Posted 25 April 2021 – 11:50 AM

Hiya,
 
Yesterday, I observed the next Avast BehaviorShield warning popup:

 
Provided that I didn’t carry out a scan myself, and that the next menace popped up whereas I used to be not actively at my laptop, I assume Avast should have detected an motion occurring within the background. Whereas the warning above mentions the supply being Home windows’ PowerShell, I didn’t have one actively open myself, which implies that another program should have tried to run a command by way of PowerShell/cmd.

The file in query, “UNINSTALLEXCHANGE.PS1”, appears to have been situated within the /SETUP folder of my Avast set up, though I presently can’t discover it in there anymore. Maybe Avast deleted it from there upon issuing the warning? Given the title of the file, it seems like some program tried to uninstall Avast, though I would after all be flawed.

I’ve, after all, tried to already search on Google to seek out additional data on my scenario, however sadly haven’t discovered a lot. The one related hyperlink I discovered is the next: https://discuss.elastic.co/t/kv-filter-dont-split-on-field-split-pattern-once/165431, the place somebody (suspiciously?) appears to need to run a sure command utilizing PowerShell on the aforementioned file. Nonetheless, given the quick excerpt of their code, I can’t come to a conclusion on what precisely it’s they tried to do. (Or, reasonably, as a substitute of trying to run a command they appear to need to parse a log that appears suspiciously just like the warning on my machine, however that is all I can work out from there…)

I might maybe have put it apart as a false constructive, however the truth that one thing occurred within the location Avast itself was put in in, with out my information, appears considerably worrying.
 
Thus far, I’ve ran the next scans:
– Full Avast scan: No threats detected.
– Full Home windows Defender Scan: Surprisingly, it appears to have detected 3 threats (buxsC0q.png), however much more surprisingly, I am unable to appear to have the ability to see them, provided that the menace historical past is empty (tUXKJgv.png). Nonetheless, because it seems, they’re listed because of FRST — All three of them have been simply PUPs, and at that, PUPs that I hadn’t executed in years, and of which I’m 99.9% positive that they are innocent (They have been primarily product key turbines for stuff like JetBrains, which I as soon as used as a teen over half a decade in the past. Surprisingly sufficient, I bear in mind them working. Nevertheless it’s to no shock that they get detected as PUPs.)
– Home windows Defender Offline scan: Provided that I’ve not acquired any notification on reboot, I assume no threats have been detected.
– Full Malwarebytes scan: No threats detected.
– TDSSKiller: Nothing detected.
 
I’ve additionally tried to seek out Avast logs relating to the Habits Defend, however plainly they do not exist, or on the very least I’m unable to seek out them.
Lastly, I tried to seek out logs relating to the utilization of PowerShell, however I’m sadly not well-versed sufficient to find such data. The one data that may be related is as follows: Within the Home windows Occasion Viewer, below “Applications and Services Logs/Microsoft/Windows/PowerShell/Operational/”, I discovered a “PowerShell Console Startup” occasion that may match the timing of the Avast warning, though I am unable to inform for positive provided that Avast apparently did not go away any logs. The small print below the occasion look as follows:

<Occasion >
<System>
  <Supplier Title="Microsoft-Windows-PowerShell" Guid="{a0c1853b-5c40-4b15-8766-3cf1c58f985a}" /> 
  <EventID>40961</EventID> 
  <Model>1</Model> 
  <Degree>4</Degree> 
  <Activity>4</Activity> 
  <Opcode>1</Opcode> 
  <Key phrases>0x0</Key phrases> 
  <TimeCreated SystemTime="2021-04-24T13:18:38.0672859Z" /> 
  <EventRecordID>824</EventRecordID> 
  <Correlation ActivityID="{79918fd2-3531-0000-f610-a7793135d701}" /> 
  <Execution ProcessID="6832" ThreadID="15316" /> 
  <Channel>Microsoft-Home windows-PowerShell/Operational</Channel> 
  <Laptop>DESKTOP-F8Q1L6N</Laptop> 
  <Safety UserID="S-1-5-18" /> 
  </System>
  <EventData /> 
  </Occasion>

Which, sadly, doesn’t appear to include a ton of element. I’m uncertain whether it is doable to see the complete historical past of instructions executed on PowerShell, so I have not been capable of finding out extra up to now.
 
I additionally ran FRST, as specified within the Preparation Information, and acquired the next outcomes (Additionally connected to the publish, however because the Information stated to stick them, I’ll achieve this):
Scan results of Farbar Restoration Scan Instrument (FRST) (x64) Model: 17-04-2021
Ran by MY_USERNAME (administrator) on PC_NAME (25-04-2021 18:16:59)
Working from E:DataDownloads
Loaded Profiles: MY_USERNAME
Platform: Home windows 10 Professional Model 2004 19041.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Regular

==================== Processes (Whitelisted) =================

(If an entry is included within the fixlist, the method will probably be closed. The file won’t be moved.)

(Adobe Inc. -> Adobe Inc.) C:Program Information (x86)Frequent FilesAdobeARM1.0armsvc.exe
(Superior Micro Gadgets, Inc. -> Superior Micro Gadgets, Inc.) C:Program FilesAMDCNextCNextamdow.exe
(Superior Micro Gadgets, Inc. -> Superior Micro Gadgets, Inc.) C:Program FilesAMDCNextCNextAMDRSServ.exe
(Superior Micro Gadgets, Inc. -> Superior Micro Gadgets, Inc.) C:Program FilesAMDCNextCNextRadeonSettings.exe
(Superior Micro Gadgets, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryc0346830.inf_amd64_f723e13ffb3b2652B345901atieclxx.exe
(Superior Micro Gadgets, Inc. -> AMD) C:WindowsSystem32DriverStoreFileRepositoryc0346830.inf_amd64_f723e13ffb3b2652B345901atiesrxx.exe
(Avast Software program s.r.o. -> AVAST Software program) C:Programsaswidsagent.exe
(Avast Software program s.r.o. -> AVAST Software program) C:ProgramsaswToolsSvc.exe
(Avast Software program s.r.o. -> AVAST Software program) C:ProgramsAvastSvc.exe
(Avast Software program s.r.o. -> AVAST Software program) C:ProgramsAvastUI.exe <4>
(Avast Software program s.r.o. -> AVAST Software program) C:Programswsc_proxy.exe
(Canon Inc. -> CANON INC.) C:Program Information (x86)CanonIJ Community Scanner Selector EX2CNMNSST2.exe
(Flexera Software program LLC -> Flexera) C:Program FilesCommon FilesMacrovision SharedFlexNet PublisherFNPLicensingService64.exe
(Google LLC -> Google LLC) C:Program Information (x86)GoogleChromeApplicationchrome.exe <50>
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:Program FilesMalwarebytesAnti-Malwarembamtray.exe
(Microsoft Company -> Microsoft Company) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(Microsoft Company -> Microsoft Company) C:Program FilesMicrosoft OfficerootOffice16WINWORD.EXE
(Microsoft Company) C:Program FilesWindowsAppsMicrosoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbweCalculator.exe
(Microsoft Company) C:Program FilesWindowsAppsMicrosoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbweWinStore.App.exe
(Microsoft Company) C:Program FilesWindowsAppsMicrosoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbweMusic.UI.exe
(Microsoft Home windows -> Microsoft Company) C:WindowsImmersiveControlPanelSystemSettings.exe
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32CompatTelRunner.exe
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32dllhost.exe <4>
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32oobeUserOOBEBroker.exe
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32smartscreen.exe
(Microsoft Home windows -> Microsoft Company) C:WindowsSystem32Taskmgr.exe
(Microsoft Home windows Writer -> Microsoft Company) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2103.7-0MsMpEng.exe
(Notepad++ -> Don HO don.h@free.fr) C:ApplicationsNotepad++notepad++.exe
(Razer USA Ltd. -> Razer Inc.) C:Program Information (x86)RazerSynapseRzSynapse.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe
(Spotify AB -> Spotify Ltd) C:UsersMY_USERNAMEAppDataRoamingSpotifySpotify.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included within the fixlist, the registry merchandise will probably be restored to default or eliminated. The file won’t be moved.)

HKLM…Run: [AvastUI.exe] => C:ProgramsAvLaunch.exe [118496 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
HKLM…Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32…Run: [IJNetworkScannerSelectorEX2] => C:Program Information (x86)CanonIJ Community Scanner Selector EX2CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.)
HKLM-x32…Run: [] => [X]
HKLM-x32…Run: [Razer Synapse] => C:Program Information (x86)RazerSynapseRzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32…Run: [TeamsMachineUninstallerLocalAppData] => C:UsersMY_USERNAMEAppDataLocalMicrosoftTeamsUpdate.exe [2453720 2021-04-23] (Microsoft third Social gathering Utility Element -> Microsoft Company)
HKLM-x32…Run: [TeamsMachineUninstallerProgramData] => %ProgramDatapercentMicrosoftTeamsUpdate.exe –uninstall –msiUninstall –source=default
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [Discord] => C:UsersMY_USERNAMEAppDataLocalDiscordUpdate.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [Spotify] => C:UsersMY_USERNAMEAppDataRoamingSpotifySpotify.exe [23839816 2021-04-19] (Spotify AB -> Spotify Ltd)
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [Steam] => C:ApplicationsSteamsteam.exe [3412696 2021-02-13] (Valve -> Valve Company)
HKUS-1-5-21-848354871-4184821791-1569574031-1001…Run: [utweb] => C:UsersMY_USERNAMEAppDataRoaminguTorrent Webutweb.exe [5649952 2021-02-04] (BitTorrent Inc -> BitTorrent Inc.)
HKLM…Home windows x64Print ProcessorsCanon TR7500 collection Print Processor: C:WindowsSystem32spoolprtprocsx64CNMPDDM.DLL [482816 2019-01-10] (Microsoft Home windows {Hardware} Compatibility Writer -> CANON INC.)
HKLM…PrintMonitorsCanon BJ FAX Language Monitor TR7500 collection: C:WINDOWSsystem32CNCALDM.DLL [254464 2019-01-28] (Microsoft Home windows {Hardware} Compatibility Writer -> CANON INC.)
HKLM…PrintMonitorsCanon BJ Language Monitor TR7500 collection: C:WINDOWSsystem32CNMLMDM.DLL [1302016 2019-01-10] (Microsoft Home windows {Hardware} Compatibility Writer -> CANON INC.)
HKLMSoftwareMicrosoftActive SetupInstalled Parts: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Information (x86)GoogleChromeApplication90.0.4430.85Installerchrmstp.exe [2021-04-23] (Google LLC -> Google LLC)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupNexon Launcher.lnk [2020-11-02]
ShortcutTarget: Nexon Launcher.lnk -> C:Program Information (x86)NexonNexon Launchernexon_launcher.exe (NEXON Korea Company. -> )
HKLMSOFTWAREPoliciesMozillaFirefox: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION

==================== Scheduled Duties (Whitelisted) ============

(If an entry is included within the fixlist, it will likely be faraway from the registry. The file won’t be moved until listed individually.)

Activity: {041ECEB4-9E33-42B3-A297-58FA8DBF5D45} – System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5255600 2021-04-22] (Microsoft Company -> Microsoft Company)
Activity: {0A785C81-6497-4E33-BC71-47906CD705FA} – System32TasksAdobe Acrobat Replace Activity => C:Program Information (x86)Frequent FilesAdobeARM1.0AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Activity: {1725BB1B-CBF3-4A8C-93D3-8E31C36E3B57} – System32Tasksnpcapwatchdog => C:Program FilesNpcapCheckStatus.bat [880 2020-09-25] () [File not signed]
Activity: {217EAE92-DDEF-449F-BFB0-6F61CC9EC376} – System32TasksStartDVR => C:Program FilesAMDCNextCNextRSServCmd.exe [68280 2019-08-16] (Superior Micro Gadgets, Inc. -> Superior Micro Gadgets, Inc.)
Activity: {38837FD3-64AF-4703-BB23-524F55F3CF46} – System32TasksGoogleUpdateTaskMachineCore => C:Program Information (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-02-27] (Google LLC -> Google LLC)
Activity: {3ABE1026-90CA-41D0-A452-DC33511CBFCB} – System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Company -> Microsoft Company)
Activity: {4900F689-00EC-4A00-A398-D51CA13E8923} – System32TasksMicrosoftOfficeOffice Characteristic Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [141160 2021-04-22] (Microsoft Company -> Microsoft Company)
Activity: {5149022E-189C-4B7B-92DF-58CF050F485B} – System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [5255600 2021-04-22] (Microsoft Company -> Microsoft Company)
Activity: {5DEE8F15-7019-4A07-B690-C7C963C259BB} – System32TasksStartCN => C:Program FilesAMDCNextCNextcncmd.exe [61112 2019-08-16] (Superior Micro Gadgets, Inc. -> Superior Micro Gadgets, Inc.)
Activity: {66E055E5-B7E4-4018-BC2E-55A9D852C85D} – System32TasksMicrosoftOfficeOffice Characteristic Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [141160 2021-04-22] (Microsoft Company -> Microsoft Company)
Activity: {8B27DD9E-D981-4D03-BD5F-2A94C000A53B} – System32TasksGoogleUpdateTaskMachineUA => C:Program Information (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-02-27] (Google LLC -> Google LLC)
Activity: {A5BCC9C9-67E0-4C37-AD0C-D864E5D3D9A5} – System32TasksMicrosoftOfficeOffice Subscription Upkeep => C:Program FilesMicrosoft OfficerootvfsProgramFilesCommonx64Microsoft SharedOffice16OLicenseHeartbeat.exe [1498000 2021-04-22] (Microsoft Company -> Microsoft Company)
Activity: {AB7A4CE1-E729-4CDA-98F7-38C73C699F0C} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Upkeep => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Home windows Writer -> Microsoft Company)
Activity: {AF4995B7-5AE9-4CC6-A05B-4B8028A0D911} – System32TasksMicrosoftOfficeOffice Automated Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Company -> Microsoft Company)
Activity: {B83829E4-BCE4-4CDC-B6EC-2E21097DC582} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Home windows Writer -> Microsoft Company)
Activity: {BD9EEE89-64CF-4542-A36E-867ADD1FE778} – System32TasksMicrosoftVisualStudioVSIX Auto Replace => C:Program Information (x86)Microsoft Visible StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceVSIXAutoUpdate.exe [207728 2020-04-06] (Microsoft Company -> )
Activity: {C262A357-D5D7-44EA-A012-F89675B9993D} – System32TasksAvast Emergency Replace => C:ProgramsAvEmUpdate.exe [4699872 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
Activity: {C54A1A79-BD9D-49D9-AC91-12520F8CE289} – System32TasksAvast SoftwareOverseer => C:Program FilesCommon FilesAVAST SoftwareOverseeroverseer.exe [1791712 2021-02-23] (Avast Software program s.r.o. -> Avast Software program)
Activity: {D46FFD87-758F-4246-B074-703A513D8DC7} – System32TasksMicrosoftVisualStudioUpdatesUpdateConfiguration_S-1-5-21-848354871-4184821791-1569574031-1001 => C:Program Information (x86)Microsoft Visible StudioInstallerresourcesappServiceHubServicesMicrosoft.VisualStudio.Setup.ServiceVSIXConfigurationUpdater.exe [23456 2020-04-06] (Microsoft Company -> Microsoft)
Activity: {E6F26828-AA26-4365-BA0A-C35D9A5DFB5D} – System32TasksMicrosoftOfficeOffice Serviceability Supervisor => C:Program FilesCommon FilesMicrosoft SharedClickToRunofficesvcmgr.exe [4061296 2021-04-07] (Microsoft Company -> Microsoft Company)
Activity: {EB09C41A-391E-4D0E-85F3-383E843709FA} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Home windows Writer -> Microsoft Company)
Activity: {EF65B00E-4EBE-409E-8AFA-F6DC3EEF20F5} – System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MpCmdRun.exe [566368 2021-04-24] (Microsoft Home windows Writer -> Microsoft Company)

(If an entry is included within the fixlist, the duty (.job) file will probably be moved. The file which is working by the duty won’t be moved.)

==================== Web (Whitelisted) ====================

(If an merchandise is included within the fixlist, if it’s a registry merchandise it will likely be eliminated or restored to default.)

TcpipParameters: [DhcpNameServer] 192.168.0.254
Tcpip..Interfaces{7d3bfb07-f44f-4a7f-aff5-f4750641e764}: [DhcpNameServer] 192.168.0.254

Edge:
=======
DownloadDir: C:UsersMY_USERNAMEDownloads
Edge Session Restore: HKUS-1-5-21-848354871-4184821791-1569574031-1001 -> is enabled.
Edge Extension: (No Title) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Title) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Title) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Title) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:WindowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:UsersMY_USERNAMEAppDataLocalMicrosoftEdgeUser DataDefault [2021-04-25]
Edge DownloadDir: C:UsersMY_USERNAMEDownloads

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,model=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
FF Plugin-x32: @microsoft.com/Lync,model=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2021-04-22] (Microsoft Company -> Microsoft Company)
FF Plugin-x32: @microsoft.com/SharePoint,model=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
FF Plugin-x32: Adobe Reader -> C:Program Information (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Methods Inc.)

Chrome:
=======
CHR Profile: C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefault [2021-04-25]
CHR DownloadDir: E:DataDownloads
CHR DefaultSearchKeyword: Default -> google.com/ncr
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2020-02-27]
CHR Extension: (Protected Torrent Scanner) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaegnopegbbhjeeiganiajffnalhlkkjb [2021-01-22]
CHR Extension: (Duolingo on the Internet) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaiahmijlpehemcpleichkcokhegllfjl [2020-02-27]
CHR Extension: (TooManyTabs for Chrome) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsamigcgbheognjmfkaieeeadojiibgbdp [2020-05-28]
CHR Extension: (Docs) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2020-02-27]
CHR Extension: (Google Drive) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (Quick Panopto) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsbginlheikaacjjdajifcbakcmfcgmefh [2020-07-15]
CHR Extension: (YouTube) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-27]
CHR Extension: (Honey) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsbmnlcjabgnpnenekpadlanbbkooimhnj [2021-04-21]
CHR Extension: (Character Rely) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsbpjdkinahbalcimnlaijodhiigpfkmjf [2020-02-27]
CHR Extension: (OneTab) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionschphlpgkkbolifaimnlloiipkdnihall [2021-03-07]
CHR Extension: (uBlock Origin) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2021-03-20]
CHR Extension: (BuiltWith Know-how Profiler) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsdapjbgnjinbpoindlpdmhochffioedbn [2020-12-20]
CHR Extension: (Typio Kind Restoration) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsdjkbihbnjhkjahbhjaadbepppbpoedaa [2020-10-05]
CHR Extension: (Adobe Acrobat) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsefaidnbmnnnibpcajpcglclefindmkaj [2021-03-12]
CHR Extension: (BlockSite – Keep Targeted & Management Your Time) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionseiimnmioipafcokbfikbljfdeojpcgbh [2021-04-23]
CHR Extension: (Sheets) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2020-02-27]
CHR Extension: (Google Docs Offline) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-16]
CHR Extension: (Avast On-line Safety) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsgomekmidlodglbbmalcneegieacbdmki [2021-02-17]
CHR Extension: (Tamper Chrome (extension)) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionshifhgpdkfodlpnlmlnmhchnkepplebkb [2020-12-09]
CHR Extension: (Display screen Recorder) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionshniebljpgcogalllopnjokppmgbhaden [2021-04-05]
CHR Extension: (WhatFont) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsjabopobgcpjmedljpbcaablpmlmfcogm [2020-02-27]
CHR Extension: (Panopto Downloader) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsjcgoagdconfndcjginjeokegdpahebno [2021-03-20]
CHR Extension: (rikaikun) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsjipdnfibhldikgcjhfnomkfpcebammhp [2020-09-03]
CHR Extension: (Request Maker) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionskajfghlhfkcocafkcjlajldicbikpgnp [2020-02-27]
CHR Extension: (Reddit Enhancement Suite) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionskbmfpngjjgdllneeigpgjifpgocmfgmb [2021-04-16]
CHR Extension: (Tab Save) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionslkngoeaeclaebmpkgapchgjdbaekacki [2020-02-27]
CHR Extension: (RemoveCookiesForSite) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionslmfdblomdpkcniknaenceeogpgepocmm [2020-02-27]
CHR Extension: (Chrono Obtain Supervisor) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsmciiogijehkdemklbdcbfkefimifhecn [2021-02-14]
CHR Extension: (PowerPoint On-line) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsmdafamggmaaaginooondinjgkgcbpnhp [2020-05-27]
CHR Extension: (Video Pace Controller) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsnffaoalbilbmmfgbnbgppjihopabppdk [2020-09-13]
CHR Extension: (Chrome Internet Retailer Funds) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Tamper Chrome (utility)) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsodldmflbckacdofpepkdkmkccgdfaemb [2020-02-27]
CHR Extension: (SetupVPN – Lifetime Free VPN) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionsoofgbpoabipfcfjapgnbbjjaenockbdp [2021-04-19]
CHR Extension: (Gmail) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) – C:UsersMY_USERNAMEAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR HKLM-x32…ChromeExtension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32…ChromeExtension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Providers (Whitelisted) ===================

(If an entry is included within the fixlist, it will likely be faraway from the registry. The file won’t be moved until listed individually.)

R2 AdobeARMservice; C:Program Information (x86)Frequent FilesAdobeARM1.0armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:Programsaswidsagent.exe [7894040 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R2 avast! Antivirus; C:ProgramsAvastSvc.exe [606944 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R2 avast! Instruments; C:ProgramsaswToolsSvc.exe [356064 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R2 AvastWscReporter; C:Programswsc_proxy.exe [56920 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Company -> Microsoft Company)
R2 MBAMService; C:Program FilesMalwarebytesAnti-MalwareMBAMService.exe [7456464 2021-04-24] (Malwarebytes Inc -> Malwarebytes)
S3 MsMpiLaunchSvc; C:Program FilesMicrosoft MPIBinmsmpilaunchsvc.exe [161040 2018-10-23] (Microsoft Company -> Microsoft Company)
S3 OfficeSvcManagerAddons; C:WINDOWSsystem32dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-16] (Microsoft Home windows -> Microsoft Company)
S3 OfficeSvcManagerAddons; C:WINDOWSsystem32dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-10-16] (Microsoft Home windows -> Microsoft Company)
S3 Sense; C:Program FilesWindows Defender Superior Menace ProtectionMsSense.exe [5361256 2021-04-15] (Microsoft Home windows Writer -> Microsoft Company)
S3 VSStandardCollectorService150; C:Program Information (x86)Microsoft Visible StudioSharedCommonDiagnosticsHub.Assortment.ServiceStandardCollector.Service.exe [147392 2019-05-01] (Microsoft Company -> Microsoft Company)
S3 WdNisSvc; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0NisSrv.exe [2624104 2021-04-24] (Microsoft Home windows Writer -> Microsoft Company)
R2 WinDefend; C:ProgramDataMicrosoftWindows Defenderplatform4.18.2103.7-0MsMpEng.exe [128376 2021-04-24] (Microsoft Home windows Writer -> Microsoft Company)

===================== Drivers (Whitelisted) ===================

(If an entry is included within the fixlist, it will likely be faraway from the registry. The file won’t be moved until listed individually.)

S0 amdkmafd; C:WINDOWSSystem32driversamdkmafd.sys [49448 2016-08-18] (Superior Micro Gadgets, Inc. -> Superior Micro Gadgets, Inc.)
R0 aswArDisk; C:WINDOWSSystem32driversaswArDisk.sys [35664 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R1 aswArPot; C:WINDOWSSystem32driversaswArPot.sys [212192 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R1 aswbidsdriver; C:WINDOWSSystem32driversaswbidsdriver.sys [365024 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R0 aswbidsh; C:WINDOWSSystem32driversaswbidsh.sys [250336 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R0 aswbuniv; C:WINDOWSSystem32driversaswbuniv.sys [99288 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R0 aswElam; C:WINDOWSSystem32driversaswElam.sys [17352 2021-04-24] (Microsoft Home windows Early Launch Anti-malware Writer -> AVAST Software program)
R1 aswKbd; C:WINDOWSSystem32driversaswKbd.sys [41296 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R1 aswMonFlt; C:WINDOWSSystem32driversaswMonFlt.sys [180448 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R1 aswNetHub; C:WINDOWSSystem32driversaswNetHub.sys [522384 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R1 aswRdr; C:WINDOWSSystem32driversaswRdr2.sys [107792 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R0 aswRvrt; C:WINDOWSSystem32driversaswRvrt.sys [82872 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R1 aswSnx; C:WINDOWSSystem32driversaswSnx.sys [850632 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R1 aswSP; C:WINDOWSSystem32driversaswSP.sys [467720 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R2 aswStm; C:WINDOWSSystem32driversaswStm.sys [215352 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
R0 aswVmm; C:WINDOWSSystem32driversaswVmm.sys [326992 2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Company) [File not signed]
R1 ESProtectionDriver; C:WINDOWSsystem32driversmbae64.sys [199128 2021-04-24] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C:WINDOWSSystem32DriversMbamChameleon.sys [220752 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:WINDOWSSystem32DRIVERSMbamElam.sys [19912 2021-04-24] (Microsoft Home windows Early Launch Anti-malware Writer -> Malwarebytes)
R3 MBAMFarflt; C:WINDOWSSystem32DRIVERSfarflt.sys [198888 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:WINDOWSsystem32DRIVERSmbam.sys [77496 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [248992 2021-04-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:WINDOWSsystem32DRIVERSmwac.sys [157944 2021-04-25] (Malwarebytes Inc -> Malwarebytes)
R1 npcap; C:WINDOWSsystem32DRIVERSnpcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 rzbtendpt; C:WINDOWSSystem32driversrzbtendpt.sys [51912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzdaendpt; C:WINDOWSSystem32driversrzdaendpt.sys [43720 2015-08-13] (Razer Inc. -> Razer Inc)
R3 rzendpt; C:WINDOWSSystem32driversrzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzhnet; C:WINDOWSSystem32Driversrzhnet.sys [29912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzjstk; C:WINDOWSSystem32driversrzjstk.sys [36568 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzkeypadendpt; C:WINDOWSSystem32driversrzkeypadendpt.sys [46280 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzmpos; C:WINDOWSSystem32driversrzmpos.sys [48840 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzp1endpt; C:WINDOWSSystem32driversrzp1endpt.sys [52424 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvkeyboard; C:WINDOWSSystem32driversrzvkeyboard.sys [44232 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvmouse; C:WINDOWSSystem32driversrzvmouse.sys [42712 2015-08-13] (Razer Inc. -> Razer Inc)
S3 ssudcdf; C:WINDOWSSystem32driversssudcdf.sys [36608 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:WINDOWSSystem32driversssuddmgr.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudmdm; C:WINDOWSsystem32DRIVERSssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudobex; C:WINDOWSSystem32driversssudobex.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:WINDOWSSystem32driversssudqcfilter.sys [64640 2016-09-05] (Samsung Electronics CO., LTD. -> QUALCOMM Integrated)
S3 ssudrmnet; C:WINDOWSSystem32driversssudrmnet.sys [70400 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
S3 ssudserd; C:WINDOWSSystem32driversssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:WINDOWSSystem32Driversss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.)
R3 VSTWinDriver6; C:WINDOWSsystem32driversVSTwindrvr6.sys [252928 2015-01-20] (Microsoft Home windows {Hardware} Compatibility Writer -> Jungo)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49560 2021-04-24] (Microsoft Home windows Early Launch Anti-malware Writer -> Microsoft Company)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [421088 2021-04-24] (Microsoft Home windows -> Microsoft Company)
S3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [72928 2021-04-24] (Microsoft Home windows -> Microsoft Company)
U4 npcap_wifi; no ImagePath

See also  DYING: Reborn PSVR + Standard Edition Review

==================== NetSvcs (Whitelisted) ===================

(If an entry is included within the fixlist, it will likely be faraway from the registry. The file won’t be moved until listed individually.)

==================== One month (created) (Whitelisted) =========

(If an entry is included within the fixlist, the file/folder will probably be moved.)

2021-04-25 22:53 – 2021-04-25 22:53 – 139984896 _____ C:WINDOWSsystem32configSOFTWARE
2021-04-25 22:47 – 2021-04-25 22:53 – 000000000 ____D C:WINDOWSMicrosoft Antimalware
2021-04-25 18:17 – 2021-04-25 18:17 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalLowIGDump
2021-04-25 17:27 – 2021-04-25 18:17 – 000000000 ____D C:FRST
2021-04-25 15:53 – 2021-04-25 15:55 – 000188674 _____ C:TDSSKiller.3.1.0.28_25.04.2021_15.53.27_log.txt
2021-04-25 15:26 – 2021-04-25 15:26 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalApple
2021-04-25 12:53 – 2021-04-25 12:53 – 000220752 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamChameleon.sys
2021-04-25 12:53 – 2021-04-25 12:53 – 000198888 _____ (Malwarebytes) C:WINDOWSsystem32Driversfarflt.sys
2021-04-25 12:53 – 2021-04-25 12:53 – 000157944 _____ (Malwarebytes) C:WINDOWSsystem32Driversmwac.sys
2021-04-25 12:53 – 2021-04-25 12:53 – 000077496 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbam.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000248992 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000199128 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000019912 _____ (Malwarebytes) C:WINDOWSsystem32DriversMbamElam.sys
2021-04-24 23:28 – 2021-04-24 23:28 – 000002033 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes.lnk
2021-04-24 23:28 – 2021-04-24 23:28 – 000002021 _____ C:UsersPublicDesktopMalwarebytes.lnk
2021-04-24 23:28 – 2021-04-24 23:28 – 000002021 _____ C:ProgramDataDesktopMalwarebytes.lnk
2021-04-24 23:26 – 2021-04-24 23:26 – 000000000 ____D C:Program FilesMalwarebytes
2021-04-24 15:18 – 2021-04-24 15:18 – 000339680 _____ (AVAST Software program) C:WINDOWSsystem32aswBoot.exe
2021-04-24 15:18 – 2021-04-24 15:18 – 000215352 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswStm.sys
2021-04-23 13:32 – 2021-04-23 13:32 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingTeams
2021-04-23 00:43 – 2021-04-23 00:43 – 000000000 ____D C:UsersMY_USERNAMEDocumentsCustom Workplace Templates
2021-04-22 14:25 – 2021-04-22 14:25 – 000002456 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsSkype for Enterprise.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002451 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsWord.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002450 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPowerPoint.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002414 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAccess.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002413 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsExcel.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002407 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOutlook.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002401 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsPublisher.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000002393 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsOneNote.lnk
2021-04-22 14:25 – 2021-04-22 14:25 – 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Workplace Instruments
2021-04-22 14:24 – 2021-04-22 14:24 – 000000000 ____D C:Program FilesCommon FilesDESIGNER
2021-04-22 14:08 – 2021-04-22 14:25 – 000000000 ____D C:Program FilesMicrosoft Workplace
2021-04-22 14:08 – 2021-04-22 14:08 – 000000000 ____D C:Program FilesMicrosoft Workplace 15
2021-04-16 23:57 – 2021-04-16 23:57 – 000000056 _____ C:UsersMY_USERNAME.git-credentials
2021-04-15 19:44 – 2021-04-15 19:44 – 001823304 _____ (Microsoft Company) C:WINDOWSsystem32winload.efi
2021-04-15 19:44 – 2021-04-15 19:44 – 000231248 _____ C:WINDOWSsystem32containerdevicemanagement.dll
2021-04-15 19:44 – 2021-04-15 19:44 – 000011357 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2021-04-07 13:05 – 2021-04-07 18:32 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingqrenderdoc
2021-04-07 13:05 – 2021-04-07 13:05 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingrenderdoc
2021-04-07 13:05 – 2021-04-07 13:05 – 000000000 ____D C:UsersMY_USERNAME.android
2021-03-27 15:02 – 2021-03-27 15:11 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingtyranogame

==================== One month (modified) ==================

(If an entry is included within the fixlist, the file/folder will probably be moved.)

2021-04-25 18:12 – 2019-12-07 11:14 – 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2021-04-25 17:52 – 2020-10-07 23:39 – 000000000 ____D C:WINDOWSsystem32SleepStudy
2021-04-25 17:52 – 2020-02-27 17:58 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingdiscord
2021-04-25 17:46 – 2020-02-27 17:58 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalDiscord
2021-04-25 17:27 – 2019-12-07 11:13 – 000000000 ____D C:WINDOWSINF
2021-04-25 16:27 – 2020-03-01 19:19 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingSpotify
2021-04-25 16:05 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSRegistration
2021-04-25 15:26 – 2020-02-27 19:19 – 000000000 ___HD C:Program Information (x86)InstallShield Set up Info
2021-04-25 15:25 – 2020-05-29 20:00 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalPackage Cache
2021-04-25 15:24 – 2021-02-06 14:40 – 000000000 ____D C:WINDOWSsystem32appmgmt
2021-04-25 13:46 – 2020-02-27 18:02 – 000000000 ____D C:ProgramDataRiot Video games
2021-04-25 13:46 – 2020-02-26 23:32 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalD3DSCache
2021-04-25 13:01 – 2019-12-07 11:14 – 000000000 ___HD C:Program FilesWindowsApps
2021-04-25 13:00 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSAppReadiness
2021-04-25 12:59 – 2020-10-08 09:08 – 000789980 _____ C:WINDOWSsystem32perfh00C.dat
2021-04-25 12:59 – 2020-10-08 09:08 – 000149496 _____ C:WINDOWSsystem32perfc00C.dat
2021-04-25 12:59 – 2020-10-08 09:06 – 000487072 _____ C:WINDOWSsystem32perfh011.dat
2021-04-25 12:59 – 2020-10-08 09:06 – 000132800 _____ C:WINDOWSsystem32perfc011.dat
2021-04-25 12:59 – 2020-10-08 09:04 – 000497116 _____ C:WINDOWSsystem32perfh012.dat
2021-04-25 12:59 – 2020-10-08 09:04 – 000132824 _____ C:WINDOWSsystem32perfc012.dat
2021-04-25 12:59 – 2020-10-07 23:49 – 003002386 _____ C:WINDOWSsystem32PerfStringBackup.INI
2021-04-25 12:53 – 2020-10-07 23:54 – 000000006 ____H C:WINDOWSTasksSA.DAT
2021-04-25 12:53 – 2020-10-07 23:39 – 000008192 ___SH C:DumpStack.log.tmp
2021-04-25 12:53 – 2020-02-27 00:01 – 000000000 ____D C:ProgramDataAVAST Software program
2021-04-25 12:47 – 2020-02-27 08:16 – 000065536 _____ C:WINDOWSsystem32spu_storage.bin
2021-04-25 12:47 – 2019-12-07 11:03 – 000786432 _____ C:WINDOWSsystem32configBBI
2021-04-25 12:45 – 2020-03-01 19:20 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalSpotify
2021-04-25 07:21 – 2020-10-08 02:27 – 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d69cf319188bf1
2021-04-25 07:21 – 2020-10-07 23:54 – 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2021-04-25 03:54 – 2019-12-07 11:03 – 000000000 ____D C:WINDOWSCbsTemp
2021-04-24 23:34 – 2020-02-27 08:16 – 000000000 ____D C:WINDOWSsystem32Driverswd
2021-04-24 23:28 – 2019-12-07 11:14 – 000000000 ___HD C:WINDOWSELAMBKUP
2021-04-24 23:24 – 2019-12-07 11:03 – 000032768 _____ C:WINDOWSsystem32configELAM
2021-04-24 23:03 – 2020-11-05 01:05 – 000002176 _____ C:WINDOWSsystem32Tasksnpcapwatchdog
2021-04-24 23:03 – 2020-10-07 23:54 – 000003482 _____ C:WINDOWSsystem32TasksAdobe Acrobat Replace Activity
2021-04-24 23:03 – 2020-10-07 23:54 – 000003346 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineUA
2021-04-24 23:03 – 2020-10-07 23:54 – 000003184 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore
2021-04-24 23:03 – 2020-10-07 23:54 – 000003122 _____ C:WINDOWSsystem32TasksGoogleUpdateTaskMachineCore
2021-04-24 23:03 – 2020-10-07 23:54 – 000002858 _____ C:WINDOWSsystem32TasksOneDrive Standalone Replace Activity-S-1-5-21-848354871-4184821791-1569574031-1003
2021-04-24 23:03 – 2020-10-07 23:54 – 000002858 _____ C:WINDOWSsystem32TasksOneDrive Standalone Replace Activity-S-1-5-21-848354871-4184821791-1569574031-1001
2021-04-24 23:03 – 2020-10-07 23:54 – 000002202 _____ C:WINDOWSsystem32TasksStartCN
2021-04-24 23:03 – 2020-10-07 23:54 – 000002122 _____ C:WINDOWSsystem32TasksStartDVR
2021-04-24 23:03 – 2020-10-07 23:54 – 000000000 ____D C:WINDOWSsystem32TasksAvast Software program
2021-04-24 19:14 – 2020-10-07 23:39 – 000500832 _____ C:WINDOWSsystem32FNTCACHE.DAT
2021-04-24 19:00 – 2020-03-15 23:50 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoaming.minecraft
2021-04-24 15:18 – 2020-10-13 19:55 – 000180448 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswMonFlt.sys
2021-04-24 15:18 – 2020-10-07 23:54 – 000003938 _____ C:WINDOWSsystem32TasksAvast Emergency Replace
2021-04-24 15:18 – 2020-04-15 16:26 – 000522384 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswNetHub.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000850632 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswSnx.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000467720 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswSP.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000365024 _____ (AVAST Software program) C:WINDOWSsystem32Driversaswbidsdriver.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000326992 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswVmm.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000250336 _____ (AVAST Software program) C:WINDOWSsystem32Driversaswbidsh.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000212192 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswArPot.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000107792 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswRdr2.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000099288 _____ (AVAST Software program) C:WINDOWSsystem32Driversaswbuniv.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000082872 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswRvrt.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000041296 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswKbd.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000035664 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswArDisk.sys
2021-04-24 15:18 – 2020-02-27 00:05 – 000017352 _____ (AVAST Software program) C:WINDOWSsystem32DriversaswElam.sys
2021-04-24 11:22 – 2020-08-21 13:40 – 000002438 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2021-04-23 13:44 – 2020-02-27 00:02 – 000002136 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk
2021-04-23 13:32 – 2020-02-27 17:58 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalSquirrelTemp
2021-04-23 00:19 – 2020-02-27 00:25 – 000002301 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2021-04-22 14:29 – 2020-02-26 23:32 – 000000000 __RHD C:UsersPublicAccountPictures
2021-04-22 14:25 – 2019-12-07 11:14 – 000000000 ____D C:Program FilesCommon Filesmicrosoft shared
2021-04-21 19:10 – 2021-02-02 13:04 – 000000000 ____D C:UsersMY_USERNAMEDocumentsMy Kindle Content material
2021-04-21 17:36 – 2020-03-01 00:55 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocal.IdentityService
2021-04-19 18:22 – 2020-03-01 14:42 – 000000000 ____D C:UsersMY_USERNAME.p2
2021-04-19 17:45 – 2020-06-14 16:36 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingvlc
2021-04-19 17:33 – 2020-10-08 09:02 – 000000000 ____D C:WINDOWSsystem32Driversen-GB
2021-04-19 17:33 – 2019-12-07 11:54 – 000000000 ____D C:Program FilesWindows Defender Superior Menace Safety
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ___SD C:WINDOWSsystem32DiagSvcs
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ___RD C:WINDOWSImmersiveControlPanel
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSSystemResources
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32setup
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32oobe
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32lv-LV
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32lt-LT
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32et-EE
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSsystem32es-MX
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSProvisioning
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSPolicyDefinitions
2021-04-19 17:33 – 2019-12-07 11:14 – 000000000 ____D C:WINDOWSbcastdvr
2021-04-18 22:17 – 2020-02-28 12:46 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingAnki2
2021-04-17 02:05 – 2021-02-02 13:04 – 000002292 _____ C:UsersMY_USERNAMEDesktopKindle.lnk
2021-04-17 02:05 – 2021-02-02 13:04 – 000000000 ____D C:UsersMY_USERNAMEAppDataLocalAmazon
2021-04-16 23:57 – 2020-10-07 23:41 – 000000000 ____D C:UsersMY_USERNAME
2021-04-16 23:20 – 2020-02-27 18:45 – 000000000 ____D C:UsersMY_USERNAMEDocumentsSound recordings
2021-04-15 19:44 – 2020-10-07 23:39 – 002877440 _____ (Microsoft Company) C:WINDOWSSysWOW64PrintConfig.dll
2021-04-15 19:34 – 2020-02-27 19:01 – 000000000 ____D C:WINDOWSsystem32MRT
2021-04-15 19:32 – 2020-02-27 19:01 – 131963968 ____C (Microsoft Company) C:WINDOWSsystem32MRT.exe
2021-04-12 22:44 – 2020-08-18 19:42 – 000000000 ____D C:UsersMY_USERNAMEDocumentsMy Video games
2021-04-12 21:18 – 2020-10-07 23:41 – 000002363 _____ C:UsersMY_USERNAMEAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2021-04-12 21:18 – 2020-02-26 23:35 – 000000000 ___RD C:UsersMY_USERNAMEOneDrive
2021-04-11 22:14 – 2020-11-19 16:07 – 000000000 ____D C:UsersMY_USERNAMEDocumentsZoom
2021-04-10 22:35 – 2020-03-28 01:56 – 000000000 ____D C:UsersMY_USERNAMEAppDataRoamingRenPy

==================== Information within the root of some directories ========

2020-04-17 01:45 – 2020-04-18 01:29 – 000000812 _____ () C:UsersMY_USERNAMEAppDataRoamingjd-gui.cfg
2020-12-24 20:18 – 2020-12-26 16:09 – 000000128 _____ () C:UsersMY_USERNAMEAppDataLocalPUTTY.RND
2021-03-02 14:44 – 2021-03-02 14:44 – 000002158 _____ () C:UsersMY_USERNAMEAppDataLocalrecently-used.xbel
2020-05-12 17:48 – 2020-05-12 17:48 – 000007621 _____ () C:UsersMY_USERNAMEAppDataLocalResmon.ResmonCfg

==================== SigCheck ============================

(There is no such thing as a automated repair for recordsdata that don’t go verification.)

==================== Finish of FRST.txt ========================

And Addition.txt:
Extra scan results of Farbar Restoration Scan Instrument (x64) Model: 17-04-2021
Ran by MY_USERNAME (25-04-2021 18:39:40)
Working from E:DataDownloads
Home windows 10 Professional Model 2004 19041.928 (X64) (2020-10-07 21:54:27)
Boot Mode: Regular
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-848354871-4184821791-1569574031-500 – Administrator – Disabled)
DefaultAccount (S-1-5-21-848354871-4184821791-1569574031-503 – Restricted – Disabled)
Visitor (S-1-5-21-848354871-4184821791-1569574031-501 – Restricted – Disabled)
MY_USERNAME (S-1-5-21-848354871-4184821791-1569574031-1001 – Administrator – Enabled) => C:UsersMY_USERNAME
WDAGUtilityAccount (S-1-5-21-848354871-4184821791-1569574031-504 – Restricted – Disabled)

==================== Safety Heart ========================

(If an entry is included within the fixlist, it will likely be eliminated.)

AV: Home windows Defender (Disabled – Updated) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled – Updated) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled – Updated) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Put in Applications ======================

(Solely the adware applications with “Hidden” flag might be added to the fixlist to unhide them. The adware applications needs to be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM…7-Zip) (Model: 19.00 – Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32…{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Model: 21.001.20150 – Adobe Methods Integrated)
Amazon Kindle (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Amazon Kindle) (Model: 1.31.0.60170 – Amazon)
AMD Settings (HKLM…WUCCCApp) (Model: 2019.0816.1152.21357 – Superior Micro Gadgets, Inc.)
Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Model: 2020.11 – Anaconda, Inc.)
Anki (HKLM-x32…Anki) (Model: 2.1.30 – )
Utility Verifier x64 Exterior Package deal (HKLM…{10CA1677-8F02-3131-F25C-780BAB52E468}) (Model: 10.1.18362.1 – Microsoft) Hidden
Avast Free Antivirus (HKLM-x32…Avast Antivirus) (Model: 21.3.2459 – Avast Software program)
Canon IJ Community Scanner Selector EX2 (HKLM-x32…Canon_IJ_Network_Scanner_Selector_EX2) (Model: 2.0.5.3 – Canon Inc.)
Canon IJ Printer Assistant Instrument (HKLM-x32…Canon IJ Printer Assistant Instrument) (Model: 1.00.1.51 – Canon Inc.)
Canon IJ Scan Utility (HKLM-x32…Canon_IJ_Scan_Utility) (Model: 1.4.0.16 – Canon Inc.)
Canon TR7500 collection MP Drivers (HKLM…{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TR7500_series) (Model: 1.02 – Canon Inc.)
Cheat Engine 7.1 (HKLM…Cheat Engine_is1) (Model: – Cheat Engine)
ClickOnce Bootstrapper Package deal for Microsoft .NET Framework (HKLM-x32…{0243F145-076D-423A-8F77-218DC8840261}) (Model: 4.8.04119 – Microsoft Company) Hidden
CMake (HKLM…{E4AE8797-642B-4E04-86C6-AC7228086CF4}) (Model: 3.18.0 – Kitware)
DiagnosticsHub_CollectionService (HKLM…{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Model: 16.1.28901 – Microsoft Company) Hidden
Discord (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Discord) (Model: 0.0.309 – Discord Inc.)
dupeGuru 4.1.0 (HKLM…dupeGuru) (Model: 4.1.0 – Hardcoded Software program)
Electrum (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Electrum) (Model: 4.0.2 – Electrum Applied sciences GmbH)
Epic Video games Launcher (HKLM-x32…{FEF3A9BA-A962-4469-AD62-04839D4BB847}) (Model: 1.1.298.0 – Epic Video games, Inc.)
FileZilla Consumer 3.51.0 (HKLM-x32…FileZilla Consumer) (Model: 3.51.0 – Tim Kosse)
GIMP 2.10.18 (HKLM…GIMP-2_is1) (Model: 2.10.18 – The GIMP Group)
Git model 2.25.1 (HKLM…Git_is1) (Model: 2.25.1 – The Git Growth Neighborhood)
Google Chrome (HKLM-x32…Google Chrome) (Model: 90.0.4430.85 – Google LLC)
heroku (HKLM-x32…heroku) (Model: – Heroku)
icecap_collection_neutral (HKLM-x32…{929EAD9A-42D2-4FC7-B7E6-529AAD5F6D0D}) (Model: 16.5.29814 – Microsoft Company) Hidden
icecap_collection_x64 (HKLM…{84EC5964-D540-4494-9043-BF7BEE37D1E1}) (Model: 16.5.29814 – Microsoft Company) Hidden
icecap_collectionresources (HKLM-x32…{16D7574C-1007-4A85-93FF-666E74AD60D2}) (Model: 16.5.29521 – Microsoft Company) Hidden
icecap_collectionresourcesx64 (HKLM-x32…{F5C67FC5-BF18-4304-9268-A971876B245A}) (Model: 16.4.29411 – Microsoft Company) Hidden
IntelliTraceProfilerProxy (HKLM-x32…{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Model: 15.0.18198.01 – Microsoft Company) Hidden
Java™ SE Growth Equipment 13.0.2 (64-bit) (HKLM…{606493F9-D1F1-5355-BB8A-F0E30F1AFFED}) (Model: 13.0.2.0 – Oracle Company)
Kits Configuration Installer (HKLM-x32…{63AAA877-5536-9481-2385-28A082100D78}) (Model: 10.1.18362.1 – Microsoft) Hidden
Launcher Stipulations (x64) (HKLM-x32…{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Model: 1.0.0.0 – Epic Video games, Inc.) Hidden
League of Legends (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Riot Sport league_of_legends.stay) (Model: – Riot Video games, Inc)
Malwarebytes model 4.3.0.98 (HKLM…{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Model: 4.3.0.98 – Malwarebytes)
Microsoft .NET Core SDK 3.1.201 (x64) from Visible Studio (HKLM…{AE0BA5F1-D63A-4784-944F-114B82FB8202}) (Model: 3.1.201.015034 – Microsoft Company)
Microsoft 365 Apps for enterprise – en-us (HKLM…O365ProPlusRetail – en-us) (Model: 16.0.13901.20400 – Microsoft Company)
Microsoft Edge (HKLM-x32…Microsoft Edge) (Model: 90.0.818.46 – Microsoft Company)
Microsoft MPI (10.0.12498.5) (HKLM…{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Model: 10.0.12498.5 – Microsoft Company)
Microsoft ODBC Driver 17 for SQL Server (HKLM…{E36FFC78-D25E-4962-872B-9CE0E50E62CD}) (Model: 17.5.1.1 – Microsoft Company)
Microsoft OneDrive (HKUS-1-5-21-848354871-4184821791-1569574031-1001…OneDriveSetup.exe) (Model: 21.052.0314.0001 – Microsoft Company)
Microsoft System CLR Sorts for SQL Server 2019 CTP2.2 (HKLM…{8D7CE3B0-5379-46FE-9F4B-A65D9F4CC1F1}) (Model: 15.0.1200.24 – Microsoft Company)
Microsoft System CLR Sorts for SQL Server 2019 CTP2.2 (HKLM-x32…{725CC962-98BD-42C7-87D8-51C680FB1779}) (Model: 15.0.1200.24 – Microsoft Company)
Microsoft Replace Well being Instruments (HKLM…{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Model: 2.75.0.0 – Microsoft Company)
Microsoft Visible C++ 2008 Redistributable – x64 9.0.30729.17 (HKLM…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Model: 9.0.30729 – Microsoft Company)
Microsoft Visible C++ 2008 Redistributable – x86 9.0.30729.6161 (HKLM-x32…{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Model: 9.0.30729.6161 – Microsoft Company)
Microsoft Visible C++ 2010 x86 Redistributable – 10.0.40219 (HKLM-x32…{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Model: 10.0.40219 – Microsoft Company)
Microsoft Visible C++ 2013 Redistributable (x64) – 12.0.40649 (HKLM-x32…{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Model: 12.0.40649.5 – Microsoft Company)
Microsoft Visible C++ 2013 Redistributable (x86) – 12.0.21005 (HKLM-x32…{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Model: 12.0.21005.1 – Microsoft Company)
Microsoft Visible C++ 2015-2019 Redistributable (x64) – 14.25.28508 (HKLM-x32…{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Model: 14.25.28508.3 – Microsoft Company)
Microsoft Visible C++ 2015-2019 Redistributable (x86) – 14.25.28508 (HKLM-x32…{65e650ff-30be-469d-b63a-418d71ea1765}) (Model: 14.25.28508.3 – Microsoft Company)
Microsoft Visible Studio Installer (HKLM…{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Model: 2.5.2059.317 – Microsoft Company)
Minecraft Launcher (HKLM-x32…{E15F69FA-660D-45CC-B28F-6CBC4CAD2091}) (Model: 1.0.0.0 – Mojang)
MSI Growth Instruments (HKLM-x32…{DB4DB790-64DD-1902-4BF2-833B3B6DBCA1}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Nexon Launcher (HKLM-x32…Nexon Nexon Launcher) (Model: 2.0.0 – Nexon)
Nmap 7.91 (HKLM-x32…Nmap) (Model: 7.91 – Nmap Mission)
Notepad++ (32-bit x86) (HKLM-x32…Notepad++) (Model: 7.8.4 – Notepad++ Group)
Npcap (HKLM-x32…NpcapInst) (Model: 1.00 – Nmap Mission)
OBS Studio (HKLM-x32…OBS Studio) (Model: 25.0.8 – OBS Mission)
Workplace 16 Click on-to-Run Extensibility Element (HKLM…{90160000-008C-0000-1000-0000000FF1CE}) (Model: 16.0.13901.20400 – Microsoft Company) Hidden
Workplace 16 Click on-to-Run Licensing Element (HKLM…{90160000-007E-0000-1000-0000000FF1CE}) (Model: 16.0.13901.20400 – Microsoft Company) Hidden
Workplace 16 Click on-to-Run Localization Element (HKLM…{90160000-008C-0409-1000-0000000FF1CE}) (Model: 16.0.13901.20336 – Microsoft Company) Hidden
OpenShot Video Editor model 2.5.1 (HKLM…{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Model: 2.5.1 – OpenShot Studios, LLC)
osu! (HKLM-x32…{7c910db9-0f2a-47bd-9d98-3f72f69f5b9e}) (Model: newest – ppy Pty Ltd)
psqlODBC_x64 (HKLM…{3F8971B0-061B-4163-9D3F-EA94151B2FCF}) (Model: 09.06.0504 – PostgreSQL International Growth Group)
PuTTY launch 0.74 (64-bit) (HKLM…{127B996B-5308-4012-865B-9446451EA326}) (Model: 0.74.0.0 – Simon Tatham)
Python 3.8.3 (64-bit) (HKUS-1-5-21-848354871-4184821791-1569574031-1001…{f7b3255c-a01a-4595-8768-ff8f6613898c}) (Model: 3.8.3150.0 – Python Software program Basis)
Python 3.8.3 Add to Path (64-bit) (HKLM…{13E05234-E037-4C96-BF0C-585FD0A8E2B0}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Core Interpreter (64-bit) (HKLM…{A0258B41-0D21-496B-A342-B8BCCB8F2B8D}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Growth Libraries (64-bit) (HKLM…{91ECF664-C305-44DD-A08E-0319EAD11534}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Documentation (64-bit) (HKLM…{519DA1AF-03AD-4CEA-813F-F47B4B14DF3F}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Executables (64-bit) (HKLM…{245A2BD7-1E51-448C-810D-356286B18BA8}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 pip Bootstrap (64-bit) (HKLM…{698BFA23-9AF5-43B1-A08E-293477F8FD9B}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Normal Library (64-bit) (HKLM…{3E010818-0B52-4BCD-994D-D321F25ABAEC}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Tcl/Tk Help (64-bit) (HKLM…{7FD17CEE-EE81-4241-96B1-EA4BE139AA38}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Check Suite (64-bit) (HKLM…{381E4487-0C58-447D-A3F7-7EC5902DDAF4}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python 3.8.3 Utility Scripts (64-bit) (HKLM…{AF4FC66A-D11F-4270-B93C-F556D565E32C}) (Model: 3.8.3150.0 – Python Software program Basis) Hidden
Python Launcher (HKLM-x32…{406A47EE-C4AE-4944-BADE-1B543A443873}) (Model: 3.8.7072.0 – Python Software program Basis)
R for Home windows 4.0.3 (HKLM…R for Home windows 4.0.3_is1) (Model: 4.0.3 – R Core Group)
Razer Synapse (HKLM-x32…{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Model: 2.21.24.34 – Razer Inc.)
Realtek Excessive Definition Audio Driver (HKLM-x32…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Model: 6.0.1.6657 – Realtek Semiconductor Corp.)
RStudio (HKLM-x32…RStudio) (Model: 1.4.1103 – RStudio)
Rtools 4.0 (4.0.0.28) (HKLM…Rtools_is1) (Model: 4.0 – The R Basis)
SDK ARM Additions (HKLM-x32…{73681F86-CD86-4208-572F-959B45430B04}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
SDK ARM Redistributables (HKLM-x32…{67EE3804-9642-62BA-EBF1-B1561FB4ECBE}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Spotify (HKUS-1-5-21-848354871-4184821791-1569574031-1001…Spotify) (Model: 1.1.57.443.ga029a6c4 – Spotify AB)
Steam (HKLM-x32…Steam) (Model: 2.10.91.91 – Valve Company)
Synaptics Pointing Gadget Driver (HKLM…SynTPDeinstKey) (Model: 19.0.14.1 – Synaptics Integrated)
Tableau 2020.3 (20203.20.1110.1623) (HKLM…{FDFFDD1D-665B-4459-85ED-0F00EE587864}) (Model: 20.3.29762 – Tableau Software program) Hidden
Tableau 2020.3 (20203.20.1110.1623) (HKLM-x32…{6a3a9b8d-f769-43b6-8b7f-be54b3f59471}) (Model: 20.3.29762 – Tableau Software program)
TreeSize Free V4.4.2 (HKLM-x32…TreeSize Free_is1) (Model: 4.4.2 – JAM Software program)
UE4 Stipulations (x64) (HKLM…{F9EC45F9-074A-48BF-92E9-A8CADD56F693}) (Model: 1.0.11.0 – Epic Video games, Inc.) Hidden
UE4 Stipulations (x64) (HKLM-x32…{4e242cc8-5e3c-4b08-9d55-dbc62ddd1208}) (Model: 1.0.13.0 – Epic Video games, Inc.) Hidden
Common CRT Extension SDK (HKLM-x32…{13952D7A-B7B3-F4F8-5F29-5CD18E8168B7}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Common CRT Headers Libraries and Sources (HKLM-x32…{74CBC330-ED16-31B9-E8BE-0C6A8E67DE32}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Common CRT Redistributable (HKLM-x32…{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Model: 10.0.26624 – Microsoft Company) Hidden
Common CRT Redistributable (HKLM-x32…{847D4DAF-0182-265B-324F-406462E8A90D}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Common CRT Instruments x64 (HKLM…{54FE4D23-11A2-F1C4-76E9-79C8FB40A4A1}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Common CRT Instruments x86 (HKLM-x32…{9F7B0D96-881D-8850-C303-43F3A08E6902}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Common Normal MIDI DLS Extension SDK (HKLM-x32…{6F54BF87-2EE6-FA6D-431D-33A665992D49}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Replace for (KB2504637) (HKLM-x32…{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Model: 1 – Microsoft Company)
uTorrent Internet (HKUS-1-5-21-848354871-4184821791-1569574031-1001…utweb) (Model: 1.1.4 – BitTorrent, Inc.)
vcpp_crt.redist.clickonce (HKLM-x32…{6B25D94A-4B50-45E2-BBD3-54E68700E1BC}) (Model: 14.25.28508 – Microsoft Company) Hidden
Visible Studio Neighborhood 2019 (HKLM-x32…d6292e34) (Model: 16.5.29926.136 – Microsoft Company)
VLC media participant (HKLM…VLC media participant) (Model: 3.0.10 – VideoLAN)
VS Immersive Activate Helper (HKLM-x32…{78500789-0EBE-4490-BE43-F9EF8250BF42}) (Model: 16.0.98.0 – Microsoft Company) Hidden
VS JIT Debugger (HKLM…{4137D3AB-5B44-4AC9-83A4-5273F2E2547E}) (Model: 16.0.98.0 – Microsoft Company) Hidden
VS Script Debugging Frequent (HKLM…{D8B26CBD-15D2-440B-BCBD-5616D74EFC7D}) (Model: 16.0.98.0 – Microsoft Company) Hidden
vs_BlendMsi (HKLM-x32…{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Model: 16.0.28329 – Microsoft Company) Hidden
vs_clickoncebootstrappermsi (HKLM-x32…{BAF91847-0A64-405E-98EC-A0BA6FB4BC4E}) (Model: 16.0.28329 – Microsoft Company) Hidden
vs_clickoncebootstrappermsires (HKLM-x32…{271F1F42-B547-4498-825F-590DBB1774F7}) (Model: 16.0.28329 – Microsoft Company) Hidden
vs_clickoncesigntoolmsi (HKLM-x32…{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Model: 16.0.28329 – Microsoft Company) Hidden
vs_communitymsi (HKLM-x32…{FDC38876-AD68-4616-942D-AC3194DAB0A3}) (Model: 16.5.29814 – Microsoft Company) Hidden
vs_communitymsires (HKLM-x32…{95E79BBC-97FD-4FEB-91B5-CC0231324812}) (Model: 16.0.28329 – Microsoft Company) Hidden
vs_devenvmsi (HKLM-x32…{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Model: 16.0.28329 – Microsoft Company) Hidden
vs_filehandler_amd64 (HKLM-x32…{7DB17E2A-450D-4DBD-9C17-545A95804B0C}) (Model: 16.5.29814 – Microsoft Company) Hidden
vs_filehandler_x86 (HKLM-x32…{C309FC3D-20C2-4F48-AF46-E59674774602}) (Model: 16.5.29814 – Microsoft Company) Hidden
vs_FileTracker_Singleton (HKLM-x32…{692A0FB3-E6A2-4D41-AC03-4136B4312DC0}) (Model: 16.3.29209 – Microsoft Company) Hidden
vs_Graphics_Singletonx64 (HKLM…{ABBD10CA-0CFA-4D76-B033-F76C55A54336}) (Model: 16.4.29411 – Microsoft Company) Hidden
vs_Graphics_Singletonx86 (HKLM-x32…{E47B4703-2337-4ED0-BA24-3EC08D643684}) (Model: 16.4.29411 – Microsoft Company) Hidden
vs_minshellinteropmsi (HKLM-x32…{27B16914-BC5D-4018-8074-071262A27F6D}) (Model: 16.2.28917 – Microsoft Company) Hidden
vs_minshellmsi (HKLM-x32…{4D33D909-B071-41D2-B305-96B8586F911E}) (Model: 16.5.29814 – Microsoft Company) Hidden
vs_minshellmsires (HKLM-x32…{EC04CD66-C03A-470D-B0D2-4BBC87F6382D}) (Model: 16.0.28329 – Microsoft Company) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32…{0A54CADD-CBA1-4BC9-A134-6C9F91F41B9A}) (Model: 16.5.29521 – Microsoft Company) Hidden
vs_tipsmsi (HKLM-x32…{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Model: 16.0.28329 – Microsoft Company) Hidden
WinAppDeploy (HKLM-x32…{8E3AE0EF-D067-700C-BDB4-10D5552155DC}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Home windows Driver Package deal – Texas Devices Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) (HKLM…EC3E466026556D3EB760B01C4772277614354E11) (Model: 06/11/2009 1.0.0.0 – Texas Devices Inc.)
Home windows Driver Package deal – Texas Devices Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) (HKLM…7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Model: 09/02/2009 1.0.0.1 – Texas Devices Inc.)
Home windows SDK AddOn (HKLM-x32…{E6F877A1-2F65-4BF0-87B6-A4071B7663D3}) (Model: 10.1.0.0 – Microsoft Company)
Home windows Software program Growth Equipment – Home windows 10.0.18362.1 (HKLM-x32…{126dedf0-cc0e-4b48-9ece-806b0e437195}) (Model: 10.1.18362.1 – Microsoft Company)
WinRAR 5.90 beta 2 (64-bit) (HKLM…WinRAR archiver) (Model: 5.90.2 – win.rar GmbH)
WinRT Intellisense Desktop – en-us (HKLM-x32…{E67F1F03-FB4A-3D61-8999-E6A4C4B26F34}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense Desktop – Different Languages (HKLM-x32…{7EF010FF-7800-28BA-FF49-2D219EC7BA82}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense IoT – en-us (HKLM-x32…{36AE12FB-4349-6EAA-B6E4-5F4E06FA8AE8}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense IoT – Different Languages (HKLM-x32…{6B03A6A4-643C-57CE-CA6F-4E19BF47497A}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense Cell – en-us (HKLM-x32…{918A448F-59E8-FBF5-B087-D3F07160C7E0}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense PPI – en-us (HKLM-x32…{66483041-F590-EC46-4AF0-EE39C62FB680}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense PPI – Different Languages (HKLM-x32…{9C61E6D2-C43E-6746-B519-6185558C4A24}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense UAP – en-us (HKLM-x32…{6B37CC5B-78DF-5050-2215-68479716A587}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
WinRT Intellisense UAP – Different Languages (HKLM-x32…{250D5341-0879-4016-399C-BBCD87B80E95}) (Model: 10.1.18362.1 – Microsoft Company) Hidden
Zoom (HKUS-1-5-21-848354871-4184821791-1569574031-1001…ZoomUMX) (Model: 5.4.9 (59931.0110) – Zoom Video Communications, Inc.)

See also  SimLab Composer 8.2 Free Download

Packages:
=========
Canon Inkjet Print Utility -> C:Program FilesWindowsApps34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Microsoft Promoting SDK for XAML -> C:Program FilesWindowsAppsmicrosoft.promoting.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Company) [MS Ad]
Microsoft Promoting SDK for XAML -> C:Program FilesWindowsAppsmicrosoft.promoting.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-27] (Microsoft Company) [MS Ad]
Images Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Images.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-04] (Microsoft Company)

==================== Customized CLSID (Whitelisted): ==============

(If an entry is included within the fixlist, it will likely be faraway from the registry. The file won’t be moved until listed individually.)

CustomCLSID: HKUS-1-5-21-848354871-4184821791-1569574031-1001_ClassesCLSID{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}InprocServer32 -> E:UNUSED_PATHLocale EmulatorLEContextMenuHandler.DLL (Paddy Xu) [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:DataApplications7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:ApplicationsNotepad++NppShell_06.dll [2020-01-30] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-24] (Malwarebytes Company -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:DataApplications7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:Program FilesAMDCNextCNextatiacm64.dll [2019-08-16] (Superior Micro Gadgets, Inc. -> Superior Micro Gadgets, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:DataApplications7-Zip7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:ProgramsashShell.dll [2021-04-24] (Avast Software program s.r.o. -> AVAST Software program)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2021-04-24] (Malwarebytes Company -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:ApplicationsWinRARrarext32.dll [2020-02-22] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries might be listed to be restored or eliminated.)

ShortcutWithArgument: C:UsersMY_USERNAMEAppDataRoamingMicrosoftWindowsStart MenuProgramsChrome AppsTamper Chrome (utility).lnk -> C:Program Information (x86)GoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=odldmflbckacdofpepkdkmkccgdfaemb
ShortcutWithArgument: C:UsersMY_USERNAMEAppDataRoamingMicrosoftWindowsStart MenuProgramsAnaconda3 (64-bit)Anaconda Immediate (Anaconda).lnk -> C:WindowsSystem32cmd.exe (Microsoft Company) -> “/K” E:DataApplicationsAnacondaScriptsactivate.bat E:DataApplicationsAnaconda
ShortcutWithArgument: C:UsersMY_USERNAMEAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts890307056398c20Screen Recorder.lnk -> C:Program Information (x86)GoogleChromeApplicationchrome_proxy.exe (Google LLC) -> –profile-directory=Default –app-id=hniebljpgcogalllopnjokppmgbhaden

==================== Loaded Modules (Whitelisted) =============

2019-06-28 17:32 – 2019-06-28 17:32 – 000017920 _____ () [File not signed] C:Program FilesAMDCNextCNextlibEGL.DLL
2019-06-28 17:32 – 2019-06-28 17:32 – 003598336 _____ () [File not signed] C:Program FilesAMDCNextCNextlibGLESv2.dll
2019-08-16 21:37 – 2019-08-16 21:37 – 000158208 _____ (Superior Micro Gadgets, Inc.) [File not signed] C:WINDOWSSYSTEM32amdihk64.dll
2020-05-04 17:05 – 2016-10-21 16:06 – 000318976 _____ (CANON INC) [File not signed] C:Program Information (x86)CanonIJ Community Scanner Selector EX2scchmpm.dll
2020-05-04 17:05 – 2016-12-01 09:23 – 000219648 _____ (CANON INC.) [File not signed] C:Program Information (x86)CanonIJ Community Scanner Selector EX2cnmpu2.dll
2020-05-04 17:05 – 2016-12-09 11:09 – 000008192 _____ (CANON INC.) [File not signed] C:Program Information (x86)CanonIJ Community Scanner Selector EX2CNS2_ENU.DLL
2020-05-04 17:05 – 2016-12-09 11:09 – 000104960 _____ (CANON INC.) [File not signed] C:Program Information (x86)CanonIJ Community Scanner Selector EX2CNS2_IMG.dll
2020-11-28 16:01 – 2019-02-21 18:00 – 000078336 _____ (Igor Pavlov) [File not signed] E:DataApplications7-Zip7-zip.dll
2021-04-22 14:24 – 2021-04-22 14:24 – 000000000 ____L (Microsoft Company) C:Program FilesMicrosoft OfficeRootOffice16AppVIsvSubsystems64.dll
2021-04-22 14:24 – 2021-04-22 14:24 – 000000000 ____L (Microsoft Company) C:Program FilesMicrosoft OfficeRootOffice16c2r64.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000031744 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqgif.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000040960 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqicns.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000031744 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqico.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000414208 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqjpeg.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000025088 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqsvg.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000025088 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqtga.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000023552 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqwbmp.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000516608 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextimageformatsqwebp.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 001441280 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextplatformsqwindows.dll
2019-08-16 11:49 – 2019-08-16 11:49 – 005999104 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Core.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 006413824 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Gui.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 001141760 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Network.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000339968 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Positioning.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 004143104 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Qml.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 003840000 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Quick.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000332800 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Svg.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000113152 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebChannel.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000349184 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngine.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 080959488 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WebEngineCore.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 005622272 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Widgets.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000463360 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5WinExtras.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 000190464 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5Xml.dll
2019-06-28 17:32 – 2019-06-28 17:32 – 002825216 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQt5XmlPatterns.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000053760 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsprivateqtgraphicaleffectsprivate.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000059392 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtGraphicalEffectsqtgraphicaleffectsplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000017408 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000330752 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000137216 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000090112 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000017920 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll
2019-06-28 17:33 – 2019-06-28 17:33 – 000136192 _____ (The Qt Firm Ltd.) [File not signed] C:Program FilesAMDCNextCNextstylesqwindowsvistastyle.dll

==================== Alternate Information Streams (Whitelisted) ========

==================== Protected Mode (Whitelisted) ==================

(If an entry is included within the fixlist, it will likely be faraway from the registry. The “AlternateShell” will probably be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalaswSP.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => “”=”Service”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkaswSP.sys => “”=”Driver”
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => “”=”Service”

==================== Affiliation (Whitelisted) =================

==================== Web Explorer (Whitelisted) ==========

BHO: Skype for Enterprise Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2021-04-22] (Microsoft Company -> Microsoft Company)
BHO-x32: Skype for Enterprise Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler-x32: mso-minsb-roaming.16 – {83C25742-A9F7-49FB-9138-434302C88D07} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler-x32: mso-minsb.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler-x32: osf-roaming.16 – {42089D2D-912D-4018-9087-2B87803E93FB} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)
Handler-x32: osf.16 – {5504BE45-A83B-4808-900A-3A5C36E7F77A} – C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2021-04-22] (Microsoft Company -> Microsoft Company)

See also  Professional Music Training and Novel Word Learning: From Faster Semantic Encoding to Longer-lasting Word Representations

(If an entry is included within the fixlist, it will likely be faraway from the registry.)

IE trusted web site: HKUS-1-5-21-848354871-4184821791-1569574031-1001…sharepoint.com -> hxxps://<area>-files.sharepoint.com

==================== Hosts content material: =========================

(If wanted Hosts: directive might be included within the fixlist to reset Hosts.)

2020-02-27 04:39 – 2020-02-27 04:37 – 000000824 _____ C:WINDOWSsystem32driversetchosts

==================== Different Areas ===========================

(Presently there isn’t any automated repair for this part.)

HKLMSystemCurrentControlSetControlSession ManagerEnvironmentPath -> C:Program FilesMicrosoft MPIBin;C:Program FilesPython38Scripts;C:Program FilesPython38;%SystemRootpercentsystem32;%SystemRoot%;%SystemRootpercentSystem32Wbem;%SYSTEMROOTpercentSystem32WindowsPowerShellv1.0;%SYSTEMROOTpercentSystem32OpenSSH;C:ApplicationsGitcmd;C:Program Filesdotnet;E:DataApplicationsPutty
HKUS-1-5-21-848354871-4184821791-1569574031-1001Control PanelDesktopWallpaper -> E:wallpaper.jpg
DNS Servers: 192.168.0.254
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Home windows Firewall is enabled.

Community Binding:
=============
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled objects ==

(If an entry is included within the fixlist, it will likely be eliminated.)

HKLM…StartupApprovedStartupFolder: => “Nexon Launcher.lnk”
HKLM…StartupApprovedRun: => “SynTPEnh”
HKLM…StartupApprovedRun: => “WindowsDefender”
HKLM…StartupApprovedRun32: => “APSDaemon”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “OneDrive”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “Discord”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “Steam”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “utweb”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “EpicGamesLauncher”
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “BlueJeans.Detector” <– Fairly positive I uninstalled this.
HKUS-1-5-21-848354871-4184821791-1569574031-1001…StartupApprovedRun: => “Wargaming.net Game Center” <– Fairly positive I uninstalled this.

==================== FirewallRules (Whitelisted) ================

(If an entry is included within the fixlist, it will likely be faraway from the registry. The file won’t be moved until listed individually.)

FirewallRules: [UDP Query User{2EE28565-E589-4038-82F6-8EC0C59FC639}C:applicationsjavajdk-13.0.2binjava.exe] => (Enable) C:applicationsjavajdk-13.0.2binjava.exe
FirewallRules: [TCP Query User{FCA68CCE-2142-4AE5-B285-A0C2465638FE}C:applicationsjavajdk-13.0.2binjava.exe] => (Enable) C:applicationsjavajdk-13.0.2binjava.exe
FirewallRules: [{64F3E5F9-9E68-40E1-8B7E-494134848F96}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [{261DFA3B-1335-491B-A4B5-7C43DD9A2C86}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [UDP Query User{BD18FFC4-0F66-4BDF-801A-CB5D8D552689}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Enable) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [TCP Query User{4C8131B6-3AFC-4023-B6FF-2746F3331299}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Enable) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [{07B1A8F9-63B2-40E8-AAE5-803F3B61E2CF}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [{A5377052-1F80-497D-A784-4FF75DB184BB}] => (Block) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [UDP Query User{0DF99CAE-4D2F-4E8A-8ABD-2C886AFD8D8C}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Enable) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [TCP Query User{47C995C9-2AAD-49DC-9C5C-A3E2E146754D}E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Enable) E:dataapplicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [{3878302A-DC82-41C5-8EC3-73CFF61C2317}] => (Block) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [{3549C5DE-4A72-45B9-B02D-EB36F03F8CBD}] => (Block) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [UDP Query User{FD222444-6096-480B-B533-1FE07DE3BB20}C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe] => (Enable) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [TCP Query User{575B0EF7-442C-4862-BB5C-C3D27323475E}C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe] => (Enable) C:usersMY_USERNAMEdesktopiperfiperf-3.1.3-win64iperf3.exe () [File not signed]
FirewallRules: [{26D5C7B8-16C6-4B82-9D9B-69AA67954853}] => (Block) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{F624EE59-65CE-42CC-B9DA-D3C0392E37D8}] => (Block) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{05049C7A-B292-4842-8B78-79C652ADDF3A}E:dataapplicationsvlcvlc.exe] => (Enable) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{67CE2A99-D333-4D37-983D-6E05860C01BC}E:dataapplicationsvlcvlc.exe] => (Enable) E:dataapplicationsvlcvlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{B8084D65-D663-4BFB-9AA1-5AA77C7D7BD7}] => (Enable) C:Program FilesMicrosoft MPIBinsmpd.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{ED121269-AF53-446F-B429-E66CCCA55780}] => (Enable) C:Program FilesMicrosoft MPIBinsmpd.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{D5D77C9D-BFCA-4F0C-AB28-2B2B18C6DEDB}] => (Enable) C:Program FilesMicrosoft MPIBinmpiexec.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{DF95E454-10C2-427E-8EE7-D18A835E92B1}] => (Enable) C:Program FilesMicrosoft MPIBinmpiexec.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{A6877064-E827-4813-99A0-7AAB62850C58}] => (Enable) C:Program FilesMicrosoft MPIBinmsmpilaunchsvc.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{7F04CDC0-28D8-44A3-BD55-3128E7A66F94}] => (Enable) C:Program FilesMicrosoft MPIBinmsmpilaunchsvc.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{8769222D-41E7-4389-AC25-837ACE6C76B6}] => (Block) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [{259CA0C0-0FD8-4AFB-A1DB-87F9DF2CF0B8}] => (Block) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [UDP Query User{5343DFE6-76FF-447C-92FA-D760DF83F0ED}E:gamesworld_of_tanks_euwin64worldoftanks.exe] => (Enable) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [TCP Query User{C325AA0B-934D-48BE-ABF3-6BB02CA95570}E:gamesworld_of_tanks_euwin64worldoftanks.exe] => (Enable) E:gamesworld_of_tanks_euwin64worldoftanks.exe => No File
FirewallRules: [{65EEC05A-03AB-44BB-BA63-A467167E3BC4}] => (Block) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [{44CE0D85-B7A0-430C-80C3-D0326ED23134}] => (Block) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [UDP Query User{10277247-4A17-4B76-B67B-AA1170D5E22C}E:datagameswargaming.netgamecenterwgc.exe] => (Enable) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [TCP Query User{AB1B1FBA-FE4C-417A-8B0D-A76FFB851AB5}E:datagameswargaming.netgamecenterwgc.exe] => (Enable) E:datagameswargaming.netgamecenterwgc.exe => No File
FirewallRules: [{C5D84E84-2AF4-4E26-8F6C-4B80B5F0460E}] => (Block) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [{81AE5525-2CF9-49C4-BDE8-0CA6E60FFFEA}] => (Block) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [UDP Query User{6FF46F46-E9F6-46CD-9F94-200FC6B76907}C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe] => (Enable) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [TCP Query User{86271907-8EEE-4C92-992F-A0986D096708}C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe] => (Enable) C:usersMY_USERNAMEappdatalocalbluejeanscurrentbluejeans.exe => No File
FirewallRules: [{C775683A-72CC-41F4-91D7-9C206CE7D1FD}] => (Enable) C:UsersMY_USERNAMEAppDataRoamingZoombinairhost.exe => No File
FirewallRules: [{84D67CDD-1F19-42E4-B37C-81826FAD423C}] => (Enable) C:UsersMY_USERNAMEAppDataRoamingZoombinZoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2CF0D115-DB1F-40A8-8778-7B7C075D48CF}] => (Block) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [{D39DA9F1-1A6B-431D-A67C-0AFE4CFD4C4B}] => (Block) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [{C44D05EF-FA3F-4AD2-B5E0-C2ADEE56F413}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [{07AAD894-AAA8-4E11-81F8-5D828BD9C2E5}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [{9D824715-E27F-4EF2-9F10-E86EE94CA4DA}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [UDP Query User{7BBCC27B-5A98-41D3-8828-C7CDF5791217}C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Enable) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [TCP Query User{EEADBBD6-BE63-474C-8EB3-88A040A797FC}C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe] => (Enable) C:applicationsue4epic gamesue_4.24enginebinarieswin64crashreportclienteditor.exe => No File
FirewallRules: [{E98C88E2-492F-4033-A7B4-7F6C493199BF}] => (Block) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [UDP Query User{6D10252A-450B-4589-8AA9-209874EF6E7E}C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Enable) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [TCP Query User{E60A8130-85A9-487A-9583-D42E23C27CB9}C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe] => (Enable) C:applicationsue4epic gamesue_4.24enginebinarieswin64ue4editor.exe => No File
FirewallRules: [UDP Query User{1E02B351-A030-417A-A24E-4C280BACCAA2}C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Enable) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [TCP Query User{2206D692-0992-4137-90BD-BBC2DC1F1919}C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe] => (Enable) C:applicationsue4epic gameslauncherportalbinarieswin64epicgameslauncher.exe (Epic Video games Inc. -> Epic Video games, Inc.)
FirewallRules: [{865ECB0A-3780-4819-B818-667C064CABB1}] => (Enable) C:UsersMY_USERNAMEAppDataRoaminguTorrent Webutweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{C69024C6-3BB3-4B2E-B2CB-38E8FC577E66}] => (Enable) C:UsersMY_USERNAMEAppDataRoaminguTorrent Webutweb.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{67B2F9EE-BA9E-40BE-98E5-48F55CEB0C2D}] => (Enable) C:ApplicationsSteambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Company)
FirewallRules: [{B045E921-D5C6-4D67-A0A9-3F99AD102CF6}] => (Enable) C:ApplicationsSteambincefcef.win7x64steamwebhelper.exe (Valve -> Valve Company)
FirewallRules: [UDP Query User{DD65947A-A4FE-4339-9200-ECDE0D67FB55}C:applicationsminecraftruntimejre-x64binjavaw.exe] => (Enable) C:applicationsminecraftruntimejre-x64binjavaw.exe
FirewallRules: [TCP Query User{233E37B1-B8CF-4497-9560-637BF3F00E56}C:applicationsminecraftruntimejre-x64binjavaw.exe] => (Enable) C:applicationsminecraftruntimejre-x64binjavaw.exe
FirewallRules: [{D9F1672D-20C3-4850-AA68-D81B55ECAF47}] => (Enable) C:ApplicationsSteambincefcef.win7steamwebhelper.exe => No File
FirewallRules: [{8C4ACE0C-3F30-42C4-ACA8-C5DBC3967AF5}] => (Enable) C:ApplicationsSteambincefcef.win7steamwebhelper.exe => No File
FirewallRules: [{AE7AC4F4-C4BB-4CBF-ABE2-14BD46C11600}] => (Enable) C:ApplicationsSteamSteam.exe (Valve -> Valve Company)
FirewallRules: [{794FB143-5ED0-4285-9035-C1F548ACB06E}] => (Enable) C:ApplicationsSteamSteam.exe (Valve -> Valve Company)
FirewallRules: [{D44C0BAA-D246-4720-BE66-795A90E865D0}] => (Block) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7A7682C9-9AAA-44DE-85F8-D1987DEA499D}] => (Block) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{04A167D0-EA2E-41D1-9602-35A64647A1C2}C:usersMY_USERNAMEappdataroamingspotifyspotify.exe] => (Enable) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{42647679-C6F9-454C-8C44-9B36E0B4C503}C:usersMY_USERNAMEappdataroamingspotifyspotify.exe] => (Enable) C:usersMY_USERNAMEappdataroamingspotifyspotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CB39A59-4F45-44FD-A531-28960824B080}] => (Enable) E:Gamesvindictusappdataen-USNMService.exe (NEXON Korea Company. -> Nexon Corp.)
FirewallRules: [{87943F7E-D91A-4BE2-97D6-B3776F8F5B77}] => (Enable) E:Gamesvindictusappdataen-USNMService.exe (NEXON Korea Company. -> Nexon Corp.)
FirewallRules: [TCP Query User{471B03AF-7287-4F04-A4F8-2B6F09C5F839}E:gamesvindictusappdataen-usvindictus.exe] => (Enable) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Company. -> NEXON Corp.)
FirewallRules: [UDP Query User{CB25CE5A-E94C-400D-B32F-888CD0B3BE04}E:gamesvindictusappdataen-usvindictus.exe] => (Enable) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Company. -> NEXON Corp.)
FirewallRules: [{92ECFF2A-C7DE-4E8B-9463-666EBB41D962}] => (Block) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Company. -> NEXON Corp.)
FirewallRules: [{25CE5A37-BED1-4629-932C-4EE3FAEF9D85}] => (Block) E:gamesvindictusappdataen-usvindictus.exe (NEXON Korea Company. -> NEXON Corp.)
FirewallRules: [TCP Query User{D08E138C-8BFA-4E86-A2D4-551EA7FE39B6}C:program filespython38python.exe] => (Block) C:program filespython38python.exe (Python Software program Basis -> Python Software program Basis)
FirewallRules: [UDP Query User{93E3716E-0C97-4857-90F1-3B89820780DC}C:program filespython38python.exe] => (Block) C:program filespython38python.exe (Python Software program Basis -> Python Software program Basis)
FirewallRules: [TCP Query User{96FA858C-6E75-49D5-ACAE-F5197489E4AE}C:program filesrstudiobinrsession.exe] => (Block) C:program filesrstudiobinrsession.exe (RStudio, PBC) [File not signed]
FirewallRules: [UDP Query User{2CFAA424-2DC0-4E96-B07E-CE9D46DAEC5D}C:program filesrstudiobinrsession.exe] => (Block) C:program filesrstudiobinrsession.exe (RStudio, PBC) [File not signed]
FirewallRules: [{238CAE49-10A7-43FB-A031-0CF202CDD742}] => (Enable) C:ApplicationsOpenShot Video Editoropenshot-qt.exe (OpenShot Studios, LLC) [File not signed]
FirewallRules: [TCP Query User{78DA16A9-6F08-42AA-9072-6369BABC2E12}E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe] => (Enable) E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe () [File not signed]
FirewallRules: [UDP Query User{41C5DFF7-F646-4C20-B8D5-0B89D2F94DC0}E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe] => (Enable) E:dataprogrammingcppclothmodellingtestsx64debugclothmodellingtests.exe () [File not signed]
FirewallRules: [{5565C32B-91C5-4B6D-9DD9-9C89B225EE97}] => (Enable) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{9134E10F-4286-4794-A156-8A03678A95A4}] => (Enable) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{B956502A-1752-4A10-AF4F-752064508A81}] => (Enable) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{D1FAB238-3B21-43F5-8051-6A85D28F7F75}] => (Enable) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{ECEB0CE9-98F0-4B9D-864F-5766F04467DE}] => (Enable) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Company -> Microsoft Company)
FirewallRules: [{626E8A1F-D36E-4D67-85C3-9C19DBA9C2F6}] => (Enable) C:Program Information (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{BF0776F5-0F61-452E-9697-DBFAF2A67660}] => (Enable) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software program Sarl -> Skype Applied sciences S.A.)
FirewallRules: [{063853FD-82F3-40E7-BE4C-4F706A08052E}] => (Enable) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software program Sarl -> Skype Applied sciences S.A.)
FirewallRules: [{30A20632-6D86-4F65-8EEC-33600C176A22}] => (Enable) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software program Sarl -> Skype Applied sciences S.A.)
FirewallRules: [{81BC0D4D-9DD2-4123-866F-57102AC4ABDE}] => (Enable) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software program Sarl -> Skype Applied sciences S.A.)

==================== Restore Factors =========================

ATTENTION: System Restore is disabled (Complete:110.73 GB) (Free:18.25 GB) (16%)

==================== Defective Gadget Supervisor Gadgets ============

==================== Occasion log errors: ========================

Utility errors:
==================
Error: (04/23/2021 03:10:57 PM) (Supply: Microsoft-Home windows-Defrag) (EventID: 264) (Consumer: )
Description: The storage optimizer could not full retrim on (E:) as a result of: The operation requested is just not supported by the {hardware} backing the quantity. (0x8900002A)

Error: (04/23/2021 02:51:34 PM) (Supply: Microsoft-Home windows-Defrag) (EventID: 264) (Consumer: )
Description: The storage optimizer could not full retrim on System Reserved (D:) as a result of: The operation requested is just not supported by the {hardware} backing the quantity. (0x8900002A)

Error: (04/23/2021 02:04:09 PM) (Supply: Microsoft-Home windows-Defrag) (EventID: 264) (Consumer: )
Description: The storage optimizer could not full retrim on System Reserved (D:) as a result of: The operation requested is just not supported by the {hardware} backing the quantity. (0x8900002A)

Error: (04/19/2021 05:34:01 PM) (Supply: VSS) (EventID: 8193) (Consumer: )
Description: Quantity Shadow Copy Service error: Surprising error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/19/2021 05:34:01 PM) (Supply: VSS) (EventID: 13) (Consumer: )
Description: Quantity Shadow Copy Service data: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and title CEventSystem can’t be began. [0x8007045b, A system shutdown is in progress.
]

Error: (04/19/2021 05:34:01 PM) (Supply: VSS) (EventID: 8193) (Consumer: )
Description: Quantity Shadow Copy Service error: Surprising error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/19/2021 05:34:01 PM) (Supply: VSS) (EventID: 13) (Consumer: )
Description: Quantity Shadow Copy Service data: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and title CEventSystem can’t be began. [0x8007045b, A system shutdown is in progress.
]

Error: (04/19/2021 03:31:16 PM) (Supply: Utility Error) (EventID: 1000) (Consumer: )
Description: Faulting utility title: SnippingTool.exe, model: 10.0.19041.746, time stamp: 0xeb13aef9
Faulting module title: ntdll.dll, model: 10.0.19041.844, time stamp: 0x60a6ca36
Exception code: 0xc0000409
Fault offset: 0x000000000008c57f
Faulting course of id: 0x20d4
Faulting utility begin time: 0x01d7352045ab3d37
Faulting utility path: C:WINDOWSsystem32SnippingTool.exe
Faulting module path: C:WINDOWSSYSTEM32ntdll.dll
Report Id: 83b89f64-8144-40ca-bde7-9375b79e18bc
Faulting package deal full title:
Faulting package-relative utility ID:

System errors:
=============
Error: (04/25/2021 12:47:12 PM) (Supply: DCOM) (EventID: 10005) (Consumer: NT AUTHORITY)
Description: DCOM bought error “1115” trying to begin the service wuauserv with arguments “Unavailable” so as to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Supply: DCOM) (EventID: 10005) (Consumer: NT AUTHORITY)
Description: DCOM bought error “1115” trying to begin the service wuauserv with arguments “Unavailable” so as to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Supply: DCOM) (EventID: 10005) (Consumer: NT AUTHORITY)
Description: DCOM bought error “1115” trying to begin the service wuauserv with arguments “Unavailable” so as to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Supply: DCOM) (EventID: 10005) (Consumer: NT AUTHORITY)
Description: DCOM bought error “1115” trying to begin the service wuauserv with arguments “Unavailable” so as to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Supply: DCOM) (EventID: 10005) (Consumer: NT AUTHORITY)
Description: DCOM bought error “1115” trying to begin the service wuauserv with arguments “Unavailable” so as to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Supply: DCOM) (EventID: 10005) (Consumer: NT AUTHORITY)
Description: DCOM bought error “1115” trying to begin the service wuauserv with arguments “Unavailable” so as to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:11 PM) (Supply: DCOM) (EventID: 10005) (Consumer: NT AUTHORITY)
Description: DCOM bought error “1115” trying to begin the service wuauserv with arguments “Unavailable” so as to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (04/25/2021 12:47:01 PM) (Supply: DCOM) (EventID: 10010) (Consumer: DESKTOP-F8Q1L6N)
Description: The server Microsoft.Home windows.ContentDeliveryManager_10.0.19041.423_neutral_neutral_cw5n1h2txyewy!App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca didn’t register with DCOM inside the required timeout.

Home windows Defender:
================
Date: 2021-04-25 03:54:49
Description:
Microsoft Defender Antivirus scan has been stopped earlier than completion.
Scan Kind: Antimalware
Scan Parameters: Fast Scan

Date: 2021-04-25 03:54:42
Description:
Microsoft Defender Antivirus has detected malware or different probably undesirable software program.
For extra data please see the next:
https://go.microsoft.com/fwlink/?linkid=37020&name=Adware:Win32/Zdengo&threatid=242576&enterprise=0
Title: Adware:Win32/Zdengo
Severity: Excessive
Class: Adware
Path: file:_E:DataApplicationskeygen.exe
Detection Origin: Native machine
Detection Kind: Concrete
Detection Supply: Consumer
Course of Title: Unknown
Safety intelligence Model: AV: 1.335.1598.0, AS: 1.335.1598.0, NIS: 1.335.1598.0
Engine Model: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-25 03:54:42
Description:
Microsoft Defender Antivirus has detected malware or different probably undesirable software program.
For extra data please see the next:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/ProductKey.G!MSR&threatid=2147765679&enterprise=0
Title: HackTool:Win64/ProductKey.G!MSR
Severity: Excessive
Class: Instrument
Path: containerfile:_E:DataApplicationsprodukey-x64.zip; file:_E:DataApplicationsprodukey-x64.zip->ProduKey.exe
Detection Origin: Native machine
Detection Kind: Concrete
Detection Supply: Consumer
Course of Title: Unknown
Safety intelligence Model: AV: 1.335.1598.0, AS: 1.335.1598.0, NIS: 1.335.1598.0
Engine Model: AM: 1.1.18000.5, NIS: 1.1.18000.5

Date: 2021-04-24 23:34:33
Description:
Microsoft Defender Antivirus scan has been stopped earlier than completion.
Scan Kind: Antimalware
Scan Parameters: Full Scan

CodeIntegrity:
===============
Date: 2021-04-25 18:32:17
Description:
Code Integrity decided {that a} course of (DeviceHarddiskVolume2Program Information (x86)GoogleChromeApplicationchrome.exe) tried to load DeviceHarddiskVolume2Programsaswhook.dll that didn’t meet the Microsoft signing degree necessities.

Date: 2021-04-25 18:02:16
Description:
Code Integrity decided {that a} course of (DeviceHarddiskVolume2WindowsSystem32SecurityHealthService.exe) tried to load DeviceHarddiskVolume2ProgramsaswAMSI.dll that didn’t meet the Home windows signing degree necessities.

==================== Reminiscence information ===========================

BIOS: American Megatrends Inc. 1106 07/27/2012
Motherboard: ASUSTeK COMPUTER INC. P8Z77-V LX
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Share of reminiscence in use: 50%
Complete bodily RAM: 16336.51 MB
Out there bodily RAM: 8117.01 MB
Complete Digital: 26576.51 MB
Out there Digital: 11965.5 MB

==================== Drives ================================

Drive c: () (Mounted) (Complete:110.73 GB) (Free:18.25 GB) NTFS
Drive d: (System Reserved) (Mounted) (Complete:0.1 GB) (Free:0.08 GB) NTFS
Drive e: () (Mounted) (Complete:931.41 GB) (Free:216.37 GB) NTFS

?Quantity{dc54e5ad-0000-0000-0000-100000000000} (System Reserved) (Mounted) (Complete:0.1 GB) (Free:0.06 GB) NTFS
?Quantity{dc54e5ad-0000-0000-0000-30b51b000000} () (Mounted) (Complete:0.52 GB) (Free:0.08 GB) NTFS
?Quantity{dc54e5ad-0000-0000-0000-60d61b000000} () (Mounted) (Complete:0.44 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Desk ====================

==========================================================
Disk: 0 (MBR Code: Home windows 7/8/10) (Measurement: 111.8 GB) (Disk ID: DC54E5AD)
Partition 1: (Energetic) – (Measurement=100 MB) – (Kind=07 NTFS)
Partition 2: (Not Energetic) – (Measurement=110.7 GB) – (Kind=07 NTFS)
Partition 3: (Not Energetic) – (Measurement=530 MB) – (Kind=27)
Partition 4: (Not Energetic) – (Measurement=450 MB) – (Kind=27)

==========================================================
Disk: 1 (MBR Code: Home windows 7/8/10) (Measurement: 931.5 GB) (Disk ID: 6E78F4AA)
Partition 1: (Energetic) – (Measurement=100 MB) – (Kind=07 NTFS)
Partition 2: (Not Energetic) – (Measurement=931.4 GB) – (Kind=07 NTFS)

==================== Finish of Addition.txt =======================

It would simply have been a false constructive, who is aware of, nevertheless it did appear actually suspicious. I might actually respect any assist relating to this, as I’m apprehensive that my PC might need gotten contaminated.
Thanks very a lot!

Connected Information

  • Attached File
     FRST_1.txt   

    42.95KB

      

    0 downloads

  • Attached File
     Addition.txt   

    59.78KB

      

    0 downloads

Edited by Devvy, 25 April 2021 – 12:42 PM.

Leave a Reply

Your email address will not be published.