20:45 – 2020-12-23 07:20 – 000000000 ___RD C:\Users\Pasath\OneDrive
2021-07-07 20:43 – 2020-12-23 07:20 – 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4046646743-2370866350-3589897510-1001
2021-07-07 20:43 – 2020-12-23 07:18 – 000002386 _____ C:\Users\Pasath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-07 20:42 – 2020-12-22 21:24 – 000000000 ____D C:\ProgramData\NVIDIA
2021-07-07 20:42 – 2019-12-07 19:14 – 000000000 ___HD C:\Windows\ELAMBKUP
2021-07-07 20:40 – 2020-12-23 04:04 – 000008192 ___SH C:\DumpStack.log.tmp
2021-07-07 20:40 – 2020-11-19 09:41 – 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-07 20:39 – 2019-12-07 19:03 – 001835008 _____ C:\Windows\system32\config\BBI
2021-07-07 19:35 – 2021-02-07 20:20 – 000000444 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2021-07-07 19:21 – 2021-03-08 10:16 – 000004170 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{F70B9164-39D2-4A99-B72B-23D967B87CAD}
2021-07-06 23:24 – 2021-03-15 20:58 – 000000000 ____D C:\Users\Pasath\AppData\LocalLow\Mozilla
2021-07-06 23:24 – 2021-03-15 20:58 – 000000000 ____D C:\ProgramData\Mozilla
2021-07-06 23:20 – 2020-12-23 07:18 – 000000000 ____D C:\Users\Pasath\AppData\Local\Packages
2021-07-06 23:16 – 2021-03-15 20:58 – 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-06 10:03 – 2019-12-07 19:03 – 000000000 ____D C:\Windows\CbsTemp
2021-07-05 23:02 – 2021-03-15 20:58 – 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-05 04:22 – 2020-12-25 16:48 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\Spotify
2021-07-04 11:27 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\AppReadiness
2021-07-03 15:23 – 2020-12-25 16:48 – 000000000 ____D C:\Users\Pasath\AppData\Local\Spotify
2021-07-03 12:03 – 2020-11-19 09:44 – 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-03 12:03 – 2020-11-19 09:44 – 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-03 12:03 – 2020-11-19 09:44 – 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-07-03 12:03 – 2019-12-07 19:14 – 000000000 ___HD C:\Program Files\WindowsApps
2021-07-02 18:58 – 2020-11-19 09:44 – 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-02 18:58 – 2020-11-19 09:44 – 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-02 01:20 – 2021-01-09 21:06 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\vlc
2021-07-01 13:48 – 2020-12-23 07:18 – 000000000 ___HD C:\Users\Pasath
2021-07-01 13:03 – 2021-04-26 21:46 – 000000000 ____D C:\Users\Pasath\work
2021-07-01 13:01 – 2020-12-22 20:55 – 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-01 13:01 – 2020-12-22 20:55 – 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-01 13:01 – 2020-12-22 20:55 – 000002206 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-07-01 07:32 – 2020-12-25 16:13 – 000000000 ____D C:\Program Files (x86)\Steam
2021-06-30 19:18 – 2020-12-29 22:19 – 000000000 ____D C:\Program Files (x86)\Origin
2021-06-27 21:50 – 2020-12-29 22:16 – 000000000 ____D C:\ProgramData\Origin
2021-06-27 16:50 – 2020-12-29 22:16 – 000000000 ____D C:\Users\Pasath\AppData\Local\Origin
2021-06-24 00:34 – 2020-12-29 21:29 – 000000000 ____D C:\Program Files\Microsoft Office
2021-06-22 21:45 – 2021-01-16 21:45 – 000000000 ____D C:\Users\Pasath\AppData\Local\ElevatedDiagnostics
2021-06-19 00:06 – 2020-12-29 22:16 – 000000000 ____D C:\Users\Pasath\AppData\Roaming\Origin
2021-06-18 22:01 – 2021-02-20 23:13 – 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-12 21:54 – 2020-11-19 09:41 – 000000000 ____D C:\Windows\system32\Drivers\wd
2021-06-10 22:30 – 2021-01-20 11:05 – 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-06-10 22:30 – 2021-01-20 11:05 – 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-06-10 00:27 – 2019-12-07 19:14 – 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-10 00:26 – 2020-11-19 09:41 – 000479120 _____ C:\Windows\system32\FNTCACHE.DAT
2021-06-10 00:25 – 2019-12-08 00:49 – 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-10 00:25 – 2019-12-08 00:45 – 000000000 ____D C:\Windows\system32\Drivers\en-GB
2021-06-10 00:25 – 2019-12-08 00:45 – 000000000 ____D C:\Windows\en-GB
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ___RD C:\Windows\PrintDialog
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\SysWOW64\Dism
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\SystemResources
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\system32\oobe
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\system32\migwiz
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\system32\lv-LV
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\system32\et-EE
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\system32\Dism
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\PolicyDefinitions
2021-06-10 00:25 – 2019-12-07 19:14 – 000000000 ____D C:\Windows\bcastdvr
2021-06-09 23:39 – 2020-12-26 22:12 – 000000000 ____D C:\Windows\system32\MRT
2021-06-09 23:38 – 2020-12-26 22:12 – 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-06-09 21:04 – 2020-12-26 18:22 – 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Files in the root of some directories ========
2021-07-05 19:25 – 2021-07-05 19:25 – 000000436 _____ () C:\Users\Pasath\AppData\Roaming\drvsetup.txt
2021-07-05 19:25 – 2021-07-05 19:25 – 000000486 _____ () C:\Users\Pasath\AppData\Roaming\s1947.vbs
2021-01-24 12:13 – 2021-03-08 22:24 – 000000128 _____ () C:\Users\Pasath\AppData\Roaming\winscp.rnd
2021-01-20 11:06 – 2021-01-20 11:06 – 000000000 _____ () C:\Users\Pasath\AppData\Local\oobelibMkey.log
2021-07-05 19:27 – 2021-07-05 19:27 – 000002536 _____ () C:\Users\Pasath\AppData\Local\rootCert.pfx
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2021
Ran by Pasath (07-07-2021 23:36:41)
Running from C:\Users\Pasath\Downloads
Windows 10 Pro Version 20H2 19042.1052 (X64) (2020-12-22 18:05:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4046646743-2370866350-3589897510-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-4046646743-2370866350-3589897510-503 – Limited – Disabled)
Guest (S-1-5-21-4046646743-2370866350-3589897510-501 – Limited – Disabled)
nadin (S-1-5-21-4046646743-2370866350-3589897510-1006 – Limited – Enabled) => C:\Users\nadin
pasat (S-1-5-21-4046646743-2370866350-3589897510-1003 – Limited – Enabled)
Pasath (S-1-5-21-4046646743-2370866350-3589897510-1001 – Administrator – Enabled) => C:\Users\Pasath
Pasath Study (S-1-5-21-4046646743-2370866350-3589897510-1005 – Limited – Enabled) => C:\Users\Pasath Study
sliya (S-1-5-21-4046646743-2370866350-3589897510-1004 – Limited – Disabled)
tliya (S-1-5-21-4046646743-2370866350-3589897510-1002 – Limited – Disabled)
WDAGUtilityAccount (S-1-5-21-4046646743-2370866350-3589897510-504 – Limited – Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled – Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled – Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
==================== Installed Programs ======================
(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (HKLM-x32\…\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.005.20048 – Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\…\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.005.20048 – Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\…\Adobe Creative Cloud) (Version: 5.3.1.470 – Adobe Inc.)
Adobe Genuine Service (HKLM-x32\…\AdobeGenuineService) (Version:  – Adobe)
Adobe Illustrator 2021 (HKLM-x32\…\ILST_25_2) (Version: 25.2 – Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\…\IDSN_16_1) (Version: 16.1 – Adobe Inc.)
Adobe Photoshop 2021 (HKLM-x32\…\PHSP_22_2) (Version: 22.2.0.183 – Adobe Inc.)
Amazon Redshift ODBC Driver 64-bit (HKLM\…\{960BF695-03D5-48CF-9DC2-6AC5800C4FBE}) (Version: 1.4.10.1000 – Amazon Web Services, Inc.)
AMD Chipset Software (HKLM-x32\…\AMD_Chipset_IODrivers) (Version: 2.10.26.336 – Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\…\{b7b5b85e-6364-4ab4-ab0f-3a89b0de0fe2}) (Version: 2.10.26.336 – Advanced Micro Devices, Inc.) Hidden
Audacity 3.0.0 (HKLM-x32\…\Audacity_is1) (Version: 3.0.0 – Audacity Team)
Bonjour (HKLM\…\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 – Apple Inc.) Hidden
Brackets (HKLM-x32\…\{43086E55-5B37-4DA8-852F-EEC6C75ECFE9}) (Version: 1.14.17770 – brackets.io)
CCleaner (HKLM\…\CCleaner) (Version: 5.82 – Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\…\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 – Microsoft Corporation) Hidden
CORSAIR iCUE Software (HKLM-x32\…\{10730A22-FBFF-43C4-92EA-1583832711B4}) (Version: 3.37.140 – Corsair)
Cyberduck (HKLM\…\{FD14D6A7-844D-4253-97BE-4BA8370AB4C6}) (Version: 7.8.2.34203 – iterate GmbH) Hidden
Cyberduck (HKLM-x32\…\{2159f06f-36c3-4105-8668-3d62bc4c8859}) (Version: 7.8.2.34203 – iterate GmbH)
DiagnosticsHub_CollectionService (HKLM\…\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 – Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Discord) (Version: 0.0.309 – Discord Inc.)
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\…\{F878746A-C5F7-420A-A672-4DFEF74ADC3A}) (Version: 6.2.0.0 – Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\…\{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Version: 1.1.298.0 – Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\…\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
Excel (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 – Excel)
Git version 2.30.0.2 (HKLM\…\Git_is1) (Version: 2.30.0.2 – The Git Development Community)
GitKraken (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\gitkraken) (Version: 7.5.0 – Axosoft, LLC)
Google Chrome (HKLM-x32\…\Google Chrome) (Version: 91.0.4472.124 – Google LLC)
Guitar Rig 6 (HKLM\…\Guitar Rig 6 Pro_is1) (Version: 6.1.1 – Native Instruments & Team V.R)
icecap_collection_neutral (HKLM-x32\…\{1036893D-9917-4E70-B96C-8D72A2B224BC}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\…\{289873DF-80D0-4D7D-8068-D25D342A26FA}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\…\{D2B4539C-173B-4B8D-A021-E22E9566BC24}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\…\{38CE202D-7880-4101-9739-83619300EC58}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\…\{00000030-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.30.0.5 – Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\…\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 – Microsoft Corporation) Hidden
Kinect for Windows Speech Recognition Language Pack (en-AU) (HKLM-x32\…\{48CEC0A3-AE10-4EE3-AC62-76D3D58792E5}) (Version: 11.0.7400.336 – Microsoft Corporation)
Launcher Prerequisites (x64) (HKLM-x32\…\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 – Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\…\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2021.3.9205 – Logitech)
Malwarebytes version 4.4.2.123 (HKLM\…\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 – Malwarebytes)
MAMP & MAMP PRO 4.2.0 version 4.2.0 (HKLM-x32\…\{A62E77D4-9B74-4CA0-A254-EFE711F7A298}_is1) (Version: 4.2.0 – MAMP GmbH)
Messenger 97.11.116 (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 97.11.116 – Facebook, Inc.)
Microsoft .NET SDK 5.0.300 (x64) from Visual Studio (HKLM\…\{7D721068-4D31-4A38-B152-A4112C38708E}) (Version: 5.3.21.26805 – Microsoft Corporation)
Microsoft 365 Apps for enterprise – en-us (HKLM\…\O365ProPlusRetail – en-us) (Version: 16.0.14026.20308 – Microsoft Corporation)
Microsoft Edge (HKLM-x32\…\Microsoft Edge) (Version: 91.0.864.64 – Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\…\Microsoft EdgeWebView) (Version: 91.0.864.64 – Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\…\{E36FFC78-D25E-4962-872B-9CE0E50E62CD}) (Version: 17.5.1.1 – Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\OneDriveSetup.exe) (Version: 21.119.0613.0001 – Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4046646743-2370866350-3589897510-1005\…\OneDriveSetup.exe) (Version: 21.002.0104.0005 – Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4046646743-2370866350-3589897510-1006\…\OneDriveSetup.exe) (Version: 21.083.0425.0003 – Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\…\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 – Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM\…\{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Version: 15.0.1200.24 – Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2019 CTP2.2 (HKLM-x32\…\{725CC962-98BD-42C7-87D8-51C680FB1779}) (Version: 15.0.1200.24 – Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Teams) (Version: 1.3.00.34662 – Microsoft Corporation)
Microsoft Update Health Tools (HKLM\…\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 – Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\…\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 – Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable – x86 9.0.21022 (HKLM-x32\…\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 – Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable – 10.0.40219 (HKLM\…\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable – 10.0.40219 (HKLM-x32\…\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) – 11.0.61030 (HKLM-x32\…\{f9b04b37-35d5-4a19-a51b-fcf4a8734851}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) – 11.0.61030 (HKLM-x32\…\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.30501 (HKLM-x32\…\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40649 (HKLM-x32\…\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.40660 (HKLM-x32\…\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.30501 (HKLM-x32\…\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 – Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) – 12.0.40660 (HKLM-x32\…\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) – 14.28.29334 (HKLM-x32\…\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 – Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) – 14.24.28127 (HKLM-x32\…\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 – Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.55.2 – Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\…\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.10.2174.31177 – Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\…\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 – Mozilla)
Mozilla Maintenance Service (HKLM\…\MozillaMaintenanceService) (Version: 86.0.1 – Mozilla)
Next Level Racing Platform Manager 2.109.2011.16 (HKLM\…\{C08C3571-0FBF-4455-8BF2-7046409AE507}) (Version: 2.109.2011.16 – MotionSystems.eu)
Node.js (HKLM\…\{1B49F0F2-1F28-471C-BA3E-C3DBB3665BEA}) (Version: 0.12.14 – Node.js Foundation)
Notion 2.0.16 (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.16 – Notion Labs, Incorporated)
NVIDIA FrameView SDK 1.1.4923.29781331 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29781331 – NVIDIA Corporation)
NVIDIA GeForce Experience 3.22.0.32 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.22.0.32 – NVIDIA Corporation)
NVIDIA Graphics Driver 460.89 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 – NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.40 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 – NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\…\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 – NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\…\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20308 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\…\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20308 – Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\…\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14026.20246 – Microsoft Corporation) Hidden
Origin (HKLM-x32\…\Origin) (Version: 10.5.101.48500 – Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 – Outlook)
Paradox Launcher v2 (HKLM\…\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 – Paradox Interactive)
PowerPoint (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 – PowerPoint)
Promontory_GPIO Driver (HKLM-x32\…\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 – Advanced Micro Devices, Inc.) Hidden
psqlODBC_x64 (HKLM\…\{3F8971B0-061B-4163-9D3F-EA94151B2FCF}) (Version: 09.06.0504 – PostgreSQL Global Development Group)
Python 3.9.4 (64-bit) (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\{8a52f2bf-c3d0-4872-bc3d-61f6eab0cbf2}) (Version: 3.9.4150.0 – Python Software Foundation)
Python 3.9.4 Core Interpreter (64-bit) (HKLM\…\{1C17C2CE-B315-4C1C-885A-E37181C7368E}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 Development Libraries (64-bit) (HKLM\…\{CB856DD1-55A4-42B3-B676-73DDE515A589}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 Documentation (64-bit) (HKLM\…\{73524E2A-5D97-4CB8-8438-5FE8F9653F1C}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 Executables (64-bit) (HKLM\…\{EDBB67F1-B275-4AC6-9D32-0A033570A705}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 pip Bootstrap (64-bit) (HKLM\…\{1FDC7BC3-4CE5-4236-A8C2-0C4A7AFFDFA4}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 Standard Library (64-bit) (HKLM\…\{91ED5736-9D50-4991-87DC-CFB0492D1A22}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM\…\{4E0E4F08-ECD0-4737-ABFC-030B702AC2BF}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 Test Suite (64-bit) (HKLM\…\{F12FD64B-8964-4F40-8448-7FA3955C5AD6}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python 3.9.4 Utility Scripts (64-bit) (HKLM\…\{BBCC595F-93C2-4054-9565-8F4F19B3D706}) (Version: 3.9.4150.0 – Python Software Foundation) Hidden
Python Launcher (HKLM-x32\…\{BDD80906-41E0-43DB-8C65-D8BCCEB3A3F8}) (Version: 3.9.7400.0 – Python Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\…\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.42.526.2020 – Realtek)
Remote Mouse version 4.000 (HKLM-x32\…\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 4.000 – Remote Mouse)
Rhino 7 (HKLM\…\{21A8E9ED-1B91-42C3-8C0F-ECF0DE3C2C8E}) (Version: 7.3.21053.23031 – Robert McNeel & Associates) Hidden
Rhino 7 (HKLM-x32\…\{ea1f3dca-3045-4622-998a-fc35aeaafa8d}) (Version: 7.3.21053.23031 – Robert McNeel & Associates)
Rhino Installer Engine (HKLM\…\{FD6BB71B-2563-4191-9DC3-1CEB8DC8CD50}) (Version: 7.3.21053.23031 – Robert McNeel & Associates) Hidden
Rhinoceros 7 Language Pack Installer (en-US) (HKLM\…\{D2D611C6-C538-488B-B416-A86965B4AD87}) (Version: 7.3.21053.23031 – Robert McNeel & Associates) Hidden
SimHub version 7.3.2 (HKLM-x32\…\{019253FE-5A17-42BE-A6B8-D71A729FA5DE}_is1) (Version: 7.3.2 – Wotever)
Spotify (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\Spotify) (Version: 1.1.62.583.gdac868ed – Spotify AB)
STAR WARS™ Battlefront™ II (HKLM-x32\…\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.16162 – Electronic Arts)
STAR WARS™: Squadrons (HKLM-x32\…\{04e47f47-22cd-436d-a373-472125e7fcd6}) (Version: 1.0.9.35700 – Electronic Arts)
Steam (HKLM-x32\…\Steam) (Version: 2.10.91.91 – Valve Corporation)
Tableau 2020.4 (20204.21.0114.0916) (HKLM\…\{98A12BE9-601A-4248-A60F-01F347D81693}) (Version: 20.4.1644 – Tableau Software) Hidden
Tableau 2020.4 (20204.21.0114.0916) (HKLM-x32\…\{03a3fb07-5afb-4479-a29e-c2e4110b3ff0}) (Version: 20.4.1644 – Tableau Software)
Teams Machine-Wide Installer (HKLM-x32\…\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.26064 – Microsoft Corporation)
TypeScript SDK (HKLM-x32\…\{C34D7309-4E94-4B6A-ABE8-C1EE566E9C1F}) (Version: 4.2.4.0 – Microsoft Corporation) Hidden
Ubisoft Connect (HKLM-x32\…\Uplay) (Version: 38.2 – Ubisoft)
Update for  (KB2504637) (HKLM-x32\…\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 – Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\…\{C1971FA7-C832-480E-91DC-21FBB0794C32}) (Version: 14.29.30037 – Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\…\11c06eb7) (Version: 16.10.31321.278 – Microsoft Corporation)
VLC media player (HKLM-x32\…\VLC media player) (Version: 3.0.11 – VideoLAN)
VS Immersive Activate Helper (HKLM-x32\…\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\…\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\…\{A4272808-82F5-410F-A5F9-1BF6F63F6B9A}) (Version: 16.0.102.0 – Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\…\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\…\{6F7948F9-8EED-4FA5-A1D9-7DD512A2CA26}) (Version: 16.10.31206 – Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\…\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\…\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\…\{F2362422-8A5F-473B-B793-E9592B1EA9FA}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\…\{3751D1CF-9A44-43D2-B4BB-80FA6E7925A8}) (Version: 16.10.31213 – Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\…\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\…\{8B6AE4FB-1E51-4BB4-B52C-CAC8A0340310}) (Version: 16.10.31206 – Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\…\{B0AA3BF6-3C13-4C9A-A043-4CEFBBE0A2D3}) (Version: 16.10.31206 – Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\…\{05CA3463-0B45-425D-9AF2-E1964AB85CBB}) (Version: 16.10.31303 – Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\…\{883D29E5-9A41-4C45-A192-C10B8078BF0C}) (Version: 16.10.31306 – Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\…\{E6B8D127-6C17-4E21-BA5C-B1D0C322BBA2}) (Version: 16.10.31320 – Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\…\{0916C6E1-6A0A-4887-9E00-D96FD44AFACE}) (Version: 16.10.31303 – Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\…\{9A9E968E-1C75-4B85-BCBF-D1E26D6F7A6B}) (Version: 16.10.31205 – Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\…\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 – Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\…\{634F7BE2-E181-4544-946F-B8BA774B9059}) (Version: 16.10.31206 – Microsoft Corporation) Hidden
WinSCP 5.17.9 (HKLM-x32\…\winscp3_is1) (Version: 5.17.9 – Martin Prikryl)
Word (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 – Word)
Zoom (HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\ZoomUMX) (Version: 5.5.4 (13142.0301) – Zoom Video Communications, Inc.)
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-01-20] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2021-02-28] (Adobe Systems Incorporated)
Age of Empires II: Definitive Edition -> C:\Program Files\WindowsApps\Microsoft.MSPhoenix_101.101.47820.0_x64__8wekyb3d8bbwe [2021-05-05] (Microsoft Studios)
F1 2019 PC GP -> C:\Program Files\WindowsApps\CodemastersSoftwareCompan.F12019PCGP_1.66.9979.0_x64__4cfye3zbe1gaw [2021-01-03] (Codemasters Software Company Limited)
Forza Horizon 4 -> C:\Program Files\WindowsApps\Microsoft.SunriseBaseGame_1.472.937.2_x64__8wekyb3d8bbwe [2021-07-01] (Microsoft Studios)
Forza Horizon 4 Formula Drift Car Pack -> C:\Program Files\WindowsApps\Microsoft.FormulaDriftCarPack_1.0.3.2_neutral__8wekyb3d8bbwe [2021-02-15] (Microsoft Studios)
Forza Motorsport 7 -> C:\Program Files\WindowsApps\Microsoft.ApolloBaseGame_1.174.4791.2_x64__8wekyb3d8bbwe [2020-12-30] (Microsoft Studios)
Forza Motorsport 7 Hoonigan Car Pack -> C:\Program Files\WindowsApps\Microsoft.ForzaMotorsport7PreorderBonus_1.3.3.2_neutral__8wekyb3d8bbwe [2020-12-30] (Microsoft Studios)
freda epub ebook reader -> C:\Program Files\WindowsApps\5957Turnipsoft.freda_4.39.4.0_x64__ypmq2qh89vmny [2021-06-24] (Turnipsoft)
LIFX -> C:\Program Files\WindowsApps\LIFX.LIFXAllJoyn_1.8.7.0_x64__12cgvk5sr8bq2 [2021-06-07] (LIFX)
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.17.3.0_x64__8wekyb3d8bbwe [2021-06-19] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-12-25] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]
No Man’s Sky -> C:\Program Files\WindowsApps\HelloGames.NoMansSky_3.53.8275.0_x64__bs190hzg1sesy [2021-06-17] (Hello Games)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-04] (NVIDIA Corp.)
Prison Architect UWP -> C:\Program Files\WindowsApps\ParadoxInteractive.PrisonArchitectUWP_1.0.39.0_x64__zfnrdv2de78ny [2021-06-30] (Paradox Interactive)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4046646743-2370866350-3589897510-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-0AD74CA922A7} -> [Creative Cloud Files] => C:\Users\Pasath\Creative Cloud Files [2021-01-20 10:57]
CustomCLSID: HKU\S-1-5-21-4046646743-2370866350-3589897510-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Pasath\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4046646743-2370866350-3589897510-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Pasath\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-4046646743-2370866350-3589897510-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-07] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-02-18] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-07-07] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Pasath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\Pasath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\Pasath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\Pasath\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  –profile-directory=Default –app-id=hikhggiobiflkdfdgdajcfklmcibbopi
==================== Loaded Modules (Whitelisted) =============
2020-12-29 20:25 – 2020-12-29 20:25 – 000357376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-12-29 20:05 – 2020-12-29 20:05 – 000760832 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-12-29 20:05 – 2020-12-29 20:05 – 000744960 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-12-29 20:04 – 2020-12-29 20:04 – 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-12-29 20:05 – 2020-12-29 20:05 – 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-12-29 20:04 – 2020-12-29 20:04 – 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-12-29 20:04 – 2020-12-29 20:04 – 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2021-07-07 20:40 – 2021-07-07 20:40 – 000005120 _____ () [File not signed] C:\Users\Pasath\AppData\Local\Temp\ForceSeatPM_Main-kXPFZX\output.dll
2020-12-29 21:55 – 2020-12-29 21:55 – 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-12-29 21:55 – 2020-12-29 21:55 – 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2020-12-29 01:48 – 2019-04-19 17:12 – 001391104 _____ (Remote Mouse) [File not signed] C:\Program Files (x86)\Remote Mouse\windows_api.dll
2020-11-15 14:51 – 2020-11-15 14:51 – 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2019-12-21 19:53 – 2019-12-21 19:53 – 001276928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\LIBEAY32.dll
2019-12-21 19:53 – 2019-12-21 19:53 – 000276992 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\ssleay32.dll
2020-12-29 22:19 – 2020-12-29 22:19 – 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-12-29 22:19 – 2020-12-29 22:19 – 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-12-29 20:04 – 2020-12-29 20:04 – 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-12-29 20:04 – 2020-12-29 20:04 – 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-12-29 22:19 – 2020-12-29 22:19 – 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-06-30 19:18 – 2020-12-29 22:19 – 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-06-30 19:18 – 2020-12-29 22:19 – 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-06-30 19:18 – 2020-12-29 22:19 – 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-06-30 19:18 – 2020-12-29 22:19 – 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-06-30 19:18 – 2020-12-29 22:19 – 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-06-30 19:18 – 2020-12-29 22:19 – 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-10-11 07:22 – 2020-10-11 07:22 – 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\imageformats\qgif.dll
2020-10-11 07:21 – 2020-10-11 07:21 – 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\imageformats\qico.dll
2020-10-11 07:23 – 2020-10-11 07:23 – 000365568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\imageformats\qjpeg.dll
2020-10-11 07:25 – 2020-10-11 07:25 – 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\imageformats\qsvg.dll
2020-10-11 07:24 – 2020-10-11 07:24 – 001176576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\platforms\qwindows.dll
2020-10-11 07:11 – 2020-10-11 07:11 – 005107200 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Core.dll
2020-10-11 07:16 – 2020-10-11 07:16 – 005193728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Gui.dll
2020-10-11 07:15 – 2020-10-11 07:15 – 000994816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Network.dll
2020-10-11 07:30 – 2020-10-11 07:30 – 003113984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Qml.dll
2020-10-11 07:33 – 2020-10-11 07:33 – 003112448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Quick.dll
2020-10-11 07:25 – 2020-10-11 07:25 – 000254976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Svg.dll
2020-10-11 07:20 – 2020-10-11 07:20 – 004416000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Widgets.dll
2020-10-11 07:12 – 2020-10-11 07:12 – 000149504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\Qt5Xml.dll
2020-10-11 07:23 – 2020-10-11 07:23 – 000122880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Next Level Racing\Platform Manager\styles\qwindowsvistastyle.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=”Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=”Service”
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 – Adobe Acrobat Create PDF Toolbar – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-12-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-05-29] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\sharepoint.com -> hxxps://studentutsedu-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 19:14 – 2019-12-07 19:12 – 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2021-02-07 20:20 – 2021-07-07 19:35 – 000000444 _____ C:\Windows\system32\drivers\etc\hosts.ics
92.168.137.1 DESKTOP-97O75D8.mshome.net # 2026 3 2 3 10 30 45 185
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pasath\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\240060.jpg
HKU\S-1-5-21-4046646743-2370866350-3589897510-1005\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4046646743-2370866350-3589897510-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\nadin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\rose_books_texts_119588_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\…\StartupApproved\Run: => “SecurityHealth”
HKLM\…\StartupApproved\Run32: => “TeamsMachineInstaller”
HKLM\…\StartupApproved\Run32: => “Adobe Creative Cloud”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\StartupApproved\Run: => “EpicGamesLauncher”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\StartupApproved\Run: => “LGHUB”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\StartupApproved\Run: => “com.squirrel.Teams.Teams”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\StartupApproved\Run: => “Spotify”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\StartupApproved\Run: => “Steam”
HKU\S-1-5-21-4046646743-2370866350-3589897510-1001\…\StartupApproved\Run: => “Facebook.MessengerDesktop”
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{28AEF2D8-4627-43A5-9420-D2C0015EC38E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C542B00A-A430-4954-8120-AF401927C133}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3D5E1D67-2216-4232-A72D-661E61F0F0A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E245A781-A68D-46F3-9BA0-449CC1304A1A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{EC2F4D1A-33F0-4BC3-8CFC-F2D7311FE2BE}C:\users\pasath\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pasath\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{6DC0B4E5-6014-4701-B124-A2BFC12620ED}C:\users\pasath\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pasath\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BE453046-8A66-4939-BE3D-8592763C1449}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{FE1CF638-A4DF-4AF1-ABA6-889DDB9C5A02}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{C8A0AB17-9788-45F1-8494-E9921593CF64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CD63375A-DE57-4F2C-88A4-1574E25A98DF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BB1376F4-F9DB-45F9-8A35-C41515A14D08}C:\program files (x86)\origin games\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\origin games\star wars squadrons\starwarssquadrons.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [UDP Query User{9599AF82-F246-43EF-A7E0-735A0D9B6378}C:\program files (x86)\origin games\star wars squadrons\starwarssquadrons.exe] => (Allow) C:\program files (x86)\origin games\star wars squadrons\starwarssquadrons.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{1FB60EEA-09C4-4D7D-9366-E5821513D92F}] => (Allow) A:\SteamLibrary\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{395A78BB-566E-4BE5-BC7E-F0D059FB9BB4}] => (Allow) A:\SteamLibrary\steamapps\common\Assassins Creed Odyssey\ACOdyssey.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{6C18D35E-F9BE-47F7-91BA-BCB588B7DAD6}] => (Allow) A:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{7F1F0A26-B275-4777-8A36-63207DBCC20C}] => (Allow) A:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{05A4E243-BA62-450B-89AA-E81FABF5688B}A:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) A:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe () [File not signed]
FirewallRules: [UDP Query User{A3F2DE1C-FF39-4055-A1CE-A52885AF046C}A:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe] => (Allow) A:\program files\modifiablewindowsapps\halomcc\mcc\binaries\win64\mcc-win64-shipping-winstore.exe () [File not signed]
FirewallRules: [TCP Query User{C38E2E04-6135-487F-989F-998D22340556}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{ECC731D7-E779-4440-B976-D110ABB7666F}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{49D67567-9285-4F04-834C-3DAA6397BFBE}] => (Allow) A:\SteamLibrary\steamapps\common\PGA TOUR 2K21\golf.exe () [File not signed]
FirewallRules: [{F787015A-FADF-4D8E-B7E0-814887E6C383}] => (Allow) A:\SteamLibrary\steamapps\common\PGA TOUR 2K21\golf.exe () [File not signed]
FirewallRules: [TCP Query User{8BBC3C93-7A08-4E0D-A2A8-D1C39CCB1198}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{B4D562F8-A728-454A-859F-E27EAF4FF299}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{1B8677D5-FBAB-4EC1-B5F9-C992CF6FD91E}] => (Allow) C:\Program Files (x86)\SimHub\SimHubWPF.exe () [File not signed]
FirewallRules: [{EC935030-FD09-4A2D-9911-015C917F6A70}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Squadrons\starwarssquadrons_launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{27DFF0F5-8F2C-4250-8220-DD9A0E2015B9}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Squadrons\starwarssquadrons_launcher.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [TCP Query User{873DCC0C-69FD-4A42-9818-BDEF4F1AA572}C:\xampp\apache\bin\httpd.exe] => (Block) C:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [UDP Query User{7774A7B4-8D5E-46F4-AC9C-57CCB432D252}C:\xampp\apache\bin\httpd.exe] => (Block) C:\xampp\apache\bin\httpd.exe => No File
FirewallRules: [TCP Query User{F78A0DAD-8862-41CC-B378-957695B20D6B}C:\program files (x86)\brackets\node.exe] => (Block) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [UDP Query User{123F15D8-2B11-46D8-ABA6-8B3C7CD3265D}C:\program files (x86)\brackets\node.exe] => (Block) C:\program files (x86)\brackets\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [{7454C68F-D90F-4171-B184-7368BB5DB799}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{106AB12E-D3F2-4FAA-8596-3CBFAABFD085}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{1B352F12-3792-4C92-93B2-A57CBFCD711D}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{B66E8B5C-B080-4952-83B9-FEE250B72B21}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{782C3D84-47EE-4490-B688-35E14F1848FC}C:\users\pasath\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\pasath\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [UDP Query User{74EA81FF-D804-40FE-824B-582F179BD7AB}C:\users\pasath\appdata\local\programs\messenger\messenger.exe] => (Allow) C:\users\pasath\appdata\local\programs\messenger\messenger.exe (Facebook, Inc. -> Facebook, Inc.)
FirewallRules: [{B6AD8576-6E1E-4510-8819-ACC5EB8C7460}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A3DBB151-1CEB-46D2-912F-FDF870DCF979}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B76AD361-C538-470A-88A1-2D3E061D0CAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DF2213A3-6568-498B-AFFD-699AF3D81200}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{B290ADB2-4AF4-4CA3-BEE7-196B548920FD}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe => No File
FirewallRules: [UDP Query User{E9B4F951-B284-4020-A8A7-4A40789BEA8F}C:\xampp\mysql\bin\mysqld.exe] => (Block) C:\xampp\mysql\bin\mysqld.exe => No File
FirewallRules: [TCP Query User{1B8EC05B-5C64-426D-92E3-4805245F74B4}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{F0D73998-2842-41DB-BAF2-537C18B89FD7}C:\mamp\bin\apache\bin\httpd.exe] => (Allow) C:\mamp\bin\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{55424F1D-3305-44C0-8A32-97D6683C7EC9}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{2F6640FC-964B-4004-9537-C834BACC9537}C:\mamp\bin\mysql\bin\mysqld.exe] => (Allow) C:\mamp\bin\mysql\bin\mysqld.exe () [File not signed]
FirewallRules: [{A2AB05B9-6BBB-463F-925C-2BDD5A525115}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2D9F0DA6-7CC5-47D7-AE1E-D735C6965A1B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{E146FB11-4914-45F0-BDAB-F4DD9E238A59}] => (Allow) A:\SteamLibrary\steamapps\common\F1 2018\F1_2018.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [{C4680713-3BDF-468A-A760-4DE2E36E907B}] => (Allow) A:\SteamLibrary\steamapps\common\F1 2018\F1_2018.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [{FDF7B492-5B79-45BD-ADB5-4B3FE6C6B19A}] => (Allow) C:\Users\Pasath\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CA3E31E4-FC77-497F-8B4F-2F2385255B59}] => (Allow) C:\Users\Pasath\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{345DE735-763F-4C72-B668-571DC4938EBE}] => (Allow) C:\Users\Pasath\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{14819A6D-519E-4501-84E7-8B02E574EE20}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37590DE4-E68C-4F59-A048-A65F985CDD5B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{10C995AB-D023-46CA-9C83-9344F43D163F}C:2\flightsimulator.exe] => (Block) C:2\flightsimulator.exe => No File
FirewallRules: [UDP Query User{0F4859BD-2858-4BF2-AFAE-356BF68ABAC1}C:2\flightsimulator.exe] => (Block) C:2\flightsimulator.exe => No File
FirewallRules: [{E6F7AF83-E7E0-40AA-B341-51E1B5566166}] => (Allow) A:\SteamLibrary\steamapps\common\F1 2020\F1_2020_dx12.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [{E6ACD133-8FC4-4724-BBDE-05A68AF7EEED}] => (Allow) A:\SteamLibrary\steamapps\common\F1 2020\F1_2020_dx12.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [{FA2E7857-B774-4344-9A50-CDB14C68D45E}] => (Allow) A:\SteamLibrary\steamapps\common\F1 2020\F1_2020.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [{E7715A64-B7CC-4045-A2F5-4DBF58501E50}] => (Allow) A:\SteamLibrary\steamapps\common\F1 2020\F1_2020.exe (Codemasters Software Company Limited) [File not signed]
FirewallRules: [TCP Query User{FC59EFF9-A8C9-42C4-B462-A8ADA19EE3C0}A:\snowrunner\en_us\sources\bin\snowrunner.exe] => (Block) A:\snowrunner\en_us\sources\bin\snowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [UDP Query User{57500507-B3B6-41BC-99A6-7AA0F657DAA1}A:\snowrunner\en_us\sources\bin\snowrunner.exe] => (Block) A:\snowrunner\en_us\sources\bin\snowrunner.exe (Focus Home Interactive S.A -> Focus Home Interactive)
FirewallRules: [TCP Query User{6C9C94FA-788A-42AC-85AD-2FC65DE7A53C}C:7\flightsimulator.exe] => (Allow) C:7\flightsimulator.exe => No File
FirewallRules: [UDP Query User{5B7500C6-5E00-4253-964D-D52F3F90D2F6}C:7\flightsimulator.exe] => (Allow) C:7\flightsimulator.exe => No File
FirewallRules: [{AA087F59-BD5F-4045-BFA1-6E61A1391D35}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{4616A7E9-4BA9-4B8D-8D33-E40C0D684D97}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe (remotemouse.net) [File not signed]
FirewallRules: [{10F8D6C0-BEF7-4121-9CD8-A65D7E05EDFD}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{E79F21EF-B372-441C-BE8E-790B3219F6D8}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe (RemoteMouse.net) [File not signed]
FirewallRules: [{EC25C457-C852-4307-9DCC-131EACCB833C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{743D0A9F-D877-4A3A-914B-13D19C98BC21}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{607D9843-21FF-47D5-8070-48A672695A5B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B37D4AC1-F9C3-446D-A741-1DE91964B1CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B0A5D326-B1CF-4C0C-8A4F-6D458B55E018}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{51AC52C0-0A83-4598-91B7-8D40BB207E53}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{170985C7-E730-4803-B332-426C1066DF2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D138627-B9F6-4C30-8579-475E4A0B78C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{470643E2-A8AC-47E0-BF16-76F4C783B2F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FC70D57C-910D-4EAA-B962-BD63F32918BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4B23789D-8288-49B2-9D4B-D2EE5AE328D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{520C57DE-7A9F-4B95-9C68-745C9AEDAD90}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0E702018-8F00-4E88-97C8-2BB22B3DBF4C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.64\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9723321-66F6-40B2-AA9D-675DE0F971AB}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{87B5AFBC-7C77-400B-8721-AF08EFC3DD5D}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
25-06-2021 03:01:10 Scheduled Checkpoint
30-06-2021 22:23:58 Installed Node.js
01-07-2021 23:16:39 Installed Node.js
06-07-2021 10:02:48 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/07/2021 10:56:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Brackets.exe, version: 1.14.2.0, time stamp: 0x5e82f6b5
Faulting module name: libcef.dll, version: 3.2623.1401.0, time stamp: 0x5af14176
Exception code: 0x80000003
Fault offset: 0x00199179
Faulting process ID: 0x36bc
Faulting application start time: 0x01d7732f79c783fa
Faulting application path: C:\Program Files (x86)\Brackets\Brackets.exe
Faulting module path: C:\Program Files (x86)\Brackets\libcef.dll
Report ID: cfbb53d7-951b-4d37-9cc7-095d9b7a5e97
Faulting package full name: 
Faulting package-relative application ID:
Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 1.0.7.F.E.9.4.6.E.E.C.1.F.5.C.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-97O75D8-2.local.
Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353   23 1.0.7.F.E.9.4.6.E.E.C.1.F.5.C.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR DESKTOP-97O75D8.local.
Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   25 11.1.168.192.in-addr.arpa. PTR DESKTOP-97O75D8-2.local.
Error: (07/07/2021 08:40:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353   23 11.1.168.192.in-addr.arpa. PTR DESKTOP-97O75D8.local.
Error: (07/07/2021 08:40:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-97O75D8.local already in use; will try DESKTOP-97O75D8-2.local instead
Error: (07/07/2021 08:40:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 DESKTOP-97O75D8.local. Addr 192.168.1.11
Error: (07/07/2021 08:40:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.11:5353   16 DESKTOP-97O75D8.local. AAAA FD44:C346:801D:7F00:3C5F:1CEE:649E:F701
System errors:
=============
Error: (07/07/2021 08:40:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
A system shutdown is in progress.
Error: (07/07/2021 08:39:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
A system shutdown is in progress.
Windows Defender:
================
Date: 2021-07-05 19:25:56
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/SilentCleanupUACBypass.B
Severity: Severe
Category: Suspicious Behaviour
Path: behavior:_pid:13748:157999162968573; process:_pid:13748,ProcessStart:132699507467359969
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.343.424.0, AS: 1.343.424.0, NIS: 1.343.424.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4
Date: 2021-07-05 19:25:56
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/SilentCleanupUACBypass.B
Severity: Severe
Category: Suspicious Behaviour
Path: behavior:_pid:13748:157999162968573; process:_pid:13748,ProcessStart:132699507467359969
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: Unknown
Process Name: Unknown
Security intelligence Version: AV: 1.343.424.0, AS: 1.343.424.0, NIS: 1.343.424.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4
Date: 2021-07-05 19:25:56
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Behavior:Win32/UACBypassExp.ZI
Severity: Severe
Category: Suspicious Behaviour
Path: behavior:_pid:13748:63445193320407; process:_pid:13748,ProcessStart:132699507467359969; regkeyvalue:[email protected]\ENVIRONMENT\\windir
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.343.424.0, AS: 1.343.424.0, NIS: 1.343.424.0
Engine Version: AM: 1.1.18300.4, NIS: 1.1.18300.4
Date: 2021-07-04 23:18:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-07-03 03:07:41
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-07-06 23:26:36
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.343.424.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18300.4
Error code: 0x80245006
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
Date: 2021-06-29 18:55:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.25.0
Previous security intelligence Version: 1.341.1603.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
Date: 2021-06-29 18:55:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.343.25.0
Previous security intelligence Version: 1.341.1603.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
Date: 2021-06-29 18:55:20
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18300.4
Previous Engine Version: 1.1.18200.4
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
CodeIntegrity:
===============
Date: 2021-07-07 23:38:42
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info =========================== 
BIOS: American Megatrends Inc. A.40 10/29/2020
Motherboard: Micro-Star International Co., Ltd. MAG B550 TOMAHAWK (MS-7C91)
Processor: AMD Ryzen 5 5600X 6-Core Processor 
Percentage of memory in use: 49%
Total physical RAM: 16310.23 MB
Available physical RAM: 8171.81 MB
Total Virtual: 18742.23 MB
Available Virtual: 6161.32 MB
==================== Drives ================================
Drive a: (Storage space) (Fixed) (Total:929.87 GB) (Free:463.34 GB) NTFS
Drive c: () (Fixed) (Total:476.33 GB) (Free:106.42 GB) NTFS
\\?\Volume{88fc7838-9216-48d4-8493-d63f65832538}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{d4254ab3-3e05-7338-9ede-92af589098f5}\ () (Fixed) (Total:42.14 GB) (Free:0 GB) NTFS
\\?\Volume{809cacdc-fba7-c4a2-aaf1-24f87a59cde9}\ () (Fixed) (Total:11.2 GB) (Free:0 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{9edf256d-2173-9bd6-5e4b-a6f2756c24f3}\ () (Fixed) (Total:1.64 GB) (Free:0 GB) NTFS
\\?\Volume{e13a6857-7c48-65d6-5d51-3391bc089caf}\ () (Fixed) (Total:20.72 GB) (Free:0 GB) NTFS
\\?\Volume{4c4c3351-e238-e9eb-7c90-ae17745024c5}\ () (Fixed) (Total:0.55 GB) (Free:0 GB) NTFS
\\?\Volume{22b95a43-09ae-4da9-a274-67ec19f49315}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 8.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 9.
==================== End of Addition.txt =======================

Source of this news: https://www.bleepingcomputer.com/forums/t/754475/proxy-virus-time-httplocalhost8000;httpslocalhost8000/

Related posts:

Privacy Policy : Trending stories on Indian Lifestyle, Culture, Relationships, Food, Travel, Enterta...
Last Reviewed Date: 01/10/2021 This Privacy Policy (“Policy”) describes the information which Times Internet Limited (“We”, “Us”, “Our” “Services”, “Company”) collects from you when you download, acc...
Amazon Prime Video VPN error still troubling users despite being fixed - PiunikaWeb
Amazon Prime Video is among the top streaming services across the globe. It is offered both as part of the Prime subscription and a standalone service. While Prime Video has a pretty decent user base...
Genetic variation for upper thermal tolerance diminishes within and between populations with increas...
Agrawal AF, Stinchcombe JR (2009) How much do genetic covariances alter the rate of adaptation? Proc Biol Sci 276:1183–1191PubMed  PubMed Central  Google Scholar  Aitken SN, Whitlock ...
The many benefits of Direct LDAP/MFA Integration you would like to Security Boulevard
The particular multi-factor authentication (MFA) tool needs to communicate immediately with your central directory to help facilitate seamless logins and straightforward management. For organiza...
How To Watch Geo-Restricted Content Anywhere? - Qrius
Preventing someone from accessing a particular website based on their geographic location is called geo-blocking. VoD services often block users from accessing their content based on their geographic...
Top 8 Ways to Fix Microsoft Store Freezing on Windows 10 - Guiding Tech
The issue mostly occurs when the user selects Settings or clicks on Downloads and updates to check app updates on the Store.While Microsoft is aware of the issue, Microsoft Store is being re...
2022-04-25 | TSXV:PDM | Press Release | Palladium One Mining Inc - Stockhouse
1.1 Million Ounces Total Precious Metals, 111 Million Pounds Copper, 92 Million Pounds Nickel and 5 Million Pounds Cobalt in Indicated AND 1.1 million Ounces Total Precious Metals, 173 Million Pounds...
What Is a Server and What Do Servers Do? - Server Watch
Servers are high-powered computers built to store, process, and manage network data, devices, and systems. From a bird’s eye view, servers are the engines powering organizations by providing network ...
Microsoft has acquired Peer5 WebRTC-based eCDN for Microsoft Teams - Tom Talks Containing
Interesting news in the Msft Teams space, Microsoft offers you acquired Peer5, a WebRTC-based eCDN (Enterprise Content Delivering Network) solution that costs in-browser. The terms of the optio...
Previous Competitor Analysis Via Proxies - Aviation Analysis Wing
They say one sure way to thrive in business is by staying ahead of your competitors. However, how do you stay ahead of your competitors if you don’t know what they are doing? Competitor analysis...
Cloudflare: Life on the Bleeding Beginning - InvestorPlace
Owning Cloudflare (NYSE: NET ) stock is life on your bleeding edge of method, security and fast ingredients delivery. It’s exciting. It is actually wildly profitable, but other also an ar...
How AI & proxies drive web scraping - www.computing.co.uk
As public online data acquisition becomes increasingly important to decision-making, AI, web scraping and proxies will continue to find their way into business activities. While the inclusion of AI i...
Fieldbus Gateway Market to Witness Growth Acceleration | Moxa, Antaira Technologies, ProSoft Technol...
“  Get Sample Report Buy Complete Report Fieldbus Gateway Market research is an intelligence report with meticulous efforts undertaken to study the right and valuable information. The data whi...
Take care of Power BI Desktop logon issues - TWCN Icon News
Power BI is one of the most popular Visual images tools created by Microsoft. It is really powerful and is a great ally for almost all businesses. Nevertheless , according to many users, they are ...
'Tropic Trooper' Reemerges to Target Trains Outfits - Threatpost
The governor of your personal data is going to Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the finalizing of personal data can be found in one of the privacy ....
What kind of a beast are Residential Proxies? - PC-Tablet
Like most proxies, residential proxies act as an intermediary between a users’ device and the internet. They transfer requests from the user to the web and responses back from the web to the user. T...
Meet WINTR, the all-in-one web scraping API - WindowsReport.com
by Teodor Nechita Software Managing Editor Eager to help those in need, Teodor writes articles daily on subjects regarding Windows, Xbox, and all things tech-related. When not working, y...
A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries - The Hacker News
A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japa...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30